Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

## Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th March, 2018
52980 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

• From Windows 10/8 Task Manager (CTRL+SHIFT+ESC → Startup): Name, Command (Note - right-click on any column heading and ensure "Command" is ticked)
• From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
• From Registry Editor (Start → Run → regedit): Name, Data
• From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
• From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
• O4 entries from HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
• Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

3007 results found for C

Startup Item or Name Status Command or Data Description Tested
(Default)Xc ofor Rin logr.exeDetected by Microsoft as TrojanSpy:MSIL/Smets.gen!B and by Malwarebytes as Trojan.Keylogger. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
Windows DefenderXC++.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
autoautoXc.batDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
0Xc.exeDetected by Malwarebytes as Trojan.Agent.DGGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
YNO00BFRKMXc.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
WindowsUpdateXC.vbeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %UserProfile%\NGTMDNo
c.vbsXc.vbsDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
C0100Mon.exe?C0100Mon.exeLive! Cam Console Auto Launcher for the Creative Live! Cam range of webcams. Launches the camera console when using video messaging for example?No
C0NIMEXC0NIME.exeDetected by Dr.Web as Trojan.PWS.Qqpass.8524 and by Malwarebytes as Trojan.Agent. Note the number "0" in both the name and filenameNo
c0nime.exeXc0nime.exeDetected by Dr.Web as Trojan.DownLoader5.31944. Note the number "0" in both the name and filenameNo
h1b8Xc20t.exeDetected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %Temp%No
C29.exeXC29.exeDetected by Sophos as Troj/Agent-UAJNo
C2CMonitorNC2CMonitor.exeClick to Convert from Inzone Software Limited - a PDF and HTML document converter for Windows documentsNo
C2C_Skype.exeXC2C_Skype.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
C2CSkypeXC2C_Skype.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\MicrosoftNo
C3Uc3.exeC3 in-game voice chatting software - "Built by gamers, for gamers, C3 provides voice services for players of all skill levels"No
c32cs2Uc32cs2.exeOlder version of CyberSentinel parental control softwareNo
CS32Uc32cs2.exeOlder version of CyberSentinel parental control softwareNo
Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from KWorld Multimedia/XTREME Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
TV Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from V-Stream Multimedia/Jetway/Mentor/MTEK based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
TV Uzaktan KumandasıUC7XRCtl.exeRemote control support for TV tuner cards from INCA Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoder. TurkishNo
TV878 Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from V-Stream Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
Roblox.exeXC8TaW.exeDetected by Malwarebytes as Backdoor.Bladabindi. The file is located in %AppData%No
AtherosMdSrvUpdateXc9fiq86o4.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %LocalAppData%\AtherosNo
cXc:\archiv~1\win.comDetected by Symantec as Trojan.CuydocNo
Zone Labs ClientYca.exeEarlier version of EZ Firewall (based upon a rebranded version of ZoneAlarm Pro) - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
EZ FirewallYca.exeEZ Firewall - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
caaspydelayedscanYCAAntiSpyware.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Runs a delayed scan on the first boot after installation before exitingYes
CaPPclUCAAntiSpyware.exePart of CA Anti-Spyware (either as a stand-alone product or as part of a suite). Runs a scan for spyware on startupNo
Microsoft Cab ManagerXcab.exeDetected by Sophos as Troj/Delf-JJNo
cabcbfdbeffbfcgfdgfdgdfgXcabcbfdbeffbfcgfdgfdgdfg.exeDetected by McAfee as RDN/Generic PWS.y!sc and by Malwarebytes as Trojan.Agent.RNDNo
CabchkXCabchk.exeDetected by Symantec as Trojan.GemaNo
Cabchk32XCabchk32.exeDetected by Symantec as Trojan.GemaNo
CABCInstallXCABCInstall.exeIgnite Technologies (was CABC) content delivery softwareNo
cacaowebNcacaoweb.exe"Cacaoweb is a free plugin to watch, share and host videos and files online with no limits"No
Automatic Media UpdateXCACHE.RVDAdded by unidentified malware. The file is located in %System%No
HKCUXcache1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\navigate - see hereNo
dnscacheXcache1.exeDetected by Malwarebytes as Backdoor.Agent.HKP. The file is located in %AppData%\navigate - see hereNo
loadXcache1.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cache1.exe" (which is located in %AppData%\navigate) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same file, see hereNo
HKLMXcache1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\navigate - see hereNo
ShellXcacheexpress.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "cacheexpress.exe" (which is located in %UserTemp%\cacheexpress)No
CachemanNCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-upNo
CacheMgrYCacheMgr.exePart of the Remote Update utility for older versions of Sophos antivirus products which provided an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
StubPathXcachemgr.exeDetected by Microsoft as Backdoor:Win32/Bifrose.IQNo
SystemeXcachereg.exeDetected by Dr.Web as Trojan.Siggen4.1693 and by Malwarebytes as Backdoor.Agent.STMGenNo
CacheSentry ProUCacheSentry Pro.exeCacheSentry Pro by EnigmaticSoftware - "is a program that takes over the management of the Internet Explorer (and AOL) web browser cache." No longer supportedNo
CACStarterNcacstart.exeCash A Check - check writing softwareNo
com.codeode.cactusspamfilterUcactusspamfilter.exe"Cactus Spam Filter is a free easy-to-use spam blocker. It protects your inbox by learning to detect spam as it's being used. After a short while it has adapted to your personal mailbox and blocks out most of the junk e-mail. Since the filter becomes personal, spammers will not be able to fool it"No
Cad ComponentsXCad Components.exeDetected by Dr.Web as Win32.HLLW.Phorpiex.131 and by Malwarebytes as Backdoor.Agent.DCNo
CafeStationUCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"No
CA Personal FirewallUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
cafwUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
cafwcUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
CAgentNCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
ABBYY Community AgentNCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
ClearAllHistoryUcah.exe"Clear All History is an easy-to-use privacy tool that deletes Internet tracks such as browsing history, cache, cookies, autocomplete, search history, download history as well as history files from a variety programs such as Windows Media Player history, Microsoft Office programs, Google Desktop, Skype, Google Toolbar, Yahoo Toolbar and MSN Toolbar to help keep your Internet and computer activities private"No
CahootWebcardNCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when neededNo
CaiXCai.exeDetected by Malwarebytes as Spyware.Password. The file is located in %LocalAppData%No
CaISSDTUcaissdt.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product informationYes
Computer Associates Dashboard TrayUcaissdt.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product informationYes
CAIXA.exeXCAIXA.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonFiles%No
DlDir1XcaKeDetected by Symantec as W32.HLLW.CakeNo
Dir1XcaKeDetected by Symantec as W32.HLLW.CakeNo
HKCUXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
Java Platform SE Auto UpdaterXcalc.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\system32No
gpresult.exeXcalc.exeDetected by Malwarebytes as Trojan.Agent.GPGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\EmweNo
EssancialXcalc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\calcNo
Windows DefenderXcalc.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\system32No
calcXcalc.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\CalculadoraNo
TibiabotXcalc.exeDetected by McAfee as BackDoor-CEP!ic. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%No
loadXcalc.exeDetected by Malwarebytes as Backdoor.XTRat.Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
PoliciesXcalc.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\addinsNo
PoliciesXcalc.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\CalculadoraNo
DEBUGGERXcalc.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\addinsNo
internet.exeXcalc.exeDetected by McAfee as RDN/Generic.bfr!hd and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\regsidtNo
HKLMXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
Microsoft CalculatorXcalc.exeAdded by a variant of W32.IRCBot. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%No
MicrosoftXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
Windows ConfigurationXcalc.exeDetected by Malwarebytes as Backdoor.NgrBot. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %MyDocuments%No
ScanRegistryXcalc.vbsDetected by Sophos as VBS/Cod-BNo
CALC32XCALC32.EXEDetected by Sophos as W32/Spybot-ECNo
calc5.exeXcalc5.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
calc5.exeXcalc5.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
Photo Express Calendar CheckerNcalcheck.exeUlead Photo Express 2 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Photo Express Calendar Checker SENCALCHECK.EXEUlead Photo Express 2 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
PhotoExplosionCalCheckUcalcheck.exeCalendar management feature of Nova Development's Photo ExplosionNo
Verificador de Calendário Ulead Photo ExpressNCalCheck.exeUlead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually. Portuguese versionNo
Ulead Calendar CheckerNCalCheck.exeUlead Photo Express 6 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 3.0 SE Calendar CheckerNCalCheck.exeUlead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 4.0 Calendar CheckerNcalcheck.exeUlead Photo Express 4.0 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 4.0 SE Calendar CheckerNCalCheck.exeUlead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express Calendar CheckerNcalcheck.exeUlead (now Corel) Photo Express 3.0, 4.0, 5 SE and My Scrapbook 2.0 include the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express Calendar Checker For My Custom EditionNCalCheck.exeUlead Photo Express 4.0 My Custom Edition (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express SE Calendar CheckerNCalCheck.exeUlead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
CalcXCalcplugin.exeDetected by Malwarebytes as Trojan.Agent.MPLGen. The file is located in %AppData%\MicrosoftNo
HKCUXcalculator.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\LumiaNo
CalculatorXCalculator.exeDetected by Malwarebytes as MSIL.LockScreen. The file is located in %AppData%No
PoliciesXcalculator.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\LumiaNo
HKLMXcalculator.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\LumiaNo
CalendarUCalendar.exeThis entry can be added by PlainSight Desktop Calendar and older versions of Desktop iCalendar from Desksware and the older Calendar 200X - which is no longer supported by or available from the authorYes
Calendar 200X ReminderNcalendar.exePart of Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. Displays reminders for holidays, anniversaries, tasks, etc. Disabling this entry via the program also disables the "Calendar 200X Monitor" entryYes
Desktop iCalendarUCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
PlainSight Desktop CalendarUCalendar.exePlainSight Desktop Calendar by Desksware - "It can display Microsoft® Outlook® data, which you can directly manipulate, and weather forecasts from weather information servers. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
iCalendarUCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
MicrosoftsXCalender.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\RegistriesNo
Logo Calibration LoaderUCalibrationLoader.exeEye-One Match (or i1Match) monitor calibration software for use with professional imaging tools such as the X-Rite (was GretagMacbeth) Eye-One Display LT and iDisplay 2 or the Pantone Eye-One Display 2No
CalibrizeResumeNCalibrizeResume.exeCalibrize is free software that helps you to calibrate the colors of your monitor in three simple steps. Just download the software and follow the procedure to generate a reliable color 'profile' and adjust the colors of your monitor automatically"No
calkXcalk.exeDetected by Sophos as Troj/StartPa-FHNo
calkypamcyfxXcalkypamcyfx.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Call32XCall32.exeDetected by Sophos as Troj/Spammit-HNo
AppCallBurnerNcallburner.exeCallBurner by Netralia Pty Ltd - "captures Skype audio crystal clear to MP3. Ideal for podcasters"No
Logitech CallCentralUCallCentral.exeLogitech CallCentral software included with the Logitech QuickCall USB Speakerphone, with which "people can choose which communications applications to use with the phone's controls"No
Active CallerIDUCallerID.exeActive Caller ID from SoftRM - "is a powerful full-featured Caller ID detection software that will turn your PC into an advanced Caller ID device. It uses your MODEM and Caller ID service provided by your local phone company in order to identify who's calling"No
msenngerXcalling.comDetected by Sophos as Troj/Zapchas-EB and by Malwarebytes as Backdoor.IRCBotNo
PolderbitS Call RecorderNCallRecorder32.exePolderbitS Call Recorder from PolderbitS Software - "can record from programs like Skype, VoipBuster, VoipStunt, Google Talk, Yahoo Messenger, Windows Live Messenger, Office Communicator, Lync 2010 and more. It can do automatic recording in the background. Then save recordings as wav or mp3 sound files, either mixed-mono or dual channel stereo." No longer availableYes
PolderbitS Call RecorderNCallRecorder64.exePolderbitS Call Recorder from PolderbitS Software - "can record from programs like Skype, VoipBuster, VoipStunt, Google Talk, Yahoo Messenger, Windows Live Messenger, Office Communicator, Lync 2010 and more. It can do automatic recording in the background. Then save recordings as wav or mp3 sound files, either mixed-mono or dual channel stereo." No longer availableYes
Calendar Monitor?calmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
calmonitor?calmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
Calendar 200X Monitor?calmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this oneYes
calmonitor?calmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this oneYes
Calnique Popup StopUcalniquepopstop.exePopup stopper extra for the Calnique Custom Calculator from Speciality Calendars. No longer available from the publisherNo
caluruviqwalXcaluruviqwal.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see hereNo
camXcam.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Cam.exeXCam.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %UserTemp%No
Generic Host ProcessXcamacttiv.exeDetected by AVG as the CIADOOR.13 TROJAN!No
Camaro CalendarUCamaro Calendar.exeCalendar gadget included with the Camaro theme for MyColors from Stardock CorporationNo
Camaro ClockUCamaro Clock.exeClock gadget included with the Camaro theme for MyColors from Stardock CorporationNo
Camaro WeatherUCamaro Weather.exeWeather gadget included with the Camaro theme for MyColors from Stardock CorporationNo
camchatXcamchatplugin.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %AppData%\camchatpluginNo
CamCheckNCamCheck.exeNuCam camera software relatedNo
Camera DetectorUCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
Camera DetectorUCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
CamenoUCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and above. No longer availableNo
CameraApplicationLauncher?CameraApplicationLaunchpadLauncher.exeSupports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?No
Logitech QuickCamUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
LogitechCameraAssistantUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
CameraAssistantUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
camerapanicXcamerapanic.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %LocalAppData%\nexusloggerNo
camfrogXcamfrog.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate Camfrog video chat software by Camshare Inc. The file is located in %System%\MSDCSCNo
CamfrogNCamfrogNet.exe Camfrog Video Chat.exeCamfrog video chat software by Camshare IncNo
HerculesCamService?CamService.exeRelated to the Hercules Dualpix HD Webcam. What does it do and is it required?No
Creative WebCam TrayNCamTray.exeCreative WebCam tray control - can be started manuallyNo
CamWizardYCamWizard.exeLaunches the Logitech Camera Wizard on the first reboot after installing versions of Logitech QuickCam webcam softwareNo
CamWizardYCamWizrd.exeLaunches the Logitech Camera Wizard on the first reboot after installing versions of Logitech QuickCam webcam softwareYes
cam_server.exeXcam_server.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cam_server.exeXcam_server.exeDetected by Dr.Web as Trojan.MulDrop2.48031 and by Malwarebytes as Backdoor.Agent.CMS. The file is located in %System%\sysfiles\serverNo
CanadaNCanada.exeKnown to be a dialer - but is it maliscous or clean?No
CanaryUcanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!No
Candy Crush Saga.exeXCandy Crush Saga.exeDetected by Dr.Web as Trojan.Siggen6.20465 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CandyClockUCandyClock.exeCandy Clock by Gallicrow Software Limited - "is a colourful and highly configurable desktop clock program. The background of the clock can be set to use a picture file, many graphics formats are supported including animated gifs"No
Candycrush_MODS.exeXCandycrush_MODS.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
candynaXcandyna.exeDetected by Malwarebytes as Trojan.Clicker.Gen. The file is located in %UserProfile%\My MyPersonalStuffNo
CANoeUCANoe32.exeCANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systemsNo
ICompXpSpXCap.exeDetected by Sophos as Troj/Bancos-BLW and by Malwarebytes as Trojan.BankerNo
cap.txtXcap.txtDetected by McAfee as RDN/Generic Downloader.x!il and by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CAP3ON?CAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?No
Capture Express 2000NCAPEXP.EXECapture Express - screen capture utilityNo
CA Personal FirewallYcapfasem.exeRuns the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)Yes
capfasemYcapfasem.exeRuns the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)Yes
CapFaxNCapFax.EXEClassic PhoneTools "makes it possible for you to email, fax, telephone and receive voice messages on your PC from a single, efficient interface"No
CA Personal Firewall?capfupgrade.exeInstalled with CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to runYes
capfupgrade?capfupgrade.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to runYes
CAPingUCAPing.exeCitibank Citianywhere softwareNo
Intel(R) Common User InterfaceXcapiws.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.Agent.ICUNo
ShellXcapiws.exe,explorer.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "capiws.exe" (which is located in %AppData%\Microsoft)No
Canon PC1200 iC D600 iR1200G Status Window?CAPM1LAK.EXECanon printer related - is it required in startup?No
CaponYCapon.exeCanon printer driverNo
CaponYCaponn.exeCanon printer driverNo
CAPOSDUCAPOSD.exeCaps-Lock indicator as typically pre-installed on many of Lenovo machines which will quickly show an on-screen indication if the keyboard's Caps-Lock key is depressed and activeNo
CappUcapp.exeDetected by Malwarebytes as PUP.CNNIC. The file is located in %System%No
CA Anti-SpywareYCAPPActiveProtection.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle themYes
CAPPActiveProtectionYCAPPActiveProtection.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle themYes
Winxp updateXcAppp.exeDetected by Trend Micro as WORM_RBOT.DKONo
CapsHookUCapsHook.exeCaps Lock and Num Lock on-screen notifier for ASUS laptops and netbooks that don't have the equivalent LEDsNo
CapsLKNotifyUCapsLKNotify.exeDialog box that notifies the user when "Caps Lock" has been pressed on some Dell computersNo
captureXcapture.exeDetected by Sophos as Troj/Theef-BNo
CaptureBatNCapture.exe!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"No
CaptureAssistantUCaptureAssistant.exeCapture Assistant "is a convenient and easy-to-use text and graphics capture tool". It allows you to capture text, font information, graphics, etcYes
CarboniteSetupLite?CarbonitePreinstaller.exeRelated to the installation of Carbonite backup softwareNo
Carbonite BackupNCarboniteUI.exe"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"No
CardOS API?cardoscp.exeRelated to the CardOS smart card operating system by Atos (formerly part of Siemens) - which "offers powerful integration software for the use of CardOS smart cards and security tokens in a variety of standard applications." Used in many electronic cards for health and identity documents worldwideNo
CardReaderMonitorNCardReaderMonitor.exeCard reader monitor for on-board or standalone products based upon Realtek chipsets. Monitors whether a card has been inserted and if it doesn't start automatically when you insert the smart card, start it manuallyNo
Sound DriverXcardriver.exeDetected by Sophos as Troj/Agent-APJN and by Malwarebytes as Trojan.Agent.MXTNo
SoftK56 Modem DriverUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
carpservUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
CARPserviceUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
CARPserverXCARPserver.exeDetected by Sophos as Troj/Banker-AN and by Malwarebytes as Trojan.Agent.ENo
TaskListXcartao.exeDetected by Kaspersky as Trojan-Banker.Win32.Bancos.yr. The file is located in %System%No
cartaoXcartao.exeDetected by Sophos as Troj/Banker-FANo
Cas2StubXcas2stub.exeAdded by a variant of Adware.CasinoClient. The file is located in %ProgramFiles%\Cas2StubNo
Comodo AntiSpamYCAS32.exeSystem Tray access to, and notifications for the now discontinued Comodo AntiSpam from Comodo Group, Inc - "client-based software product that eliminates spam forever from the computer's email system"No
Harmony 98 - CasioOrgUCasAgnt.exeEnterprise Harmony 98 for Casio PDAs - synchronization software for use with Microsoft Outlook 97/98/2000No
XTNDConnect PC - CasioOrgUCasAgnt.exeCasio Pocket PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
CasAgntUCasAgnt.exeSynchronization software for Casio PDAs and Pocket PCs by Extended SystemsNo
CA Security SuiteUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
cctrayUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
cascUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
CAS ClientXcasclient.exeDetected by Symantec as Adware.CasinoClientNo
SettingValueXcasd.exeDetected by Sophos as W32/Sdbot-PG and by Malwarebytes as Backdoor.SDBotNo
caseyvideo[*] [* = digit]Xcaseyvideo[*].exe [* = digit]Malware causing adult content popupsNo
Cashsurfers Cashbar NavigatorNCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"No
CashFiestaXCashfiesta.exeDetected by Trend Micro as ADW_CASHFIESTA.ANo
casrcssb.exe%UserTemp\casrcssb.exeXcasrcssb.exeDetected by Malwarebytes as Trojan.CCProxy. The file is located in %UserTemp%No
CassandraXCASSANDRA.EXESuperSpider hijacker - a CoolWebSearch parasite variant. Also detected by Total Defense as a variant of the Krepper trojanNo
winservitXcassl.exeDetected by Trend Micro as WORM_RBOT.ASGNo
CasStubXcasstub.exeDetected by Sophos as Troj/Cass-ANo
DiskstartXcat.exeStartportal - Switch dialer and hijacker variant, see here. Also detected by Sophos as Troj/Delf-JENo
DNSPROVIDEXCatalystLoader.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.MNRNo
CatchCodeXCatchCode.exeCatchCode rogue security software - not recommended, removal instructions hereNo
Quick Heal AntiVirusYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Quick Heal On-Line ProtectionYCateye.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying"No
On-Line ProtectionYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
CATEYEYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
ccube_TrustListYcatl_001.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite) and runs only once on the first boot after installation is complete before exitingYes
catrootXcatrootsz.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent.KRNo
DeviiderXcatsdisc.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
catsrvXcatsrv.exeAdded by an unidentified TROJAN - see hereNo
catxmlXcatxml.exeDetected by Total Defense as Backdoor.Win32.Agent.ce. The file is located in %Windir%\tasksNo
cAudioFilterAgentUcAudioFilterAgent.exePart of the device driver for OEM integrated Conexant HD audio chipsetsNo
cAudioFilterAgentUcAudioFilterAgent64.exePart of the device driver for OEM integrated Conexant HD audio chipsetsNo
cAudioFilterAgentUCAudioFilterAgentXP.exePart of the device driver for OEM integrated Conexant HD audio chipsetsNo
cAudioFilterAgentUCAudioFilterAgentXP64.exePart of the device driver for OEM integrated Conexant HD audio chipsetsNo
cause_structureXcause-behave.exeDetected by Sophos as Troj/Agent-ALOP and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-grow.exeDetected by Sophos as Troj/MSIL-BSV and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-push.exeDetected by Sophos as Troj/Trustez-S and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-were.exeDetected by Sophos as Troj/Mdrop-GNO and by Malwarebytes as Backdoor.Agent.STLNo
cauurifXcauurif.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
Norton Live UpdaterXCavapsvc.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
CA Anti-VirusYCAVRID.exeReal-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download themYes
CAVRIDYCAVRID.exeReal-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download themYes
CAVSYCAVS.exeCheyenne AntiVirus - acquired by CA and no longer availableNo
CyberScrub AutoUpdateYCAVSch.exeAutomatic updates for CyberScrub AntiVirus - which licensed Kaspersky Anti-Virus Lite. No longer supported or available from the authorNo
CaAvTrayYCAVTray.exeSystem Tray access to earlier versions of the CA antivirus products - including EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo!No
CAZNOVASXCAZNOVAS.exeDetected by Symantec as Backdoor.CaznoNo
ccube_Install_LockYcazz_001.exeInstalled with security products from CA and runs only once on the first boot after installation is complete before exitingYes
AdobeReaderProXcbdzfrsl.exeDetected by Kaspersky as Backdoor.Win32.Rbot.azq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
SystemXcber.exeDetected by Trend Micro as TROJ_DLOADER.NXNo
cbInterfaceUcbInterface.exeSystem Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP/2K/NT). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredNo
Cobian BackupUcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 10 InterfaceUcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 8 interfaceUcbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 9 interfaceUcbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup AmanitaUcbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup Black MoonUcbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
exkatajXcbkdkiw.exeDetected by Sophos as W32/Fanbot-FNo
CallBumpingYcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter by Bewan Systems. Required if you use it but now discontinued since Pace acquired BewanNo
Microsoft System Restore ConfigurationXCBRSS.EXEDetected by Malwarebytes as Backdoor.Agent.MSUGen. The file is located in %System%No
KingSoft PowerWord PENCBTray.exeOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
CBWAttnUCBWEXEC.EXE /Run CBWATTN.EXEPart of the Cheyenne/Simply Bitware free messaging software that "transforms your computer into a complete communications center." Required to answer incoming faxes but can cause sleep mode problems. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
CBWHostUCBWEXEC.EXE /Run CBWHOST.EXEPart of the Cheyenne/Simply Bitware free messaging software that "transforms your computer into a complete communications center." Required to answer incoming faxes but can cause sleep mode problems. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
TaskmanXcbzvl.exeDetected by Trend Micro as TROJ_RIMECUD.ASH and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "cbzvl.exe" (which is located in %UserProfile%)No
SQConfigCheckerXcc.exeXupiter SQWire toolbar related. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
WocatXcc3250mtp.exeDetected by Dr.Web as Trojan.Carberp.1211 and by Malwarebytes as Trojan.Agent.ENo
Clean Access AgentNCCAAgent.exeCisco Clean Access Agent from Cisco Systems, IncNo
ccagent.exeXccagent.exeControl Center and Control Components rogue security software - not recommended, removal instructions here and hereNo
Core Process AplicationXccapl.exeDetected by Kaspersky as Backdoor.Win32.Rbot.gen. The file is located in %System%\ComNo
Core Process Aplication x16Xccapl16.exeDetected by Trend Micro as WORM_SPYBOT.AFTNo
Core Process Aplication x32Xccapl32.exeDetected by Kaspersky as Trojan-Dropper.Win32.Sramler.e. The file is located in %System%\ComNo
ccAppYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
ccApp.exeXccApp.exeDetected by Sophos as W32/Rbot-HJ. Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%No
SymantecXccapp.exeDetected by Symantec as W32.Reatle@mm. Note - this is not a Symantec fileNo
Common ClientYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
Symantec Security TechnologiesYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
System Process UninstallXccapp.exeSystemProcess adware. Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%No
Norton Auto-ProtectXccApp.exeDetected by Symantec as W32.Ahker.D@mm. Note - for the valid Norton AV entry the filename is "navapexe" and this is also not the valid Norton AV file with the same filenameNo
Client and Host Security PlatformYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
Antivirus Protection ServicesXccapp2.exeDetected by Total Defense as Win32.Rbot.EXI. The file is located in %System%No
Symantec Configuration LoaderXccApp32.exeDetected by Sophos as W32/Agobot-EENo
ServicesLogXccapp32.exeDetected by Sophos as W32/Rbot-AMXNo
HP DesktopXccappms.exeDetected by Sophos as W32/Sdbot-TGNo
ccAppsXccApps.exeDetected by Sophos as W32/Kangaroo-BNo
SymRunXccApps.exeDetected by Sophos as Troj/Kagen-ANo
blah serviceXccapps32.exeDetected by Trend Micro as WORM_RBOT.TVNo
ccaqwesadaa.exeXccaqwesadaa.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
6331905XCCAV.exeDetected by Dr.Web as Worm.Siggen.1163No
ccavYccavsrv.exePart of COMODO Cloud Antivirus - which "uses a powerful combination of virus monitoring, auto-sandbox and behavior analysis technologies to immediately protect your computer from all known and unknown malware"Yes
ccdbefddcfeaebXccdbefddcfeaeb.exeDetected by Malwarebytes as Trojan.Agent.NV. The file is located in %AppData%\cc60db38-3ef1-4d24-8d95-c429fe359aeb79No
Adobe CSS5.1 ManagerXccdbefddcfeaebad.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\{GUID}No
ccdbefddcfeaebcXccdbefddcfeaebc.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %CommonAppData%No
ccdbefddcfeaebsacfsfdsfXccdbefddcfeaebsacfsfdsf.exeDetected by Malwarebytes as Trojan.Dropper.PL. The file is located in %CommonAppdata%No
ccDHCP32XccDHCP32.exeDetected by Sophos as W32/Agobot-HJNo
CCDoctorYccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase - "an enterprise-grade configuration management system that provides highly secure version control with work and build management support." ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
CCDoctorLogonTestingYccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase - "an enterprise-grade configuration management system that provides highly secure version control with work and build management support." ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
Microsoft Driver SetupXccdrive32.exeDetected by Sophos as Troj/Agent-LYL and by Malwarebytes as Worm.PalevoNo
CCEUCCE.exe"Comodo Cleaning Essentials (CCE) is a set of computer security tools designed to help users identify and remove malware and unsafe processes from infected computers"No
ccenterYCCenter.exeRising antivirusNo
ccepicXccepic.exeDetected by Sophos as Mal/MSIL-HNo
CcEvtMgrYccEvtMgr.exeCommon process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Keeps track of all events occurring for these products and writes these into the Activity log - which can be viewed through the Reports section. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
SunJavaSchedXccEvtMngr.exeDetected by Sophos as W32/Sdbot-YPNo
nortonsantivirusXccEvtMngr.exeDetected by Sophos as Troj/Hzdoor-ANo
ccEvtMrg.exeXccEvtMrg.exeDetected by Trend Micro as WORM_RBOT.GZNo
dddfXccf.exeDetected by Malwarebytes as Password.Stealer. The file is located in %Temp%No
BullGuard UpdateYCCHAT.EXEPart of the updater for an old version of Bullguard antivirusNo
RunXcchost.exeDetected by Sophos as Troj/Squatbot-CNo
ccStartXccInfo.exeDetected by Sophos as W32/Agobot-GQNo
CodeCleanXCCIntro.exeCodeClean rogue security software - not recommendedNo
winlogon_userXccIsass.exeDetected by Symantec as W32.SillyFDC.BBTNo
AvastSvcXCClean.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %AppData%\ProgramasNo
CCleanerXCClean.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %AppData%\ProgramasNo
Ccleaner Co.XCcleaner Update.exeDetected by Malwarebytes as Trojan.Agent.CL. The file is located in %AppData%No
CCleaner UpdateXCCleaner x86.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not a valid CCleaner file and it is located in %AppData%\CCleaner UpdateNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry although the file is located in %ProgramFiles%\CCleanerNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %System%\Program Files\CCleaner\[random] - see examples here and hereNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %Temp%\Program Files\CCleaner - see hereNo
Avast!XCCleaner.exeDetected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %UserTemp%No
CcleanerXccleaner.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %AppData%No
CcleanerXCCleaner.exeDetected by Sophos as Troj/Agent-ATLD and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %CommonAppData%\AhnLabNo
CcleanerXCCleaner.exeDetected by Malwarebytes as Trojan.Imminent. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %LocalAppData%\PRO 2016No
CCleanerUCCleaner.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
CCleaner MonitoringUCCleaner.exeSystem Tray access to, and monitoring feature of the CCleaner (version 5.* onwards) freeware system optimization, privacy and cleaning tool which keeps the main program up-to-date and system clean of redundant filesYes
CCleaner.exeXCCleaner.exeDetected by McAfee as Generic Dropper!dob and by Malwarebytes as Backdoor.MSIL.PGen. Note - this is not the legitmate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %AppData%\EcUQcsIdRaxsWYFZemcIQR\EcUQcsIdRaxsWYFZemcIQR\0.0.0.0No
WinCleanerXccleaner.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %System%\WindowsCCleanerNo
ShellXccleaner.exeexplorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "ccleaner.exeexplorer.exe" (which should be located in %AppData% but does not exist as there should have been a "," between "ee")No
CCleanerUCCleaner64.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
CCleaner MonitoringUCCleaner64.exeSystem Tray access to, and monitoring feature of the CCleaner (version 5.* onwards) freeware system optimization, privacy and cleaning tool which keeps the main program up-to-date and system clean of redundant filesYes
ccleanersXccleaners.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
Host.exeXccleaners.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
aqvaXCCleanerstartup.batDetected by Malwarebytes as Trojan.BitcoinMiner. The file is located in %AppData%\aqvaNo
CCleanerUpdates.exeXCCleanerUpdates.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ccleanerxx.exeXccleanerxx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\ccleanerxx.exeNo
CCLTInstallCheck?CCLTInstallCheck.exePart of Radivision's "Click to Meet" video conferencing client - now part of Avaya and superseded by Scopia XT Video ConferencingNo
WindowsUpdateXCCNQY-FZDDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\IXBQTNo
CorrectConnectNCConnect.exeBroadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut availableNo
ccProxyYccProxy.exeCommon process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP). Located in %CommonFiles%\Symantec Shared, this should not be confused with Youngzsoft's CCProxy proxy server software which is located in either %Root%\CCProxy or %ProgramFiles%\CCProxyNo
CCProxyUCCProxy.exeCCProxy proxy server software from Youngzsoft. A proxy server is a computer system or (in this case) and application that acts as an intermediary for requests from clients seeking resources from other servers. Located in either %Root%\CCProxy or %ProgramFiles%\CCProxy, this should not be confused with the Symantec version included in older versions of Norton Internet Security or the discontinued Norton AntiSpam which is located in %CommonFiles%\Symantec SharedYes
ccPrxy.exeXccPrxy.exeDetected by Sophos as W32/ShipUp-H and by Malwarebytes as Trojan.ShipUpNo
ccPwdSvcYccPwdSvc.exeCommon process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. The exact purpose is unknown at presentNo
CcPxySvcYCCPXYSVC.exeCommon process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Real Statics AgentXccreal.exeAdded by a variant of Backdoor:Win32/RbotNo
Common ClientYccRegVfy.exePart of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
ccRegVfyYccRegVfy.exePart of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
USD DriverXccrss.exeDetected by Trend Micro as WORM_SDBOT.BFHNo
ccSetMgrYccSetMgr.exeCommon process for older versions of Symantec's products including Norton Internet Security, Norton AntiVirus, Norton Ghost and the now discontinued Norton Personal Firewall and Norton SystemWorks suite. Manages the secure storage and management of the various configuration settings for these products. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Norton Antivirus CCDebugXCCSEVRT.exeDetected by Trend Micro as WORM_SDBOT.ACJNo
novavappXccsmn.exeSysinternals Antivirus rogue security software - not recommended, removal instructions hereNo
Configuration LoaderXccSort.exeDetected by Trend Micro as WORM_AGOBOT.SR and by Malwarebytes as Backdoor.BotNo
Sygate Personals FirewallsXccsrn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
novavapprXccsrr.exeSysinternals Antivirus rogue security software - not recommended, removal instructions hereNo
ccStartXccStart.exeDetected by Sophos as W32/Agobot-IRNo
Norton StartXccStart.exeDetected by Sophos as W32/Sdbot-OXNo
ccsvchst.exeXccsvchst.exeDetected by Dr.Web as Trojan.DownLoader6.51095 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Symantec security service located in %CommonFiles%\Symantec Shared. This one is is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ccSvcHst.exeXccSvcHst.exeDetected by Sophos as W32/Sdbot-DIW. Note - this is not the legitimate Symantec security service located in %CommonFiles%\Symantec Shared. This one is located in %Windir%No
HotXccsvchst.exeDetected by Malwarebytes as Trojan.Reconyc. The file is located in %MyDocuments%\Microsoft OfficeNo
ccsvit.exeXccsvit.exeDetected by Sophos as Troj/StartPa-HPNo
(Default)Xcct.exeDetected by Malwarebytes as Trojan.FakeMS. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %WinTemp%No
CA Security SuiteUcctray.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert stateYes
cctrayUcctray.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert stateYes
XGCCTVServerYCCTvServer.exeRelated to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security featuresNo
nortonavXCCUPD32.EXEAdded by unidentified malware. The file is located in %System%No
ccUpdateXccUpdate.exeDetected by Trend Micro as WORM_AGOBOT.YSNo
Norton UpdateXccUpdate.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Norton UpdaterXccUpdate.exeDetected by Trend Micro as WORM_AGOBOT.ALWNo
ccUpdMgrUccUpdMgr.exeIn Loco Parentis parental control software. Uninstall this software unless you put it there yourself!No
CCUTRAYICONUCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®No
CorelCENTRAL 10NCCWin10.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002No
CorelCENTRAL 9Nccwin9.exeCorelCENTRAL 9 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2000No
1XCD Key Cs Go.exeDetected by Malwarebytes as Trojan.FakeGen. The file is located in %AppData%No
MP3 CD ExtractorNCD-Extractor.exe"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"No
Computer Defender 2009Xcd2009.exeComputer Defender 2009 rogue security software - not recommended, removal instructions hereNo
Auto CD-ROM StartupXcdaccess.exeDetected by Trend Micro as WORM_SPYBOT.BLANo
Microsoft softwareXcdaccess.exeDetected by Trend Micro as WORM_RBOT.ABKNo
CDAServerUCDASrv.exePart of the Samsung Easy Printer Manager installed with certain Samsung printers and scanners. Unless you are sharing this printer on a network or use the printer to scan, this file does not need to runNo
CyberDefender Early Detection CenterXcdas[random].exeCyberDefender Early Detection Center rogue security software - not recommended. On testing with a clean image, this reported registry entries pointing to the legitimate Java "jqs_plugin.dll" file (located in %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie as the Anticlear rogue (see an example here). In addition, it claimed that the installer for an older version of HashTab contained W32.MalwareF.KJAE and quarantined a valid 7-zip file ("7zCon.sfx" in %ProgramFiles%\7-Zip) as W32/Malware. Also read this post where a Tech Support person uses other free tools such as MBAM to fix a problemNo
CdcompatXCdcompat.exeDetected by Symantec as Trojan.GemaNo
Cddrv32Xcddrv32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
CDEYCDE.exeComodo Disk Encryption "offers easy-to-use protection for businesses who want to protect their information from falling into the wrong hands. Using security algorithms, Comodo Disk Encryption encrypts any drive partition or even virtual partitions, without disrupting computer usage or performance"No
Cool DeskUcdesk.exeCool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to youNo
CDInterceptorNcdi.exeCD indexer for measuring the speed of CD playersNo
cdloaderYcdloader2.exeMagicJack - a "softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"No
HKCUXcdm.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Archivos de ProgramasNo
HKLMXcdm.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Archivos de ProgramasNo
MS-ConnectXcdm.exeMS-Connect - Switch dialer and hijacker variant, see here. Also detected by Kaspersky as Trojan.Win32.Dialer.ddNo
CdnCtrXcdnup.exeCNav adware installed with HyperSnap Installer. Detected by Malwarebytes as Adware.CDN. The file is located in %ProgramFiles%\CNNIC\CdnNo
SystemTraXCDPlay.EXEDetected by Symantec as W32.Lovgate.Z@mmNo
%ProgramFiles%\CDROM\CDROM.exeXCDROM.exeDetected by Kaspersky as Trojan.Win32.Cosmu.akah and by Malwarebytes as Worm.Agent. The file is located in %ProgramFiles%\CDROMNo
Cdrom ControllerXcdromcntrl.exeDetected by Sophos as Troj/Battry-ANo
MicrosoftROMDriverServiceXcdrss.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.blf. The file is located in %System%No
cdsXcds.exeDetected by Symantec as Backdoor.SpymonNo
CDSpeed.exeXCDSpeed.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.aex. The file is located in %Windir%No
CD Storage MasterNcdstorager.exeCD Storage Master - "A powerful program designed to catalog your CD/DVD/Blu-Ray discs , boasts a number of handy features for organizing your collection"No
CD Storage Master 2009Ncdstorager.exeCD Storage Master - "A powerful program designed to catalog your CD/DVD/Blu-Ray discs , boasts a number of handy features for organizing your collection"No
CD Tray PalNCDTray.exeCD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"No
CDTrayPalNcdtray.exeCD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"No
UpdateXCDUpdater.exe"Carpe Diem" adult premium rate dialer related. The file is located in %ProgramFiles%\Carpe Diem\[folder]No
CD-DVD Lock for Win95/98/Me/2k/XPUCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
CDVAgentUCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
JDK55WFMZYXcdx.exeDetected by Trend Micro as TROJ_MONDER.RONNo
CadenzaUCdzSvc.exeCommonTime's Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices. No longer supportedNo
CeEKEYUCeEKey.exeHotkeys on a Toshiba laptop. Only required if you use the additional keysNo
runXCeline.scrDetected by Sophos as Troj/Celine-A. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "Celine.scr" (which is located in %Root%)No
CEventMgrXCell.exeDetected by Sophos as Troj/Bifrose-AKNo
EasyPDFCombine EPM SupportUcemedint.exeEasyPDFCombine toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyPDFCombine_ce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CenProtectXCenProtect.exeCenProtect rogue security software - not recommended, removal instructions hereNo
T-Mobile Communication CentreUCentre.exeT-Mobile Communication Centre configuration/management utility for their range of mobile broadband devicesNo
CeEPOWERUCePMTray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate timesNo
-=C34pn4=-XCepna.exeDetected by Dr.Web as Trojan.StartPage.58846 and by Malwarebytes as Trojan.StartPageNo
Y-WormXCepna.exeDetected by Dr.Web as Trojan.Siggen6.22766 and by Malwarebytes as Backdoor.Agent.ENo
syscodecaudioXCEQL0H9AT4.exeDetected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%\audiocodecNo
Advanced Internet ProtocolXcerf.exeAdded by a variant of W32.Spybot.Worm. The file is located in %System%No
CerrusXCerrus.exeDetected by Malwarebytes as MSIL.LockScreen. The file is located in %AppData%No
Certificate Policy EngineXCertPolEng.exeDetected by Sophos as Troj/Agent-ZBH and by Malwarebytes as Backdoor.Agent.DCNo
Legacy VGA Drivers V1.0Xcertproc32.exeAdded by the AGENT.NEM TROJAN!No
CertReg?certreg.exeRelated to a Gemplus (now Gemalto) product. The file is located in %ProgramFiles%\Gemplus\CertReg. What does it do and is it required?No
Windows Defender®XCertRegister.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.BotNo
Sun MicroSystems Inc.XCertRegister.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.BotNo
ISS_CerttoolYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
certtoolYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
IBM Client SecurityYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
SetecCertUtilUCertutil.exeSetec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TVNo
CesarFTPNCesarFTP.exeCesarFTP is an easy and powerful FTP Server. It supports a complete virtual file system which allows you to preserve your disk structure. It also supports ban masks, ratio and quotas, events, especially automatic processing of uploaded files. It has native NT service support." No longer supportedNo
EasyPDFCombine Search Scope MonitorUcesrchmn.exeEasyPDFCombine toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyPDFCombine_ce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
cessrs.exe -startUcessrs.exe -startDetected by Malwarebytes as PUP.Optional.UPUpdata. The file is located in %AppData%\UPUpdata. If bundled with another installer or not installed by choice then remove itNo
Driver Control Manager v7.1Xcetrdeje.exeDetected by Sophos as W32/AutoRun-BKK and by Malwarebytes as Trojan.AgentNo
Driver Control Manager v7.5Xcetrdeosa.exeDetected by McAfee as Generic Malware.dg!ats and by Malwarebytes as Trojan.AgentNo
CevoClientXcevo.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
cryptoexpertUcexpert.exeCryptoExpert from SecureAction Research. Advanced on the fly encryption systemNo
CryptoExTrayV3?CexTray.exePart of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?No
CryptoExVolumeAutoMount?CexVolume.exePart of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?No
cezqicidudceXcezqicidudce.exeDetected by McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.USNo
Ce_XXXXCe_XXX.exeDetected by Symantec as Dialer.OneOnOneNo
cfcmonXcfcmon.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.CFNo
BJCFDNCFD.exeBroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
CFDNCFD.exeBroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
Microsoft Driver SetupXcfdrive32.exeDetected by Sophos as Troj/Agent-OJR and by Malwarebytes as Worm.PalevoNo
cffmonXcffmon.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %ProgramFiles%\FontsNo
cfFncEnabler.exeNcfFncEnabler.exeToshiba's ConfigFree wireless network manager on their range of laptopsNo
Corel Colleagues & Contacts RemindersNcffrem.exeCorel Colleagues & Contacts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office and Corel Print House MagicNo
Corel Family & Friends remindersNcffrem.exeCorel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House MagicNo
Configuration ManagerXcfg32.exeBookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%No
dmrc3dlgXcfgbRESM.exeDetected by Malwarebytes as Trojan.Passwords.PE. The file is located in %System%No
Microsoft RuntimeXCfgDll32.exeDetected by Symantec as W32.Randex.BDNo
dvHighMemUcfgmng32.exePureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)Yes
cfgmng32Ucfgmng32.exePureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)Yes
cfgmonXcfgmon.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.CFGNo
Wins32 OnlineXcfgpwnz.exeDetected by Symantec as W32.Bropia.RNo
Printer Update?cfgreg.exeThe file is located in %Windir%. Maybe a registration reminder or automatically updates drivers or application software for a printer?No
runXcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "cfgsys32.exe" (which is located in %Windir%)No
loadXcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cfgsys32.exe" (which is located in %Windir%)No
cfgsys32Xcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. The file is located in %Windir%No
SW CfgWizUcfgwiz.exeConfiguration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settingsYes
Norton PasswordManagerUcfgwiz.exeConfiguration wizard for Symantec's now discontinued Norton Password Manager security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate) and confirms the default configuration settingsNo
IS CfgWizUcfgwiz.exeConfiguration wizard for older versions of Symantec's Norton Internet Security (and the now discontinued Norton Personal Firewall). On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton Internet Security is launched via the Start MenuYes
CfgwizUcfgwiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus, Norton Internet Security and Norton SystemWorks security products. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time the software is launched via the Start MenuYes
Norton SystemWorksUCfgWiz.exeConfiguration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settingsYes
NAV CfgWizUCfgWiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start MenuYes
NAVCFGUCfgWiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start MenuYes
Configuration WizardXCfgwiz32.exeDetected by Trend Micro as BKDR_HCKTCK.2K.C. Note - do not confuse with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)No
BWRINXCfHaX.exeDetected by McAfee as PWS-Zbot.gen.amy and by Malwarebytes as Trojan.PurBarNo
CFi ShellToys Utility ManagerUCFiShlMan.exeManager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"No
Micrcsoft Certificate ServicesXcflmon.exeDetected by Sophos as W32/Rbot-FWVNo
cfmmon.exeXcfmmon.exeDetected by McAfee as RDN/Generic.bfr!fh and by Malwarebytes as Worm.AutoRunNo
Microsoft Vista Upgrade Validation ServiceXcfmon.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
CTMON.EXEXcfmon.exeDetected by Sophos as Troj/Clckr-ANNo
cFosDNT?cFosDNT.execFos DSL Modem driver related. What does it do and is it required?No
cFosInst_Check?cfosinst.execFos DSL Modem driver related. What does it do and is it required?No
cFosSpeedUcFosSpeed.execFosSpeed Internet acceleration program from cFos Software GmBH - "increases your throughput and reduces your Ping. Whenever you access the Internet with more than one data stream cFosSpeed can optimize the traffic"No
COMODO Firewall ProYcfp.exeSystem Tray access to, and notifications for an older "Pro" version of Comodo Firewall by Comodo Group, IncNo
COMODO Internet SecurityYcfp.exeSystem Tray access to, and notifications for the range of internet security products from Comodo - including Internet Security, Antivirus and FirewallNo
Warning: do not remove it! (system)Ycfpsys.exe"Folder Password Protect is a software program that allows you to set a password for folders of your choice"No
WindowsXCfreer.exeDetected by Sophos as W32/Culler-CNo
CFSServ.exeUCFSServ.exePart of Toshiba's ConfigFree utility and searches for Wireless DevicesNo
CAF_SystemTray?cfSysTray.exePart of the CA DSM Agent + Software Delivery plugin by CA to "provide a flexible and comprehensive mechanism for building, distributing, installing and managing software on target systems across the enterprise"No
cftmocXcftmoc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
HKCUXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\FontsNo
HKCUXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXCftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXCftmon.exeDetected by McAfee as Generic.bfr!dx and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ctfmonXcftmon.exeDetected by Sophos as Troj/Delive-A and by Malwarebytes as Trojan.AgentNo
autoloadXcftmon.exeDetected by Sophos as W32/Socks-E and by Malwarebytes as Trojan.AgentNo
PoliciesXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
PoliciesXcftmon.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\CryptoSuiteNo
Windows Display SystemXcftmon.exeDetected by Dr.Web as Win32.HLLW.Autoruner.54764 and by Malwarebytes as Trojan.DownloaderNo
HKLMXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKLMXCftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\CryptoSuiteNo
HKLMXCftmon.exeDetected by McAfee as Generic.bfr!dx and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ControlExecTrompXcftmon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\FontsNo
cftmonXcftmon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %Windir%\CryptoSuiteNo
Microsoft OfficeXcftmons.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
cftmonsXcftmons.exeDetected by Malwarebytes as Trojan.Llac. The file is located in %AppData%No
cftmonsXcftmons.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.CFGenNo
cftmonsi2Xcftmonsi2.exeDetected by McAfee as Generic.dx!vxx and by Malwarebytes as Trojan.Agent.CFTNo
cftmonsvXcftmonsv.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
CFTMONXCFTMONSYS.EXEDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
SFtrb ServiceXcftrb32.exeDetected by Symantec as W32.Sobig.D@mmNo
cft_monXcft_mon.exeDetected by McAfee as Generic PWS.y!dsfNo
FunBallUCFunball.exeFunBall plugin for the Crawler Toolbar by Crawler, LLC - "Have some fun! Pick your favorite ball and play right on your desktop. Choose from football, baseball, basketball or hot-air balloon designs." The Crawler Toolbar is a web browser toolbar and Browser Helper Object for Internet Explorer which monitors and reports back web pages viewed to its remote servers and will modify the home and search assistant pages to redirect searches to Crawler web sites. The file is located in %ProgramFiles%\Crawler\FunBall. If bundled with another installer or not installed by choice then remove itNo
cfyXcfy.exeSurfenhance.com SearchForIt adware variant. The file is located in %Windir%No
CGI Firewall ScriptXCGIAGENT.EXEDetected by Sophos as W32/Bropia-UNo
Norton Crashguard MonitorNCGMenu.EXETroublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001No
CGServerUcgserver.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programsNo
Microsoft Windows Files LoaderXcgy32win.exeDetected by Sophos as W32/Rbot-AXR and by Malwarebytes as Trojan.MWF.GenNo
CgywinXcgywin32.exeDetected by Sophos as W32/Rbot-AEINo
3Xchair.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %CommonAppdata%\WindowsYNo
ChamClockUChamClock.exeChameleon Clock - system tray clock replacementNo
HomeAlarmUChamClock.exeChameleon Clock - system tray clock replacementNo
PoliciesXChampion.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinDirNo
ChangerXchanger.exeDetected by Malwarebytes as Trojan.Injector.MSS. The file is located in %AppData%\Changer\ChangerNo
ActiveMultiwallpaperUChanger.exeActive Multiwallpaper Changer by Nextriver - "is a cute easy-to-use program that changes your desktop background within defined time interval. Simply choose the folder you would like to use wallpapers from, check what pictures to show and off you go!"No
ChangeTPMAuthUChangeTPMAuth.exeInstalled with some security products from Wave Systems Corp. and related to the TPM support included with many motherboards, desktops and laptops. Can be safely disabled if you don't have or don't use the TPM feature of your hardwareNo
ChapelsXChapels.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\ylpCM7IX9E3V6JNo
ChargeServiceUChargeService.exeMSI Super Charger utility which is capable of revising the power supply mode of a USB port on supported motherboards to charge Apple's iPad, iPhone and iPod mobile devices which need a higher current levelNo
Animated WallpaperUCharm Waterfall.exeCharm Waterfall animated desktop wallpaper from Desktop AnimatedNo
gpresult.exeXcharmap.exeDetected by Malwarebytes as Trojan.Agent.GPGen. Note - this is not the legitimate charmap.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\IME12No
[random]Xcharmapnt.exeDetected by Sophos as Troj/Bancos-DRNo
Bingo Charm?charms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?No
chat with me online priveted.exeXchat with me online priveted.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ChatangoNChatango.exeChatango - "is an online IM service for people to converse with each other. Chatango has multiple uses for multiple purposes, including business, anime, roleplaying, and other topics. It is free to make an account, easy to embed and customize, can handle traffic spikes, works on phones and tablets, and many chat rooms are family friendly." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediatelyNo
loves2Xchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
loveuoyXchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
mands2Xchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
ChatStatUChatStat.exeChatStat from ChatStat Technologies, Inc - provides live chat assistance in up to 16 languages allows your operators to be more productive. No longer availableNo
chaveGBtL2TMXchaveGBtL2TM.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\chaveGBtL2TMNo
chcenterNchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
Chckdsks.comXChckdsks.comDetected by Malwarebytes as Worm.AutoRun. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chcp.exeXchcp.exeDetected by Kaspersky as Backdoor.Win32.SdBot.bmh. The file is located in %Windir%No
High Definition Audio Property Page ShortcutUCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
sysberay2Xche#.exeDetected by Malwarebytes as Trojan.Agent - where # represents one or more digits. The file is located in %Windir% - see examples here and hereNo
CIONche7e1~1.exeChatItOut webcam chat programNo
cheatenginezXcheatenginez.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
GigaByteXCheatle.exeDetected by Symantec as W32.HLLP.Shodi.BNo
Check&GetUCheck&Get.exeCheck&Get from ActiveURLs - "Manages your browser bookmarks and favorites, Monitors Web sites for changes and updates, captures and highlights the changed contents." No longer supportedNo
CheckXCheck.exeDetected by Sophos as W32/VB-DRNNo
OBRCheckYcheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager." Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
seccheckXcheck.exeDetected by McAfee as RDN/Generic PWS.y!bbs and by Malwarebytes as Backdoor.Agent.ENo
WinCheckXcheck.exeDetected by Sophos as W32/Delbot-YNo
eRecoveryServiceYcheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager." Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
check119Xcheck119_up.exeCheck119 rogue security software - not recommended, removal instructions hereNo
CheckCU?CheckCU.exeInstalled with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and EstonianNo
CheckCustomWorksUpdateNCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"No
WashAndGo - Cleanup of old BackupfilesUchecker.exeWashAndGo - temp file cleanerNo
CheckIt 86UCheckIt86.exeCheckIt 86 popup blocker by Smith Micro Software, Inc.No
ChecklistSrvUChecklistSrv.exeChecklist task tracking and management utility by Task Solutions Inc (was 4th Software)No
Registry Startup CheckXcheckreg.exeDetected by Sophos as Troj/RemLoad-ANo
CheckRun22find_uninstallerUCheckRun22find.exeDetected by Malwarebytes as PUP.Optional.Elex. The file is located in %AppData%. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
CheckRunv9_uninstallerXCheckRunv9.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
svhoostXchecksys.exeChinese originated TROJAN! The file is located in %System%No
XvidNCheckUpdate.exeUpdate manager for the Xvid video codecNo
RealtekXcheckupdates.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %ProgramFiles%\Mozilla FirefoxNo
PoliciesXcheckupdates.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Mozilla FirefoxNo
Blackmagic CheckVersion PCI?CheckVersionPCI.exeRelated to the "Decklink" range of products from Blackmagic Design Pty. Ltd. What does it do and is it required?No
Ads Expert Browser BackupUCheckWork.exePart of Ad Expert Browser - which "is a new program used to analyze the online advertising market to obtain detailed statistics about websites advertising on different pay-per-click advertising systems." Detected by Malwarebytes as PUP.Optional.AdExpertBrowser. The file is located in %AppData%\AEB. If bundled with another installer or not installed by choice then remove itNo
ChedotUchedot.exeDetected by Malwarebytes as PUP.Optional.Ghokswa. The file is located in %LocalAppData%\Chedot\Application. If bundled with another installer or not installed by choice then remove itNo
ChedotNotificationServiceAutoRunUchedot_notifications.exeDetected by Malwarebytes as PUP.Optional.Ghokswa. The file is located in %LocalAppData%\Chedot\Application\[version]. If bundled with another installer or not installed by choice then remove itNo
WMBootNChekList.exeAssociated with Wingman game controllers. Not required but what does it do?No
CHEM ORDER G190.exeXCHEM ORDER G190.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMT. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NVIDIA GeForce ExperienceXCHEM SPEC.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMTNo
ShellXCHEM SPEC.exe,Explorer.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "CHEM SPEC.exe" (which is located in %LocalAppData%\nvidia)No
Google UpdaterXcherry.exeDetected by Trend Micro as TROJ_DIGMINEIN.A and by Malwarebytes as Trojan.BitCoinMinerNo
Windows firewall managerXchh.exeAdded by a variant of W32.Randex.GEL. The file is located in %System%No
Chiarooscuro hoording.exeXChiarooscuro.exeDetected by Malwarebytes as Backdoor.Messa.E. The file is located in %AppData%\ hoordingNo
chickXchick.exeDetected by Malwarebytes as Trojan.Agent.CHK. The file is located in %AppData%No
chiCkieXchiCkie.exeDetected by Symantec as W32.ChikoNo
ChikkaDefaultUChikkaLauncher.exeChikka PC text messanger and IM clientNo
ChilyClientUChilyClient.exeChily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
eixfiXchina.batDetected by Trend Micro as BAT_WCUP.ANo
china11msnXCHINA11MSN.EXEDetected by Symantec as W32.Envid.O@mmNo
ChkAdminNCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"No
MicroSys-CheckAjourNChkAjour.exeAjour by Micro-Sys Software - is a "free personal calendar, organizer, reminder and information manager"No
SB Audigy 2 Startup Menu?ChkColor.EXERelated to the Creative Sound Blaster Audigy 2 range of sound cardsNo
CheckDialerUChkDial.exeHispasec CheckDialer modem connection monitoring toolNo
ChkDisk.dllXChkDisk.dllDetected by Symantec as Trojan.Opachki and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
UninstalTimeXchkdisk.exeDetected by Dr.Web as Trojan.Siggen1.31088 and by Malwarebytes as Backdoor.AgentNo
ChkDisk.lnkXChkDisk.lnkDetected by Symantec as Trojan.Opachki and by Malwarebytes as Trojan.FakeAlert. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
iSsrze6yv3eCnPlQXchkdsk.exeDetected by Malwarebytes as Trojan.VB. The file is located in %AppData%\Mozilla\Firefox\extensions\{5f861d5e-11c5-4f1d-b5d2-4a34d8358787}\components\mamNo
[3-4 random letters]Xchkdsk.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. Note - the legitimate Windows chkdsk.exe will always be located in %System% and will NOT figure among the startups!No
Disk CheckXchkdsk32.exeDetected by Sophos as Troj/DownLdr-IMNo
CHK DiskerXchkdsker.exeDetected by Symantec as Backdoor.IRC.Bot. The file is located in %System% - see hereNo
NT Printing ServiceXchkdsks.exeDetected by Microsoft as Win32/Archivarius and by Malwarebytes as Trojan.AgentNo
NT Printing ServicesXchkdsks.exeDetected by Sophos as Troj/Buzus-M and by Malwarebytes as Backdoor.BotNo
NT Printing ServiceXchkdskss.exeDetected by Microsoft as Win32/Archivarius and by Malwarebytes as Trojan.AgentNo
Microsoft DLL VerifierXchkfile.exeDetected by Sophos as W32/Rbot-AOC and by Malwarebytes as Backdoor.AgentNo
Pe2ckfnt SENchkfont.exeUsed to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menuNo
ASUS ChkMailUChkMail.exeMail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrivedNo
ChkMailUChkMail.exeMail-checking utility supplied with some Acer and ASUS notebooks that uses an LED to notify the user when an E-mail has arrivedNo
Generic ChkMailUChkMail.exeMail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrived. The models supported are AS62FM945GM1, AS62JM945PM1 and AS62JM945PM2 - see hereNo
Java Plug-inXchknt32.exeDetected by McAfee as Spy-Agent.fg and by Malwarebytes as Trojan.ZbotNo
CHK NTXchkntf.exeAdded by a variant of W32.IRCBot. The file is located in %System% - see hereNo
chkntfs.exeXchkntfs.exeDetected by Sophos as Troj/Carberp-D and by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ChkDiskXchk_disk.exeAdded by unidentified malware. The file is located in %System%No
DiscoverAncestry EPM SupportUchmedint.exeDiscoverAncestry toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DiscoverAncestry_ch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
avagent3974Xchnb8895.exeAntiVirus ransomware security software - not recommended, removal instructions hereNo
Change Lines?chngline.exeUnknown entry on some Dell machines. The file is located in %Root% - see hereNo
ChoiceMailUChoiceMail.exeChoiceMail from DigiPortal Software - "is the anti-spam program that puts you in complete control of your mailbox. It lets you treat your Inbox the same way you treat your front door. You decide who gets in and who doesn't. With ChoiceMail, you will never get another piece of unwanted email. Get the mail you want. Block the mail you don't want"No
ChoiceMail One Single User [version]UChoiceMail.exeChoiceMail from DigiPortal Software - "is the anti-spam program that puts you in complete control of your mailbox. It lets you treat your Inbox the same way you treat your front door. You decide who gets in and who doesn't. With ChoiceMail, you will never get another piece of unwanted email. Get the mail you want. Block the mail you don't want"No
ChokeXChoke.exe -blahhhDetected by Symantec as W32.Choke.WormNo
HKCUXChome.exeDetected by McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXchome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ExplorerXChome.exeDetected by McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Trojan.AgentNo
HKLMXChome.exeDetected by McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXchome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
PoliciesXchomeexeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\installNo
ChomikBoxUChomikBox.exeChomikBox - Polish utility that "is a small and friendly program that will allow you to easily add files to your hamster, download, and listen to music directly from the pages of the site!" The "hamster" referred to is an online storage serviceNo
chorm.exeXchorm.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.CH. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXChorme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\MicrosoftNo
PoliciesXChorme.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\MicrosoftNo
Google ChormeXChorme.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserTemp%No
HKLMXChorme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\MicrosoftNo
HKCUXchost.exeDetected by McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.HMCPol.GenNo
chost.exeXchost.exeDetected by McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.SpyNetNo
HKLMXchost.exeDetected by McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.HMCPol.GenNo
chost.lnkXchost.lnkDetected by Dr.Web as Trojan.Siggen3.30349 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DATISA chostsXchosts.exeDetected by Dr.Web as Trojan.StartPage.60365 and by Malwarebytes as Trojan.StartPage.CHNo
chostsvXchostsv.exeDetected by Symantec as Infostealer.Banpaes.CNo
windows taskbarXChouf-This.exeDetected by Sophos as W32/Autorun-BQP and by Malwarebytes as Trojan.AgentNo
NetShowXchqq.exeDetected by McAfee as RDN/Generic VB.b!a and by Malwarebytes as Trojan.StartPageNo
Key NameXchr0me.exeDetected by McAfee as RDN/Generic.dx!c2t and by Malwarebytes as Backdoor.Agent.ENo
chrebdp_CsUXchrebdp_CsU.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MSSNo
Microsoft Driver SetupXChrg.exeDetected by Malwarebytes as Worm.Palevo. The file is located in %System%\driversNo
Christmas Music PlayerNChristmas Music Player.exe"Christmas Music Player brings the music of the Christmas Holiday to your desktop"No
ZackerXChristmas.exeDetected by Sophos as W32/Maldal-CNo
AdobeXchrme.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
clicupUchrmndr.exeDetected by Malwarebytes as PUP.Optional.ClicUp. The file is located in %LocalAppData%\clicup. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
ChrommXChrom.exeDetected by Malwarebytes as Backdoor.Agent.PDL. The file is located in %AppData%\ChromNo
Chrom.exeXChrom.exeDetected by Dr.Web as Trojan.DownLoader11.6281 and by Malwarebytes as Trojan.Agent.CH. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
03cfa1487a94d2b11760b77d3e3b04b3Xchrom.exeDetected by McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.MSIL.GenXNo
HKCUXchrom2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\chrom2No
PoliciesXchrom2.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\chrom2No
HKLMXchrom2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\chrom2No
ChromaticUchromatic.exeDetected by Malwarebytes as PUP.Optional.Chromatic. The file is located in %LocalAppData%\Chromatic\application. If bundled with another installer or not installed by choice then remove itNo
ChromeXChrome Support.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\MSDCSC - see hereNo
chrome toolbarXchrome toolbar.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
chrome updateXchrome update.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\chromeNo
chrome.batXchrome.batDetected by Malwarebytes as Trojan.Agent.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
explorXchrome.exeDetected by Malwarebytes as Trojan.Downloader.E. Note - this entry loads from the Windows Startup folder, The file is located in %MyDocuments% and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\ApplicationNo
IchromeXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
NAVIGATERXChrome.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%\GoogleNo
AVAST32Xchrome.exeDetected by McAfee as BackDoor-CZP.dr and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
1Xchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
SkypeXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\MuAwaY\data\interfaceNo
SkypeXChrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
win32Xchrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%No
SkypeXchrome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
tfgfhjgkjXChrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
HKCUXChrome.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\InstallDir - see hereNo
HKCUXchrome.exeDetected by McAfee as Generic.bfr!gs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
Google UpdateXchrome.exeDetected by Dr.Web as Trojan.MulDrop1.54424 and by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
HKCUXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
Google UpdateXchrome.exeDetected by Malwarebytes as Trojan.PWS. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDir - see hereNo
Google UpdateXchrome.exeDetected by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%\MyAppsNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
HKCUXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SpeechNo
WindowsStartXchrome.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
HKCUXchrome.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
winkeyXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\winNo
HKCUXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%\System32No
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
HKCUXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
HKCUXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\InstallDir - see hereNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
Adobe FlashXchrome.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
2015Xchrome.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
ShellXChrome.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %AppData%\InstallDir and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXchrome.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "chrome.exe" (which is located in %UserTemp%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
Microsoft WindowsXchrome.exeDetected by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\MicrosoftNo
HKLMACH1HKXchrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
bXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
HKLMZXchrome.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
Audio(HD)Xchrome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
ServerXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
hggjhgkjXChrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
FusionBrowserUchrome.exe"Fusion seamlessly integrates your favourite Chrome browser features and settings into one convenient tool that is accessible directly from the comfort of your desktop." Detected by Malwarebytes as PUP.Optional.FusionBrowser. The file is located in %ProgramFiles%\FusionBrowser\[version] - unlike the standard Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. If bundled with another installer or not installed by choice then remove itNo
[4 digits]Xchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
Google UpdatesXchrome.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google ChromeNo
HATXchrome.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.STG. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\whitehatNo
dXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%No
ctfmonXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\TorjanNo
ctfmonXchrome.exeDetected by McAfee as RDN/Generic.dx!ctn and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserStartup%\FirefexNo
ctfmonXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\SexyNo
WindowsHostXchrome.exeDetected by Malwarebytes as Backdoor.Agent.WH. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\ProgramData\SystemNo
GoogleChromeXchrome.exeDetected by Dr.Web as Trojan.MulDrop4.9457. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleChromeNo
NvidiaXChrome.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
Java UpdaterXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
ProMINXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
ChromeXChrome.exeDetected by McAfee as Generic.dx!b2aq and by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
chromeXchrome.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.CH. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\contre strike 1.6No
ChromeXChrome.exeDetected by Dr.Web as Trojan.DownLoader2.37076 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\DirectoryNo
chromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in "%AppData%\google "No
GoogleChromeAutoLaunch_[ID]Uchrome.exeCustom build of the Chromium web browser bundled with various adware installers. Detected by Malwarebytes as PUP.Optional.NotChromeRun. The file is located in %LocalAppData%\Chromium\Application. If bundled with another installer or not installed by choice then remove itNo
ChromeXchrome.exeDetected by Microsoft as Ransom:Win32/Genasom.EJ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\google\chromeNo
GoogleChromeAutoLaunch_[ID]Uchrome.exeAllows Google Chrome applications to run in the background when Chrome is closed - which means they still use system resources. To disable them all click the Chrome menu in the browser toolbar → Settings → Show advanced settings → System → deselect "Continue running background apps when Google Chrome is closed". See here for more information and examples here and hereNo
ChromeXChrome.exeDetected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes as Backdoor.Agent.CHGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\System\ServicesNo
GoogleChromeAutoLaunch_[ID]Uchrome.exeCustom build of the Chromium web browser bundled with various adware installers. Detected by Malwarebytes as PUP.Optional.FastBrowser. The file is located in %ProgramFiles%\Fast Browser\Application. If bundled with another installer or not installed by choice then remove itNo
chromeXchrome.exeDetected by Dr.Web as Trojan.DownLoader6.5297 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\SystemNo
ChromeXChrome.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\ChromeNo
chromeXchrome.exeDetected by McAfee as Generic.bfr!gs and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
ChromeXchrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
chromeXchrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
ChromeXChrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\WinRARNo
chromeXchrome.exeDetected by Microsoft as TrojanSpy:Win32/Keylogger.FM and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%No
chromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
ChromeXChrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
chromeXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ProNo
HKCUSER2FFXchrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
loadXChrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
NVIDIA corportationXchrome.exeDetected by Malwarebytes as Trojan.Agent.CRP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\Winrar\Skype\MicrosoftNo
loadXchrome.exeDetected by Malwarebytes as Backdoor.Agent.MWT. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.exe" (which is located in %AppData%\Twitch and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
loadXchrome.exeDetected by McAfee as Generic.bfr. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
loadXchrome.exeDetected by McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
loadXChrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
Adobe Reader and Acrobat ManagerXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\MuAwaY\data\interfaceNo
HKCUZXchrome.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
digitalXchrome.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
Java UpedateXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\Microsoft\Wirar\MicrosoftNo
PoliciesXChrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
WebDiscoverBrowserUchrome.exe"The WebDiscover browser seamlessly integrates your favorite Chrome features and settings into one convenient tool to search the web... all from the comfort of your desktop." Detected by Malwarebytes as PUP.Optional.WebDiscoverBrowser. The file is located in %ProgramFiles%\WebDiscoverBrowser\[version] - unlike the standard Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\dir\install\install - see hereNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
PoliciesXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
PoliciesXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
JavaXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
Chrome helpXchrome.exeDetected by Malwarebytes as Trojan.PWS. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
Host Process for Windows ServicesXChrome.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %LocalAppData%No
taskmgrXchrome.exeDetected by McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Backdoor.Agent.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\chromeNo
Chrome ServicesXchrome.exeDetected by Kaspersky as Trojan-PSW.MSIL.Agent.dyi. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google ChromeNo
Chrome UpdaterXchrome.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Cookies%\DCSCMINNo
AutoUpdateXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
googleXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
chrome.exeXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData% - see hereNo
Chrome.exeXChrome.exeDetected by Malwarebytes as Ransom.Jigsaw.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\.Google ChromeNo
Chrome.exeXChrome.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\ChromeNo
chrome.exeXchrome.exeDetected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\tempNo
chrome.exeXchrome.exeDetected by McAfee as RDN/Generic.dx!ctt and by Malwarebytes as Trojan.Agent.MNRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\windowsNo
RUNDLL32Xchrome.exeDetected by Malwarebytes as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\updaterNo
Chrome.exeXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chrome.exeXchrome.exeDetected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
Rede EthernetXChrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
Chrome.exeaXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DesktopNo
Chrome.exebXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
Chrome.execXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
AHMMWDXchrome.exeDetected by McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
Chrome.exedXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\FavoritesNo
Chrome.exeeXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)No
QWGDXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\googleNo
QWQQXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\googleNo
HKLMXChrome.exeDetected by McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\InstallDir - see hereNo
HKLMXchrome.exeDetected by McAfee as Generic.bfr!gs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
DARK@123XChrome.exeDetected by McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleWinNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\subfolderNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\dir\install\installNo
WindowsProcessXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData% - see hereNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent.MNR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\windowsNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\ApplicationNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
Google chromeXchrome.exeDetected by Malwarebytes as Trojan.Crypt.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\CCleanerNo
HKLMXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent.GG. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\Google ChromeNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDir - see hereNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
HKLMXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SpeechNo
HKLMXchrome.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
HKLMXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%\System32No
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
ATIVXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in an "App" sub-folderNo
HKLMXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
HKLMXchrome.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\InstallDir - see hereNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
Windows UpdateXchrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %CommonAppData%No
Windows UpdateXchrome.exeDetected by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\MicrosoftNo
(Default)XChrome.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and note that this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %CommonAppData%No
dllhostXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Templates%No
aXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DesktopNo
cXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DownloadsNo
GOOGLE CHROME UPDXchrome.exeDetected by McAfee as RDN/Generic Dropper!tw and by Malwarebytes as Trojan.Agent.GC. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\updateNo
Yahoo MessenggerXchrome.exeDetected by Sophos as W32/Autorun-NG and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
ShellXchrome.exe,explorer.exeDetected by Malwarebytes as Backdoor.Agent.CHR. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %AppData%\Google_Update and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
chrome.exe.lnkXchrome.exe.lnkDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
chrome.exe.vbsXchrome.exe.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
loadXchrome.lnkDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.lnk" (which is located in %UserTemp%\FolderN)No
Google ChromeXchrome.scrDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\subfolder - see hereNo
chrome.vbeXchrome.vbeDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Chrome.vbsXChrome.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
Chrome32.exeXChrome32.exeDetected by Microsoft as Ransom:MSIL/JigsawLocker.A and by Malwarebytes as Trojan.Agent.CHRNo
Yahoo MessenggerXchrome9.exeDetected by Dr.Web as Trojan.StartPage.39111 and by Malwarebytes as Backdoor.BotNo
chromebrowserXchromebrowser.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Windir%No
HKCUXchromee.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HOST-MANAGERXchromee.exeDetected by Malwarebytes as Trojan.Agent.HSTM. The file is located in %Root%\PersfLogs\sys - see hereNo
GVb72t6bIXtKRzHXchromee.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%No
HKLMXchromee.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ChromeExtraXChromeExtra.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.INCNo
chromenetXchromenet.exeDetected by Sophos as Troj/Malit-FI and by Malwarebytes as Trojan.Agent.ENo
chromer.exeXchromer.exeDetected by Dr.Web as Trojan.DownLoader9.44152 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AdobeXchromes.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\InstallNo
ChromeServiceXChromeService.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.XTRat.ENo
NoobcakeXChromesupport.exeDetected by McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.AgentNo
PoliciesXChromesupport.exeDetected by McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.Agent.PGenNo
BunniesXChromesupport.exeDetected by McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.AgentNo
MicroUpdateXchromeupd.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
BrowserMeXChromeUpdate.exeDetected by Dr.Web as Trojan.Siggen6.49839 and by Malwarebytes as Trojan.AgentNo
ShellXChromeUpdate.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ChromeUpdate.exe" (which is located in %LocalAppData%\Google)No
NetworkXChromeUpdate.exeDetected by Dr.Web as Trojan.MulDrop7.18449 and by Malwarebytes as Trojan.AgentNo
GoogleUpdateXChromeUpdate.exeDetected by Malwarebytes as Trojan.Agent.IGen. Note - this is not a legitimate Google Chrome browser entry and the file is located in %AppData%\GoogleUpdateNo
MicrosoftXChromeupdate.exeDetected by Dr.Web as Trojan.MulDrop5.18932 and by Malwarebytes as Trojan.Agent.E.GenericNo
ChromeUpdateXChromeUpdate.exeDetected by Malwarebytes as Trojan.Agent.FLMPK. The file is located in %AppData%No
ChromeUpdateXChromeUpdate.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not a legitimate Google Chrome browser entry and the file is located in %CommonAppData%\ChromeUpdateNo
chromeupdateXChromeUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.27987. Note - this is not a legitimate Google Chrome browser entry and the file is located in %CommonFavorites%No
ChromeUpdate.exeXChromeUpdate.exeDetected by Malwarebytes as Trojan.Agent.FLMPK. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Google updaterUchromeupdater.exeDetected by Malwarebytes as PUP.Optional.Montiera. The file is located in %LocalAppData%\Google\Chrome - see an example here. If bundled with another installer or not installed by choice then remove itNo
ChromeUpdaterXChromeUpdater.exeDetected by McAfee as RDN/Generic Dropper!uh and by Malwarebytes as Backdoor.Agent.MSCNo
ChromeXchromeupdates.exeDetected by Malwarebytes as Backdoor.Andromeda.E.Generic. The file is located in %AppData%\UpdateNo
Google UpdateXChromeupdt.exeDetected by McAfee as RDN/Generic.bfr!fj and by Malwarebytes as Backdoor.Agent.DCENo
infoXChromex64.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%\clientNo
Chromex64XChromex64.exeDetected by Malwarebytes as Trojan.BitCoinMiner.E. The file is located in %UserStartup%No
Chromex64.exeXChromex64.exeDetected by Malwarebytes as Trojan.BitCoinMiner.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chromexs.exeXchromexs.exeDetected by Malwarebytes as Ransom.Jigsaw. Note the space at the beginning of the filename, which is located in %AppData%\Chromexs - see hereNo
Chrome_debugXChrome_debug.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
CHROMESERVICESXchrome_services.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ANDNo
svchostXChromo.exeDetected by McAfee as RDN/Generic PWS.y!ts and by Malwarebytes as Backdoor.Bot.ENo
cftmonXChromo.exeDetected by McAfee as RDN/Generic PWS.y!ts and by Malwarebytes as Backdoor.AgentNo
GoogleChromeAutoLaunch_[ID]Nchromodo.exeComodo Chromodo (was Comodo Chromium Secure) web browser which is based on the Chromium platformNo
chronoUchrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
ChronographUchrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
Chroom.exeXChroom.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Chroom.exeXChroom.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from HKCU\Run and the file is located in %UserTemp%No
Windows AudioXchroom.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\InstallNo
Chroome.exeXChroome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ClientXChroome.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserStartup%No
Chroome.vbsXChroome.vbsDetected by Malwarebytes as Trojan.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chrorne.vbeXchrorne.vbeDetected by Malwarebytes as Trojan.InfoStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ViewshXchrscr.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\WiacplNo
dpmoprovXchsbserv.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %System%No
DiscoverAncestry Search Scope MonitorUchsrchmn.exeDiscoverAncestry toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DiscoverAncestry_ch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CyberhawkYCHTray.exeSystem Tray access to and notifications for Cyberhawk from Novatix (now part of Symantec) - which protects against viruses, spyware, identity theftNo
ChronitelInitTV?CHTVINIT.EXEThe file is located in %System%. What does it do and is it required?No
Task ManagerXchucem.exeDetected by McAfee as W32/Chucem.wormNo
autoregXChunSouce.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
Microsoft Driver SetupXChvgrm.exeDetected by Avira as TR/Kolab.82432 and by Malwarebytes as Worm.PalevoNo
FemmeXchwia.exeDetected by McAfee as RDN/Generic.dx!cnn and by Malwarebytes as Backdoor.Agent.ENo
ci1gntXci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!No
Windows Printing DriverXciadvs.exeDetected by Sophos as Troj/Buzus-MNo
Windows Printing DriverXciadvss.exeDetected by Microsoft as Win32/ArchivariusNo
TaskmanXciboq.exeDetected by Sophos as Mal/EncPk-AFU. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "ciboq.exe" (which is located in %UserProfile%)No
Component BrowserXcicedit.exeDetected by Malwarebytes as Backdoor.Agent.CD. The file is located in %System%No
BTHMAN32Xcicscli.exeDetected by Malwarebytes as Trojan.Agent.PRP. The file is located in %System% - see hereNo
iiwmy+m+uXybhss=Xcidaemon.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate CiDaemon.exe XP/2K process which is always located in %System%. This one is located in %AppData%\Microsoft\MMCNo
WindowsFileSystemXcidaemon32.exeDetected by Sophos as W32/Rbot-FSPNo
WinXP Catalog ServiceXcidaemon32.exeDetected by Kaspersky as Backdoor.Win32.Rbot.aeuNo
Microsoft Driver SetupXcidrive32.exeDetected by Sophos as Troj/Agent-NES and by Malwarebytes as Worm.PalevoNo
cihost.exeXcihost.exeDetected by Symantec as Trojan.LinstNo
Microsoft Data HelperXcihost.exeMalware, possibly a variant of Trojan.Linst. Note - this entry loads from the Windows Startup folder and the file is located in %System%No
Memory Allocation HostXcihost.exeDetected by Avast as a variant of the IRCBOT-CHZ WORM!No
cihuqcyrilwyXcihuqcyrilwy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
CIJ2P2PSERVERYCIJ2P2PS.EXECompaq IJ200 printer utility which is required in order to make the printer work correctlyNo
CIJ3P2PSERVERYCIJ3P2PS.EXECompaq IJ300 printer utility which is required in order to make the printer work correctlyNo
CIJ7P2PSERVERYCIJ7P2PS.EXECompaq IJ700 printer utility which is required in order to make the printer work correctlyNo
CIJ9P2PSERVERYCIJ9P2PS.EXECompaq IJ900 printer utility which is required in order to make the printer work correctlyNo
NTdhcpXCiKewl.exeDetected by Sophos as Troj/QQRob-NNo
TotalComicBooks EPM SupportUcimedint.exeTotalComicBooks toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalComicBooks_ci\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CimSyncUcimsync.exeProficy CIMPLICITY by GE - "is a client/server based visualization and control solution that helps you visualize your operations, perform supervisory automation and deliver reliable information to higher-level analytic applications"No
startXcimv.exeDetected by Dr.Web as Trojan.MulDrop5.3972. The file is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
msconfigXcimv.exeDetected by Malwarebytes as Spyware.Password. The file is located in %LocalAppData%No
CinemaNowMediaManagerAppUCinemanowShell.exeMedia manager for the CinemaNow digital video distribution serviceNo
Cingular Communication ManagerYCingularCCM.exeCingular Communication Manager by Cingular Wireless (now taken over by AT&T) - "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"No
Software\Microsoft\Windows\CurrentVersion\RunprocessXcipsn.exeDetected by Sophos as W32/Forbot-DMNo
Duwee wong CerbonXCirebons.exeDetected by Trend Micro as WORM_BHARAT.ANo
Datechecker?cisco.exeThe file is located in %System%No
RDSoundXCiscoWi.exeDetected by Dr.Web as BackDoor.DarkNess.41 and by Malwarebytes as Trojan.AgentNo
AutoVirusProtectionXciscv.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Memory Allocation ServerXciserv.exeDetected by Microsoft as Worm:Win32/Slenfbot.BHNo
TotalComicBooks Search Scope MonitorUcisrchmn.exeTotalComicBooks toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalComicBooks_ci\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Optimise.comXcisrss.comDetected by Dr.Web as Trojan.MulDrop4.53993 and by Malwarebytes as Trojan.Agent.CMNo
Memory Allocation ServicesXcisrv.exeDetected by Trend Micro as BKDR_IRCBOT.FC. The file is located in %System%No
CISrvr ProgramNCISRVR.EXERelated to internet setup on Compaq PC'sNo
COMODO Internet SecurityYcistray.exeCOMODO Internet Security System Tray icon -"In addition to providing a fast way of starting CIS, the system tray icon also contains short cuts that allow you to configure various security settings. Right click on the icon to access the menu"No
FamilyKeyLoggerUcisvc.exeFamily Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLoggerNo
loadXcisvc.exeDetected by Symantec as Trojan.Downbot. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cisvc.exe" (which is located in %Temp%)No
SystemServiceXcisvc.exeDetected by McAfee as Generic.dx!tqsNo
CisvcXcisvc.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate cisvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Ci SvrXcisvr.exeDetected by Trend Micro as BKDR_IRCBOT.AWN. The file is located in %System%No
CitiUCSNCitiUCS.exeCitibank Virtual Account Numbers - "a free service that allows cardmembers to generate a substitute credit card number which can be used in place of their real credit card number during online or telephone shopping"No
Citi Virtual Account NumbersNCitiVAN.exeCiti Virtual Account Numbers - change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
CitiVANNCitiVAN.exeCiti Virtual Account Numbers - change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
citulhenwyhyXcitulhenwyhy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
CivaXCiva.exeDetected by Trend Micro as WORM_SDBOT.ARINo
WinFirewallXcIzp.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\Installer - see hereNo
FirewallXcIzp.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\Installer - see hereNo
cjbXcjb#.exeAdded by a variant of TROJ_AGENT.ALZE - where # represents a digit and the file is located in %ProgramFiles%\cjbNo
cjbXcjb.exeDetected by Trend Micro as TROJ_AGENT.ALZE. The file is located in %ProgramFiles%\cjbNo
BJ Status Monitor 522UCJSTR3G.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 530UCJSTR4B.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 550UCJSTR4Y.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 600UCJSTR5I.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Printer Status MonitorNCJSTSR.EXECanon BJ printer status monitorNo
CleverKeysUCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
CKAUCKA.exePart of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection aliveYes
SymKeepAliveUCKA.exePart of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection aliveYes
GameTrekkers EPM SupportUckmedint.exeGameTrekkers toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GameTrekkers_ck\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
startkeyXCKOTS.exeDetected by Sophos as Troj/Bifrose-HM and by Malwarebytes as Backdoor.BotNo
GameTrekkers Search Scope MonitorUcksrchmn.exeGameTrekkers toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GameTrekkers_ck\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
kamsoftXckvo.exeDetected by Sophos as Troj/Gamania-BW and by Malwarebytes as Trojan.AgentNo
Bench Settings CleanerUcl.exeDetected by Malwarebytes as PUP.Optional.Bench. The file is located in %ProgramFiles%\Bench\Proxy. If bundled with another installer or not installed by choice then remove itNo
Lenovo SettingsXclac.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.TWNo
[various names]Xclamav.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
RegistryUclass0117[random].exeBlackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install itNo
class454~@#Uclass454.exeXPSpy surveillance software. Uninstall this software unless you put it there yourselfNo
Classic ShellYClassicStartMenu.exeClassic Start Menu (part of Classic Shell by Ivo Beltchev) - "is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features"Yes
Classic Start MenuYClassicStartMenu.exeClassic Start Menu (part of Classic Shell by Ivo Beltchev) - "is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features"Yes
Clavier+UClavier.exeClavier+ allows you to "create keyboard shortcuts using almost any keys, including the Windows key"No
dimsdrtXclbcmf32.exeDetected by Malwarebytes as Spyware.Password. The file is located in %System%No
clcbt.exeXclcbt.exeDetected by Sophos as Troj/Agent-CBANo
CLCLUCLCL.exeCLCL clipboard caching utilityNo
clcl7Xclcl7.exeAdded by unidentified malware. The file is located in %System%No
XtremeXCLD.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\ADSLNo
CleeanXCleaan.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
SystemCleanerXClean2.exeDetected by Sophos as W32/Autorun-AZE and by Malwarebytes as Trojan.AgentNo
CleanEasyImg?cleanall.exeThe file is located in %Root%\apps\easydvd. What does it do and is it required?No
CleanatorXCleanator.exeCleanator rogue privacy program - not recommended, removal instructions hereNo
CleanCatchMainXCleanCatch.exeCleanCatch rogue security software - not recommended, removal instructions hereNo
cleancertXcleancert.exeCleancert rogue security software - not recommended, removal instructions hereNo
Windows SleepXCleaner.exeDetected by Malwarebytes as Trojan.Agent.BCM. The file is located in %AppData%No
PAL Evidence EliminatorNCleaner.exePAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis. No longer supported. Note the space at the beginning of the "Startup Item" fieldNo
MCleanerComXCleanerComLaunch.exeCleanerCom rogue security software - not recommended, removal instructions hereNo
cleanhtmXcleanhtm.exeDetected by Sophos as Troj/Mdrop-DPENo
cleanmanagerSXcleanmanagerU.exeCleanManager rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
Clean MgrXcleanmg.exeDetected by Trend Micro as BKDR_IRCBOT.BBO. The file is located in %System%No
winlogonXcleanmg.exeDetected by Sophos as Troj/Agent-ICR and by Malwarebytes as Trojan.Agent.TraceNo
DrWatsonXcleanmgr.exeDetected by McAfee as RDN/Generic BackDoor!uq and by Malwarebytes as Backdoor.Agent.ENo
Adobe UpdaterXcleanmod.exeDetected by Malwarebytes as Trojan.Agent. This file is located in %AppData%No
CleanRegPath?CleanReg.exeADSL modem related. What does it do and is it required?No
cleansweep.exeXcleansweep.exeDetected by Sophos as Troj/Agent-NEU and by Malwarebytes as Trojan.AgentNo
CleanTempUCleanTemp.exeCleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerNo
CleanTemp 1.5UCleanTemp.exeVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
UCS Clean TempUCleanTemp.exeVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
CleanTempUCLEANT~1.EXECleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerNo
CleanTemp 1.5UCLEANT~1.EXEVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
CleanUpYCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
CleanupProgram?cleanup.exeSony Vaio related - what does it do and is it required? Located in a C:\Sonysys folderNo
adi CleanUpYCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
CleanVMainXCleanV.exeCleanV rogue security software - not recommended, removal instructions hereNo
runXclean_service.cmdDetected by Symantec as W32.Refaz. This entry loads from the "run=" section of WIN.INI (in %Windir%) on Win9x/MeNo
Clear meter barUClear meter bar .exeClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUClear meter bar .exeClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
ArcadeMovieServiceNclear.fiMovieService.exePart of Acer Arcade Deluxe - a default program included with all Acer computers for media management. Movie service by CyberlinkNo
Clear2PCXClear2PCLaunch.exeClearPC rogue security software - not recommended, removal instructions hereNo
Internet Disk CleanerUClearHistory.exe"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
Internet Disk CleanerUCLEARH~1.EXE"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
Clear meter barUCLEARM~1.EXEClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"Yes
DesktopX WidgetUCLEARM~1.EXEClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"Yes
ClearProtectXClearProtect.exeClearProtect rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ClearProtect. The file is located in %ProgramFiles%\ClearProtectNo
ClearScreen PlayerUClearScreenPlayer.exeClearScreen Player offers seamless online video viewing directly on your desktop while working, browsing the Web or gaming. Detected by Malwarebytes as PUP.Optional.ClearScreenPlayer. The file is located in %ProgramFiles%\ClearScreenPlayer. If bundled with another installer or not installed by choice then remove itNo
ClearVaccineMainXClearVaccine.exeDetected by Malwarebytes as Rogue.ClearVaccine - not recommended. The file is located in %ProgramFiles%\ClearVaccineNo
H2OYcledx.exeRelated to copyright protection products by SyncroSoftNo
cleen.batXcleen.batDetected by Malwarebytes as Trojan.Background. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
GMX Clicktionary 2.8NCleverlearn Clicktionary.exeVersion of Clicktionary by Cleverlearn modified for German media firm GMX. "Clicktionary is your quick and dependable translation tool, power-packed with features designed to give you the results you need, while giving you the fun side of learning as well"No
nvsvca32Xclfmon.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
clfmonXclfmon.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
clfmon.exeXclfmon.exeDetected by Sophos as Troj/Agent-BJNo
SYSTEMYTXclfnom.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Outlook ExpressNo
SCSIXclhhnkfrd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\SCSISERNo
Microsoft Server ApplacationsXcli.exeDetected by Sophos as W32/Rbot-GAQNo
ATICCCNcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
ATI CATALYST System TrayNCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
cli64.exeXcli64.exeDetected by Dr.Web as Trojan.Inject1.31487 and by Malwarebytes as Trojan.VBInjectNo
Click.exeXClick.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.CLI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicronetXClick.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.CLINo
SlipStreamYclick21core.exeAcelerador Click21 customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Acelerador Click21Yclick21gui.exeAcelerador Click21 customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
VonageNclick2call.exeVonage "Click-2-Call" VoIP (Voice over Internet Protocol) telephone serviceNo
ClickMeNClickMe.exeClickM "JOKE" programNo
ClickoffUClickoff.exeClickoff automatically dismisses annoying dialog boxes. No longer supportedNo
Best Buy pc appNClickOnceSetup.exe"Best Buy pc app brings you the latest in digital software, games and services. Once it's installed, all you need to do is explore and select the applications you want from our large selection of continuously updated digital content"No
ClicktionaryNClicktionary.exeClicktionary by Cleverlearn - "is your quick and dependable translation tool, power-packed with features designed to give you the results you need, while giving you the fun side of learning as well"No
ClickTray CalendarNClickTray.exe"ClickTray Calendar is a user-friendly calendar, address, and reminder program that can be accessed quickly from the Windows system tray. You can create almost unlimited notes, enter repetitive tasks, create To Do lists, and set alarms. It also has a practical fiscal week or month picture display"Yes
clickvaccineusbXclickvaccineusb.exeClick Vaccine rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ClickVaccine. The file is located in %ProgramFiles%\clickvaccineNo
Express ClickYesUClickYes.exe"Express ClickYes is a tiny program that runs in the system tray and automatically clicks the Yes button for the Outlook security prompt, that asks you to confirm mail sending from third party applications or access to Outlook's address book"No
clicon-AgentUclicon.exeDetected by Malwarebytes as PUP.Optional.ClicOn. The file is located in %Temp%\clicon. If bundled with another installer or not installed by choice then remove itNo
CLICONFGXCLICONFG.EXEDetected by Trend Micro as WORM_OPASERV.TNo
Cli ConfgXcliconfig.exeAdded by a variant of W32.Spybot.Worm. The file is located in %System% - see hereNo
HahhhaXclient.exeDetected by McAfee as RDN/Generic.dx!d2j and by Malwarebytes as Backdoor.Agent.FNNo
JavaJDKXClient.exeDetected by Malwarebytes as Trojan.Agent.JVGen. The file is located in %AppData%\Microsoft - see hereNo
Lizard RatXclient.exeDetected by McAfee as RDN/Generic.dx!d2j and by Malwarebytes as Backdoor.Agent.FNNo
RocketTabUClient.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\RocketTab. If bundled with another installer or not installed by choice then remove itNo
RocketTabUClient.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\Search Extensions or %LocalAppData%\Search Extensions. If bundled with another installer or not installed by choice then remove itNo
StartupXClient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
Quasar Client StartupXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
Adobe Flash Player UpdateXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
Babylon RATXclient.exeDetected by Malwarebytes as Backdoor.BabylonRat. The file is located in %CommonAppData%\Babylon RAT - see hereNo
JavaUpdateXClient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
NetWeaveClientXClient.exeDetected by McAfee as Generic.tfr!x and by Malwarebytes as Trojan.AgentNo
NvidiaXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
DIAMOND Client StartupXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
DIAMOND Client StartupXClient.exeDetected by Malwarebytes as Backdoor.DiamondFox. The file is located in %System%\SubDirNo
svchost.exeXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
microXclient.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. The file is located in %CommonAppData%\microNo
intel graphicsXclient.exeDetected by Malwarebytes as Trojan.KeyLogger. The file is located in %CommonAppData%\intelNo
DigiGuideNclient.exeDigiguide for Windows - "The most comprehensive and powerful TV listings tool available. Digiguide for Windows is the TV guide of choice for the avid TV viewer or media professional who requires a technically superior and extensive TV listings research tool"No
DigiGuide TV GuideNClient.exeDigiguide for Windows - "The most comprehensive and powerful TV listings tool available. Digiguide for Windows is the TV guide of choice for the avid TV viewer or media professional who requires a technically superior and extensive TV listings research tool"No
zRAMserviceXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
Alpha Client StartupXClient.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %AppData%\SubDirNo
officeXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDir - see hereNo
QClient UpdateXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
NETXClient.exeDetected by Dr.Web as Trojan.DownLoader7.11513 and by Malwarebytes as Spyware.KeyLogger. The file is located in %AppData%\{Emissary}No
netXclient.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\emissaryNo
Client MonitorXclient.exeDetected by Sophos as Troj/Autoit-BNS and by Malwarebytes as Backdoor.LuminosityLink.GenericNo
Client.exeXClient.exeDetected by Malwarebytes as Backdoor.Agent.E.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Client.exeXClient.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry loads from HKLM\Run and HKCU\Run and the file is located in %Windir%No
WindowsXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
ClientHelperXclient.exeDetected by Malwarebytes as Worm.Rebhip. The file is located in %AppData%\HelpNo
WindowsXclient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\WindowsNo
Windows ClientXclient.exeDetected by Sophos as Troj/Backdr-AM and by Malwarebytes as Backdoor.BotNo
ClientStartupXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
GXLVEEXClient.exeDetected by McAfee as Ransom and by Malwarebytes as Backdoor.Agent.DCENo
Plese UpdateXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. The file is located in %System%\WindowNo
Client.jsXClient.jsDetected by Malwarebytes as Trojan.Agent.JS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Client.URLXClient.URLDetected by Malwarebytes as Backdoor.Agent.Trace.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Client.vbsXClient.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Comm64XClient64.exeDetected by Malwarebytes as Trojan.MSIL.SLS. The file is located in %UserTemp% - see hereNo
BufferZoneYCLIENTGUI.EXEBufferZone from Trustware - "is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"No
eSnipsUClientGW.exeClient Gateway for the now defunct eSnips - a "social content-sharing site, where you can publish and share any media type. You have practically unlimited flexibility in choosing what you want to share, and with whom, in 5GB of free space. eSnips is the one place where you can share anything you want, about any topic: your thoughts, your photos, your music, your videos, your flash files, stuff you find on the web, and many other media types"No
loadXclienthelp.exeDetected by Malwarebytes as Trojan.GameThief. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "clienthelp.exe" (which is located in %AppData%\Steam)No
clienthelp.exeXclienthelp.exeDetected by Malwarebytes as Trojan.GameThief. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXclienthost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "clienthost.exe" (which is located in %AppData%\Microsoft)No
svchostXClieT.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\SuDirNo
Clinet.exeXClinet.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
atigktxx_HostXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
atipblag_SystemXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
amdhwdecoder_InfoXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
clinicvaccineusbXclinicvaccineusb.exeClinic Engine rogue security software - not recommended, removal instructions hereNo
clipboard.exeXclipboard.exeAdded by unidentified malware. The file is located in %System%No
ClipSrvXCLIPBRD3D.EXEDetected by Sophos as W32/Mofei-DNo
clipdiaryUclipdiary.exeClipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"No
Clipmate6NClipMate.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'No
ClipMate7NClipMate.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'No
Clip Service ManagerXclipmg.exeDetected by Microsoft as Worm:Win32/Slenfbot.AAENo
ClipMate5NClipMt5#.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'. # represent a digit for the version numberNo
Clipmate6NClipMt6#.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'. # represent a digit for the version numberNo
ClipomaticNClipomatic.exeClipomatic by Mike Lin. Clipboard cache program "which remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data". No longer supportedNo
ClipSrvXclipserv.exeDetected by Sophos as W32/Sdbot-AAVNo
ClipSrvXclipservr.exeDetected by Sophos as W32/Sdbot-AFENo
ClipSrvXclipsrv.exeDetected by McAfee as Downloader-FIK and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %AppData%\MicrosoftNo
ClipSrvXclipsrv.exeDetected by McAfee as Downloader-FIK. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%No
ClipSrvXclipsrv.exeDetected by Dr.Web as Trojan.DownLoader17.42929 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%\MicrosoftNo
ClipSrvXclipsrv.exeDetected by Dr.Web as Trojan.DownLoader10.2122 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%\Microsoft\WindowsNo
clipsrvXclipsrv.exeDetected by McAfee as RDN/Generic.dx!eh. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %Windir%No
ClipSrvXclipsrv.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Clip ServicerXclipsrvc.exeAdded by a variant of W32.IRCBot. The file is located in %System% - see hereNo
Clip SrvXclipsv.exeDetected by Symantec as Backdoor.IRC.Bot. The file is located in %System% - see hereNo
ClipsvcXclipsv.exeDetected by Trend Micro as BLACKHOLE.F BACKDOOR!No
LocalSystemXclipsvr16.exeDetected by Symantec as Backdoor.FemoNo
LocalSystemXclipsvr32.exeDetected by Symantec as Backdoor.FemoNo
ClipTrak ProNClipTrak Pro.exeClipTrak - clipboard extender which allows easy access for later use with a cache which contains the most resent 100 clips you copied to the clipboard.No
ClipTrakNClipTrak.exeClipTrak - clipboard extender which allows easy access for later use with a cache which contains the most resent 100 clips you copied to the clipboard.No
ClipTrakkerNClipTrakker.exeCliptrakker clipboard extender. Now discontinuedNo
CLI ServicesXclisrv.exeDetected by Microsoft as Worm:Win32/Slenfbot.ABINo
ATICCCNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
Catalyst® Control Center LauncherNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
StartCCCNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
CLIStartNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
SMS Client ServiceUclisvc95.exeWhen the Systems Management Server (SMS) Client Service starts on a domain controller, it modifies the SMSCliToknAcct, user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)No
CLIVFRUCLIVFR.exePart of the Dell Latitude ON feature which "provides instant access or significantly improved access time to information. It provides much quicker access to customizable information and wireless connectivity without booting to the Windows operating environment. It uses a Linux based operating system that boots in seconds"No
algorithmXcllhost.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
cllmono.exeXcllmono.exeDetected by Malwarebytes as Trojan.Agent.TIB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CLMemoSysTray ApplicationNCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
CLMemoSysTrayNCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
CLMLServerUCLMLSvc.exeCyberLink MediaLibray Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CLMLServer for HP TouchSmartUCLMLSvc.exeCyberLink MediaLibray Service - included with the version of CyberLink's PowerCinema installed on the HP Touchsmart range of desktops and notebooks and used to manage the media libraries, providing advanced file search, browsing and tracking. Some report it uses excessive system and memory resourcesNo
CLMLSvcUCLMLSvc.exeCyberLink MediaLibray Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CyberLink MediaLibray ServiceUCLMLSvc.exeInstalled with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CLMLServer_For_P2G10UCLMLSvc_P2G10.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingYes
CyberLink MediaLibray ServiceUCLMLSvc_P2G10.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingYes
CLMLServer_For_P2G8UCLMLSvc_P2G8.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingNo
CLMLServer_For_P2G9UCLMLSvc_P2G9.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingNo
CLMFrontPanelUclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lostNo
Content List Management SubsystemXclmss.exeDetected by Sophos as W32/Spybot-ELNo
QuickInstallPackXCLN_2009FreeInstall.exeInstalled and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard CenterNo
PinYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to itNo
PinMcLnkYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to itNo
SetDefaultPrinterYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to it. In this instance the arguments are %System%\cmd.exe /c %Root%\hp\bin\defaultprinter\SetDefaultPrinter.cmdNo
Clock Widget (HTC Home)NClock.exeClock Widget from HTC Home - which is "a free set of widgets for Windows like on HTC Smartphones." The default installation includes the QuickShare ad-supported browser enhancement which can in turn install the Delta toolbarYes
Windows InsecureXClock.exeAdded by the SDBOT.GAV worm. The file is located in %System%No
147Xclock.pifDetected by Dr.Web as Trojan.MulDrop3.53831 and by Malwarebytes as Trojan.Agent.PFNo
AccessoriesPlusUclockplus.exePart of Accessories Plus by Simply Powerful Technologies - Clock Plus allows you to select from dozens of alternatives for the Windows clock. No longer availableNo
SkinClockUClockTraySkins.exeClock Tray Skins by Drive Software - "is the advanced replacement for standard Windows tray clock. See the time, seconds, day, date, percent of memory in use and system UpTime in different skins. Displays the time for any of the time zones"No
wiseXclockwise.exeDetected by Sophos as Troj/Lazar-ANo
ClockWiseUClockWise.exeClockWise by RJ Software - "Try this clock, time client, calendar, timer, stopwatch, dial-up network timer, scheduler, and reminder system. ClockWise can automate everything. ClockWise uses minimal resources and can schedule up to 200 separate events." No longer supportedNo
ClocXUClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms, etcNo
CloneCDNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsYes
CloneCD TrayNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsNo
CloneCDTrayNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsYes
[random]XCloud AV 2012v121.exeCloud AV 2012 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CloudAV2012No
Cloud Net - BetaXcloud.exeDetected by Dr.Web as Trojan.DownLoader9.29878 and by Malwarebytes as Trojan.Agent.BTCNo
CloudNetXcloudnet.exeDetected by Malwarebytes as RiskWare.BitCoinMiner. The file is located in %AppData%\EpicNet Inc\CloudNetNo
cloudpop_.exeXcloudpop_.exeDetected by Malwarebytes as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpopNo
CloudSystemBoosterNCloudSystemBooster.exeCloud System Booster cloud based optimization utility by Anvisoft - "Clean up system junk files, fix registry errors, repair browser problems, optimize your PC system to boost your PC Performance"No
cloverXclover.exeDetected by Kaspersky as AdWare.Win32.KSG.rr and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlusNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader7.20450 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\brainclan CPNo
clover_uXclover_updater.exeDetected by Kaspersky as AdWare.Win32.Agent.svv and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlusNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader6.2016 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\intothemap CPNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader7.4655 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\KoreaMessenger CPNo
ClownfishNClownfish.exeClownfish by Shark Labs - "is an online translator for all your outgoing messages in Skype. Now you could write in your native language and the recipient will receive the message translated to their language. There are different translation services you could choose from"No
WINCLPXclp.exeDetected by McAfee as RDN/PWS-Lineage!c and by Malwarebytes as Spyware.OnlineGamesNo
COMODOUCLPSLA.exePart of Comodo Group's livePCsupport and GeekBuddy remote support toolsNo
Comodo Launch Pad TrayUCLPTray.exeSystem Tray access to LaunchPad - as bundled with older versions of Comodo's free offerings such as Comodo Antivirus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see hereNo
CLPushUpdate?CLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
CyberLink Live?CLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
CyberLat Ram CleanerUCLRamCleaner.exeCyberLat RAM Cleaner - memory optimizer. No longer supported or available from the authorsNo
MSVersionXClrSchP038.exeDetected by Trend Micro as TROJ_POPMON.A - also known as PopMonster adwareNo
Windows System32Xclsas32.exeDetected by Sophos as W32/Rbot-AZONo
Windows System32 DriverXclsass32.exeDetected by Sophos as W32/Sdbot-AGGNo
clsavXclsav.exeDetected by Sophos as W32/Autorun-BTQNo
APVXDWINYClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
winsrvXclsnsv.exeDetected by Malwarebytes as Trojan.Korad. The file is located in %ProgramFiles%No
cls_pack.exeXcls_pack.exeDetected by Sophos as Troj/FakeAV-AQB and by Malwarebytes as Backdoor.BifroseNo
SearchProtectUcltmng.exeSearch Protect by Conduit Ltd - is a "free desktop application that saves your preferred browser settings so that they can't be changed by software you download from the Internet." Detected by Malwarebytes as PUP.Optional.ConduitSearchProtect. The file is located in %AppData%\SearchProtect\bin. If bundled with another installer or not installed by choice then remove itNo
SearchProtectAllUcltmng.exeSearch Protect by Conduit Ltd - is a "free desktop application that saves your preferred browser settings so that they can't be changed by software you download from the Internet." Detected by Malwarebytes as PUP.Optional.ConduitSearchProtect. The file is located in %ProgramFiles%\SearchProtect\bin. If bundled with another installer or not installed by choice then remove itNo
ClUpdateUClUpdate.exeAutomatic updates for the software supporting digital certificate USB keys based upon the Clauer Project developed by the Universitat Jaume I - such as Clau-ACCV and Clauer-idCATNo
ClauerUpdateUClUpdate.exeAutomatic updates for the software supporting digital certificate USB keys based upon the Clauer Project developed by the Universitat Jaume I - such as Clau-ACCV and Clauer-idCATNo
CleverKeysUClvrKeys.exeOlder version of CleverKeys - which "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
cLYIMk5F.exeXcLYIMk5F.exeDetected by McAfee as RDN/Generic Dropper!rl and by Malwarebytes as Trojan.Agent.RNSNo
Start RF Wireless MouseYcm20.exeWireless mouse driverNo
cmaUcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
Desksite CMAUcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
CyberMedia AgentNCMAGENT.EXEPart of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabledNo
MachineTestXCMagesta.exeDetected by Sophos as W32/Sdbot-NENo
CrawlerMailUcmail.exeEmail Notifier plugin for the Crawler Toolbar by Crawler, LLC - with which "you can access your email accounts with a single click, monitor multiple email accounts, receive notifications and previews of incoming messages, quickly compose new messages and much more..." The Crawler Toolbar is a web browser toolbar and Browser Helper Object for Internet Explorer which monitors and reports back web pages viewed to its remote servers and will modify the home and search assistant pages to redirect searches to Crawler web sites. The file is located in %ProgramFiles%\inbox. If bundled with another installer or not installed by choice then remove itNo
cnfgCavYCMain.exePart of an older version of Comodo AntivirusNo
Connection ManagerNCManager.exeSBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the serviceNo
CMAPPXcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!No
loadXcmd /c svchost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\svchost\svchost.exe"No
UpdateXcmd /c type [path] Update.txt |cmdDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %Temp%No
loadXcmd /c [path] .NET Framework.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\.NET Framework.exe"No
loadXcmd /c [path] avg.exeDetected by Malwarebytes as Backdoor.Agent.BP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %WinTemp%\bypass\avg.exe"No
loadXcmd /c [path] dllhost.exe;;Detected by Malwarebytes as Backdoor.Agent.DLH. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\Windows\dllhost.exe". Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserTemp%\WindowsNo
loadXcmd /c [path] file.exeDetected by Sophos as Troj/Nano-D and by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\FolderName\file.exe"No
loadXcmd /c [path] file.exeDetected by Sophos as Troj/Fareit-SL and by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\FolderName\file.exe"No
loadXcmd /c [path] NETFramework.exeDetected by Sophos as Troj/MSIL-EUU and by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\NETFramework.exe"No
LoadXcmd /c [path] netprotocol.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\ScreenToGif\netprotocol.exe"No
loadXcmd /c [path] scsiwind.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\scsiwind.exe"No
loadXcmd /c [path] Svchost.exeDetected by Malwarebytes as Backdoor.Agent.DCE. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Svchost.exe" (the legitimate svchost.exe process which is always located in %System%)No
loadXcmd /c [path] svchost.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Sys34\svchost.exe"No
loadXcmd /c [path] udpsv.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\udpsv.exe"No
loadXcmd /c [path] winrarDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\FolderName\winrar"No
loadXcmd /c [path] wpasv.exeDetected by Malwarebytes as Trojan.Dropper. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\wpasv.exe"No
loadXcmd /c [path] xpsrchw.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\xpsrchw.exe"No
Windows Console Microsoft MeditionXcmd.exeDetected by Dr.Web as Trojan.DownLoader11.5347 and by Malwarebytes as Trojan.Downloader.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
systeoXcmd.exeDetected by Dr.Web as Trojan.Siggen6.36149 and by Malwarebytes as Trojan.Agent.STMQQ. Note - this entry either replaces or loads the legitimate cmd.exe process which is always located in %System%. Which is the case is unknown at this timeNo
HKCUXcmd.exeDetected by McAfee as Generic.bfr!do and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
Command PromptXcmd.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%No
bXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
cmdXcmd.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%No
cmdXcmd.exeDetected by Malwarebytes as Spyware.Dyre. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %LocalAppData%No
Win32 ConsoleXcmd.exeDetected by Trend Micro as WORM_ABI.C. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
cmd.exeXcmd.exeDetected by Dr.Web as Trojan.DownLoad3.26379. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
cmd.exeXcmd.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Temp%No
cmd.exeXcmd.exeDetected by Dr.Web as Trojan.Siggen4.27324 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserProfile%\FavoritesNo
MqqZXcmd.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
GoogleUpdateXcmd.exeDetected by Malwarebytes as Trojan.Agent.IGen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %LocalAppData%No
hpcmdXcmd.exeDetected by Sophos as Troj/AdClick-DS. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in the "spool" sub-folderNo
eXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)No
HKLMXcmd.exeDetected by McAfee as Generic.bfr!do and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
aXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserProfile%\DesktopNo
cXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %MyDocuments%No
PanoramSho####Ucmd.exe /c del /q /f [path] [filename]Detected by Malwarebytes as PUP.Optional.ArcadeCandy.WnskRST - where # represents a digit. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The file is located in %LocalAppData%\PanoramSho#. If bundled with another installer or not installed by choice then remove itNo
isDeleteMeUcmd.exe /c isDel.batUsed by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product. The "isDel.bat" file is located in %WinTemp%No
Intel(R) Wireless Bluetooth(R)Xcmd.exe /C start /b "" [path] updater.exeDetected by Malwarebytes as Trojan.Injector.E. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "updater.exe" file is located in %AppData%No
FIX2-[6 letters]XCMD.EXE /C START wsmprovhost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "wsmprovhost.exe" file is located in %AppData% - see examples here and hereNo
CheckcpuXcmd.exe /c start [path] Cpufix.exeDetected by Trend Micro as WORM_RETADUP.D and by Malwarebytes as Worm.Agent.E.Generic. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "Cpufix.exe" file is located in %Root%\newcpuspeedNo
WMSDOS-ServicePack2Xcmd.exe /c [path] WMSDOS.sysDetected by BitDefender as Trojan.Downloader.Delf.OFC. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted. The file is located in %Root% - see hereNo
Sistema OperacionalXcmd.exe [path] aaa.batDetected by Symantec as Trojan.Banker.I and by Malwarebytes as Trojan.Banker. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aaa.bat" file is located in %Temp%No
asodakaossdXcmd.exe [path] aiaksfoiaksjsof.vbsDetected by McAfee as RDN/Ransom!ee and by Malwarebytes as Trojan.Agent.MNR. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aiaksfoiaksjsof.vbs" file is located in %AppData%No
asodkaosdXcmd.exe [path] aiksfoiakjsof.vbsDetected by McAfee as RDN/Ransom!ee and by Malwarebytes as Trojan.Agent.MNR. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aiksfoiakjsof.vbs" file is located in %AppData%No
AMD AVT?Cmd.exe [path] kdbsync.exeRelated to AMD's Accelerated Video Transcoding (AVT) architecture which helps speed up video conversations. "AVT is a combination of hardware and low level software to convert H.264 and MPEG-2 video sources, up to 1080p resolution, to H.264 MPEG-2 file format to fit the target device supported resolutions and bitrates, up to 1080p resolution" - read more in this PDFNo
Dynamic Dns BinaryXcmd16.exeDetected by Sophos as W32/Rbot-XM and by Malwarebytes as Trojan.AgentNo
Configuration LoaderXcmd32.exeDetected by Symantec as Backdoor.Sdbot and by Malwarebytes as Backdoor.BotNo
Ass and tittiesXCMD32.EXEAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
HKCUXcmd32.exeDetected by McAfee as Generic.tfr!cd and by Malwarebytes as Backdoor.HMCPol.GenNo
CMDXcmd32.exeDetected by Bitdefender as Win32.P2P.Tanked.BNo
cmd32Xcmd32.exeDetected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Backdoor.PoisonIvy. The file is located in %System%No
cmd32Xcmd32.exeDetected by McAfee as Generic.tfr!cd. The file is located in %System%\InstallDirNo
loadXcmd32.exeDetected by McAfee as Generic.tfr!cd. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cmd32.exe" (which is located in %System%\InstallDir) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKLMXcmd32.exeDetected by McAfee as Generic.tfr!cd and by Malwarebytes as Backdoor.HMCPol.GenNo
ControlPanelXcmd32.exe internat.dll,LoadKeyboardProfileDetected by Sophos as Troj/Dloader-HF. Note - the "cmd32.exe" file is located in %System%No
cmd64Xcmd64.exeCoolWebSearch Msconfd parasite variantNo
HKCUXcmdagent.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32No
system managementXcmdagent.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %Templates%No
PoliciesXcmdagent.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Sys32No
HKLMXcmdagent.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32No
ComodoBackupUCmdBackUp.exe"Comodo Backup is a powerful and easy to use desktop application that helps home and business users protect their valuable data against damage or loss"No
cmdbcsXcmdbcs.exeDetected by Sophos as Troj/Lineag-GKWNo
CmdconXcmdcon.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
TrueMobile 1150 Client ManagerYcmdel.exeClient Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"No
CMDHostXCMDHost#.exeDetected by Malwarebytes as Backdoor.Agent.Gen - where # represents a digit and the file is located in %AppData%No
win32Xcmdhost32.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Windir%No
cmdl32Xcmdl32.exeDetected by Kaspersky as Trojan.Win32.Buzus.hgva. The file is located in %Windir% - see hereNo
cmdl32.exeXcmdl32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
accw0866Xcmdl_950.exeDetected by Malwarebytes as Trojan.Ursnif. The file is located in %System%No
relinsonXcmdno.exeDetected by Sophos as Troj/Dropper-PSNo
cmdpri.exeXcmdpri.exeDetected by Dr.Web as Trojan.DownLoader9.25289 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Cinnabd Prompt32XCmdPrompt32.pifDetected by Sophos as W32/Assiral-BNo
Command Prompt32XCmdPrompt32.pifDetected by Symantec as W32.Assiral.B@mmNo
mctatendXcmdrcfg.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cmdsXcmds.exeDetected by McAfee as GenericR-CRI and by Malwarebytes as Trojan.Agent.WNSGenNo
MyLifeXCmdServ.exeDetected by Trend Micro as WORM_HOLAR.ANo
CmdShell.exeXCmdShell.exeDetected by Sophos as Troj/Bckdr-QHYNo
WCMDXcmdwin32.exeDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.DCENo
MsgSvcMgr32Xcmdzxdll.exeDetected by Sophos as W32/Rbot-AEKNo
Check MessengerUcmesseng.EXECheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in businessNo
COMODO Memory FirewallYcmf.exe"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack." Now discontinuedNo
CMFibulaXCMFibula.exeAdded by a variant of Adware.CasinoClient. The file is located in %ProgramFiles%\CMFibulaNo
CmFlywaveNameNCmFlywav.exeDriver for the Linksys WMB54G Wireless-G Music BridgeNo
CMGrdianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
McAfee GuardianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
GuardianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
CMGShieldUIUCMGShieldUI.exeUI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDsNo
Microsft Security Monitor ProcessXcmh.exeDetected by Kaspersky as Backdoor.Win32.EggDrop.v. The file is located in %Windir%No
ORiNOCOUCmluc.exeClient Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI cardNo
sysupdateXcmman32.exeAdded by the VB.AMX trojan. The file is located in %System%No
Microsoft Connection Manager MonitorXcmmon.pifDetected by Sophos as W32/Rbot-AKVNo
msysXcmmon32.exeDetected by Kaspersky as AdWare.Win32.BHO.dzd. The file is located in %Windir%No
HKCUXcmmon32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
cmmon32.exeXcmmon32.exeDetected by Dr.Web as Trojan.Inject1.13506 and by Malwarebytes as Trojan.InjectNo
Cmmon32SysXcmmon32.exeDetected by Sophos as Troj/Clicker-INo
PoliciesXcmmon32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXcmmon32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
AXcmmon32.exeDetected by McAfee as RDN/Generic BackDoor!vf and by Malwarebytes as Backdoor.Agent.RAGenNo
cmmonw32Xcmmonw32Detected by Dr.Web as Trojan.Siggen4.26128No
asr_otokXcmmoosk.exeDetected by Malwarebytes as Trojan.Backdoor.SK. The file is located in %System%No
runNcmmpu.exeMIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI). Note - this entry loads via "run" section of WIN.INI on operating systems prior to Windows NT and the file is located in %System%No
Windows Disk ManagerXcmnvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.JRNo
[various names]Xcmon14.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DC300 MonitorUcmonitor.exeAcer DC300 digital camera monitorNo
CMPDPSRVUCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printersNo
cmrsfXcmrsf.exeDetected by Sophos as Troj/Delf-HUNo
cmrstXcmrst.exeDetected by Symantec as Infostealer.Bancos.SNo
CMSRegOu?CMSRegOu.exeInstalled with the Creative MediaSource player/organizer. What does it do and is it required?No
Microsoft System32 UpdateXcmsrg.exeDetected by Sophos as W32/Rbot-GNNo
Subsystem MonitorXcmsrm.exeDetected by Dr.Web as Trojan.Siggen1.54194 and by Malwarebytes as Trojan.Agent.SBMNo
Ethernet DriverXcmsrrs.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.AVKill.22183 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\GoogleUpdaterNo
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.AVKill.15254 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\JavaUpdaterNo
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.DownLoader7.21665 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\WinAppsNo
cmssXcmss.exeDetected by Kaspersky as Trojan.Win32.Agent2.eko. The file is located in %Temp%No
MicrosofUpdateXcmss.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\ConfigSysNo
Microsoft UpdateXcmss.exeDetected by Sophos as W32/Rbot-ATQ and by Malwarebytes as Backdoor.BotNo
SystemControlerXcmss.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.GenNo
Windows CMS ProtocolXcmss.exeDetected by Sophos as W32/Rbot-BFTNo
Microsofts UpdatezXcmsssr.exeAdded by unidentified malware. The file is located in %System%No
CmSTPXcmstp.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate cmstp.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
CamtasiaXcmstudio.exe.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not a legitimate entry for Camtasia Studio from TechSmith and the file is located in %AppData%\MicrosoftNo
CMSystemXCMSystem.exeAdded by a variant of Adware.CasinoClient. The file is located in %ProgramFiles%\CMSystemNo
Cmt101Xcmt101.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
CmUCRRun?CmUCReye.exeRelated to devices by Medion Display. What does it do and is it required?No
cmutilXcmutil.exeDetected by Sophos as Troj/Agent-DFNNo
CMWorkstationUcmwkse.exeCyber Monitor 2004 by Enter - "professional billing, monitoring and management system for Internet cafes, libraries, schools, hotels and other institutions that provide computers for public use"No
Cmx32Xcmx32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
WindowsUpdateXcmxmg.bat wwupt.uoiDetected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\xltbmNo
Windows System FileXcmxp.exeDetected by Symantec as W32.Spybot.KHONo
cmzo.exeXcmzo.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
CNAP2 LauncherUCNAP2LAK.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
[blank]XCNBabe.exeCommonName/Agent search hijacker - see the archived version of Andrew Clover's page. Note - has a blank entry under the Startup Item/Name field and the file is located in %ProgramFiles%\CommonName\Browser AgentNo
Microsoft Driver SetupXcndrive32.exeDetected by Malwarebytes as Worm.Palevo. The file is located in %Windir% - see hereNo
nClientXcnen.exeDetected by Sophos as W32/Delbot-ALNo
UpdateComponentXcnf upd.exeDetected by McAfee as W32/Spybot.worm.gen.aNo
runXcnf.batDetected by Symantec as W32.Remabl.Worm. This entry loads from the "run=" section of WIN.INI (in %Windir%) on Win9x/Me and the "cnf.bat" file is located in %Windir%No
shambl3rXcnf.batDetected by Symantec as W32.Remabl.WormNo
Configuration ManagerXCnfgldr.exeDetected by Symantec as Backdoor.SdbotNo
Cnfrm32Xcnfrm.exeDetected by Symantec as W32.Mimail.D@mmNo
Cn323Xcnfrm33.exeDetected by Symantec as W32.Mimail.G@mm and by Malwarebytes as Worm.AgentNo
[various names]Xcnftips.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
CnminerXCNminer.exeDetected by Dr.Web as Trojan.BtcMine.737 and by Malwarebytes as Trojan.BitCoinMinerNo
IJNetworkScanUtilityUCNMNSUT.EXENetwork utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computerNo
BJ Status Monitor Canon i250Ucnmss Canon i250 (Local).exeCanon i250 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i320Ucnmss Canon i320 (Local).exeCanon i320 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i455Ucnmss Canon i455 (Local).exeCanon i455 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i470DUcnmss Canon i470D (Local).exeCanon i470D printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i550Ucnmss Canon i550 (Local).exeCanon i550 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i560Ucnmss Canon i560 (Local).exeCanon i560 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i850Ucnmss Canon i850 (Local).exeCanon i850 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i860Ucnmss Canon i860 (Local).exeCanon i860 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i865Ucnmss Canon i865 (Local).exeCanon i865 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i950Ucnmss Canon i950 (Local).exeCanon i950 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i9900Ucnmss Canon i9900 (Local).exeCanon i9900 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP110 Series PrinterUcnmss Canon MP110 Series Printer (Local).exeCanon MP110 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP130 Series PrinterUcnmss Canon MP130 Series Printer (Local).exeCanon MP130 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP360 Series PrinterUcnmss Canon MP360 Series Printer (Local).exeCanon MP360 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP390 Series PrinterUcnmss Canon MP390 Series Printer (Local).exeCanon MP390 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP700 PrinterUcnmss Canon MP700 Printer (Local).exeCanon MP700 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP730 PrinterUcnmss Canon MP730 Printer (Local).exeCanon MP730 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP1000Ucnmss Canon PIXMA iP1000 (Local).exeCanon PIXMA iP1000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP1500Ucnmss Canon PIXMA iP1500 (Local).exeCanon PIXMA iP1500 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP2000Ucnmss Canon PIXMA iP2000 (Local).exeCanon PIXMA iP2000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP3000Ucnmss Canon PIXMA iP3000 (Local).exeCanon PIXMA iP3000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP4000Ucnmss Canon PIXMA iP4000 (Local).exeCanon PIXMA iP4000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP6000DUcnmss Canon PIXMA iP6000D (Local).exeCanon PIXMA iP6000D printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP8500Ucnmss Canon PIXMA iP8500 (Local).exeCanon PIXMA iP8500 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon BJC-2000Ucnmss1u.exeCanon BJC-2000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon BJC-2100Ucnmss2f.exeCanon BJC-2100 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S400Ucnmss2p.exeCanon S400 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S600Ucnmss2v.exeCanon S600 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S300Ucnmss38.exeCanon S300 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S100Ucnmss3a.exeCanon S100 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S100SPUcnmss3c.exeCanon S100SP printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S9000Ucnmss3i.exeCanon S9000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S520Ucnmss3m.exeCanon S520 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S750Ucnmss3q.exeCanon S750 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S200SPUcnmss3y.exeCanon S200SP printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S330Ucnmss45.exeCanon S330 printer status monitor - for monitoring printer status, checking ink levels, etcNo
Microsoft Synchronization ManagerXcnnet.exeDetected by Microsoft as Backdoor:Win32/Sdbot.NL and by Malwarebytes as Backdoor.BotNo
CrawlerNotesUcnotes.exeDesktop Notes plugin for the Crawler Toolbar by Crawler, LLC - "With Crawler Notes you can create your own virtual message board right at your desktop and online to help you remember important tasks." The Crawler Toolbar is a web browser toolbar and Browser Helper Object for Internet Explorer which monitors and reports back web pages viewed to its remote servers and will modify the home and search assistant pages to redirect searches to Crawler web sites. The file is located in %ProgramFiles%\inbox\notes. If bundled with another installer or not installed by choice then remove itNo
Mspatch89Xcnqmax.exeDetected by Symantec as W32.Randex.PNo
Canon Quick MenuNCNQMMAIN.EXECanon Quick Menu "is a utility software that allows you to easily start the applications and manuals that are supplied with your printer and also quickly access online product information"Yes
CanonQuickMenuNCNQMMAIN.EXECanon Quick Menu "is a utility software that allows you to easily start the applications and manuals that are supplied with your printer and also quickly access online product information"Yes
CanonSolutionMenuExUCNSEMAIN.EXECanon Solution Menu EX (now replaced by Quick Menu) "immediately starts the manuals or application software that allows you to print album or calendar easily, or scan photos and documents. It is a convenient control centre for your printer, scanner or All-In-One"No
b5700x driveXcnssr.exeDetected by Sophos as Troj/Maha-TNo
System Failure StatisticXcnstat.exeDetected by Sophos as W32/Rbot-LFNo
PoliciesXcnthost.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\WinbootsNo
Protection CenterXcntprot.exeProtection Center rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ProtectionCenterNo
CnwiDeviceAgentUcnwida.exeCanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
GARO Status MonitorUcnwism.exeCanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
CnxDslTaskBarNCnxDslTb.exeConexant DSL Taskbar as used on their AccessRunner ADSL modem and others such as the Samsung AHT-E310, ZTE ZXDSL852 and TeleWell EA100BNo
WooCnxMonNCnxMon.exeWanadoo (which was rebranded as Orange and is now part of EE) broadband ISP relatedNo
ledpointerUCNYHKey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
OSDToolUCNYHKEY.exeOSD (on-screen-display) LED indicator for supported HP (Chicony) keyboardsNo
CNYHKeyUCNYHKey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
LaunchHPOSIAPPUCNYHKEY.exeOSD (on-screen-display) LED indicator for supported HP (Chicony) keyboardsNo
Windows Service AgentXco0l.exeDetected by Sophos as W32/Rbot-GQY and by Malwarebytes as Backdoor.BotNo
ActiveXXcoast.exeDetected by McAfee as RDN/Generic.dx!dfh and by Malwarebytes as Backdoor.Agent.IDF. The file is located in %AppData%\AnglenoisNo
ActiveXXcoast.exeDetected by McAfee as RDN/Generic PWS.y!b2y and by Malwarebytes as Backdoor.Agent.IDF. The file is located in %AppData%\WindowsDirNo
coayaoXcoayao.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %UserProfile%No
CobBUUCobBU.exeCobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian BackupUCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 6UCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 7UCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 7 ApplicationUCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
CobianUCobian.exeCobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP/2K/NT). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredNo
Cobian Backup 10UCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 8UCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 9UCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup AmanitaUCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup Black MoonUCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup BoletusUCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
cobodorewamsXcobodorewams.exeDetected by Dr.Web as BackDoor.Bulknet.1351 and by Malwarebytes as Trojan.Agent.USNo
Cobian Backup 7 InterfaceUcobui.exeSystem Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup Interface 6Ucobui.exeSystem Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
cobuiUcobui.exeSystem Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
VirusXCOD4.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%No
DiskstartXCode.exeStartportal - Switch dialer and hijacker variant, see here. Also detected by Sophos as Troj/Delf-JENo
ShellXCodeBlocks.exeDetected by Malwarebytes as Trojan.PasswordStealer.CB. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "CodeBlocks.exe" (which is located in %AppData%\CodeBlocks and is not the legitimate Code::Blocks executable of the same name which is normally located in %ProgramFiles%\CodeBlocks)No
Video CodecXcodec.exeDetected by Malwarebytes as Trojan.BitCoinMiner. The file is located in %AppData%\[username]No
Video CodecXcodec.exeDetected by Malwarebytes as RiskWare.Agent.E. The file is located in %AppData%\CodecNo
VideoCodecXCodec.exeDetected by McAfee as RDN/Generic.dx!cpm and by Malwarebytes as Backdoor.Agent.ENo
codecdirectx.exeXcodecdirectx.exeDetected by Sophos as Troj/Banloa-AZYNo
CodecPackerXCodecPacker.exeDetected by McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Messa.ENo
System ServiceXcoderxt.exeDetected by Sophos as W32/Rbot-ALDNo
CodeScanMainXCodeScan.exeCodeScan rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CodeScan. The file is located in %ProgramFiles%\CodeScanNo
CodeSecureMainXCodeSecure.exeCodeSecure rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CodeSecure. The file is located in %ProgramFiles%\CodeSecureNo
CodeSecurityMainXCodeSecurity.exeCodeSecurity rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CodeSecurity. The file is located in %ProgramFiles%\CodeSecurityNo
DivxXcodll.exeDetected by Sophos as Troj/Gravebot-ANo
Compd Service DrivrsXcodq.exeAdded by a variant of W32/Sdbot.wormNo
COD_CheatsXCOD_Cheats.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AllUsersProfile%No
COEMsgDisplay?COEMsgDisplay.exePart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
xcrxXCoffin Of Evil.exeDetected by McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%No
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%No
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdtNo
xcrxXCoffin Of Evil.exeDetected by McAfee as BackDoor-EDP. The file is located in %System%\fdNo
xcrxXCoffin Of Evil.exeDetected by Malwarebytes as Trojan.Inject.DF. The file is located in %System%\hiNo
xcrxXCoffin Of Evil.exeDetected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\MicrosoftNo
xcrxXCoffin Of Evil.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %System%\sohaibNo
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectoryNo
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%No
XCRX7OOXCoffin Of Evil.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.COENo
xdocxXCoffin Of Evil.exeDetected by McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%No
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%No
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdtNo
xdocxXCoffin Of Evil.exeDetected by McAfee as BackDoor-EDP. The file is located in %System%\fdNo
xdocxXCoffin Of Evil.exeDetected by Malwarebytes as Trojan.Inject.DF. The file is located in %System%\hiNo
xdocxXCoffin Of Evil.exeDetected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\MicrosoftNo
xdocxXCoffin Of Evil.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %System%\sohaibNo
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectoryNo
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%No
XDOCXIOUXCoffin Of Evil.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.COENo
xcrxccXCoffin Of Evile.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%\winupdadNo
xdocxccXCoffin Of Evile.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%\winupdadNo
cogofhibracoXcogofhibraco.exeDetected by McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.USNo
cogotfycykmeXcogotfycykme.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
safe360Xcoiome.exeDetected by Dr.Web as Win32.HLLW.Lime.1014 and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sebsbvxNo
safe360Xcoiome.exeDetected by Sophos as Mal/FtpBot-A and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvxNo
safe360Xcoiome.exeDetected by Dr.Web as Trojan.StartPage.52312 and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvyNo
safe360Xcoiome.exeDetected by Dr.Web as Trojan.StartPage.46605 and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sgcscvyNo
UserinitXcologsver.exeDetected by Trend Micro as TROJ_DROPPER.DJO and by Malwarebytes as Trojan.AgentNo
WINLOADERXCOLOR.EXEDetected by Malwarebytes as Trojan.Agent.CL. The file is located in %System%No
colorcplXcolorcpl.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
msCZ7XXcolorcplpbc.comDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserProfile%No
WCOLOREALUcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
colorealUcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
ColtsScreenServerUColtsScreenServer.exeScreensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
ColtsScreenServerSvcUColtsScreenServer.exeScreensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
Wind0ws Ser7ice AgentXcolwindos.exeDetected by Sophos as W32/Rbot-GQONo
COM SurrogateXCOM SurrogateDetected by Malwarebytes as Backdoor.Agent.IMN. The file is located in %AppData%\SurrogateNo
COM SurrogateXCOM Surrogate.exeDetected by Malwarebytes as Backdoor.Agent.TRJE. The file is located in %AppData%No
CLSIDXcom.exeNowOnline - Switch dialer and hijacker variant, see hereNo
COM_LOADERXCOM7.EXEDetected by McAfee as RDN/Ransom!cd and by Malwarebytes as Ransom.FileLockerNo
ComAgentXComAgent.exeDetected by McAfee as RDN/Generic.hra and by Malwarebytes as Trojan.Agent.CMA. The file is located in %AppData%\IdentitiesNo
ComAgentXComAgent.exeDetected by Malwarebytes as Trojan.Agent.EDAI. The file is located in %AppData%\Macromedia\Flash Player\#SharedObjects\868AM9W9\static.bisrv.com\js\libsNo
ComAgentNComAgent.exeComAgent - MDaemon's instant messaging client - located in %ProgramFiles%\Alt-N Technologies\ComAgentNo
ComAgentXComAgent.exeDetected by McAfee as RDN/Generic.hra and by Malwarebytes as Trojan.Agent.CMA. The file is located in %ProgramFiles%\MSN\MSNCoreFiles\Markets\150No
comandaXcomanda.exeDetected by McAfee as RDN/Generic PWS.y!wj and by Malwarebytes as Backdoor.Agent.ENo
comandoXcomando.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %LocalAppData%No
combo.exeXcombo.exeDetected by Sophos as Troj/Chimo-CNo
MaxtorComboYComboButton.exeRequired to be able to use the Maxtor OneTouch button on your external Maxtor (now Seagate) hard drive. It is used to start up backup software (Dantz Retrospect)No
combop.exeXcombop.exeDetected by Sophos as Troj/Bowfeed-ANo
comcfgXcomcfg.exeDetected by Trend Micro as BKDR_TOADCOM.ANo
windowsXcomdlg32.exeDetected by McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.FRKNo
NB Common Dialog EnhancementsNCOMDLGEX.EXEPart of the old McAfee Utilities and Nuts & Bolts utility suites. With Common Dialog Enhancements, you can add MRU (Most Recently Used) list box to open dialogsNo
[random]Xcomhost.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\comhost - see an example hereNo
comhost.exeXcomhost.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%No
loadXcomhost.exeDetected by Dr.Web as Trojan.Siggen.65314 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "comhost.exe" (which is located in %Root%\GraphicsDriver)No
Windows COM HostXcomhost.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Dr.Web as Trojan.Siggen.65314 and by Malwarebytes as Trojan.Agent. The file is located in %Root%\GraphicsDriver. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
comic.exeXcomic.exeDetected by Sophos as Troj/AutoIt-AYP and by Malwarebytes as Trojan.Agent.MDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
comime.exeXcomime.exeDetected by Dr.Web as Trojan.DownLoader11.24286 and by Malwarebytes as Trojan.Tibia. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
mssysintXcomime.exeDetected by Sophos as Troj/Netsnake-INo
MSIME32Xcomime.exeDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %CommonAppData%No
cimoneXcomine.exeDetected by Trend Micro as TROJ_VB.FPW and by Malwarebytes as Worm.AutoRunNo
comineXcomine.exeDetected by Dr.Web as BackDoor.Adupe.3 and by Malwarebytes as Trojan.Agent.CMNo
comineXcomine.exeDetected by McAfee as RDN/Generic PWS.y!xc and by Malwarebytes as Trojan.Agent.CMNo
WindowsXcomine.exeDetected by Dr.Web as Trojan.StartPage.45589 and by Malwarebytes as Spyware.PasswordNo
p2snetisXcomippwa.exeDetected by Sophos as Troj/SpamToo-ALNo
TimerXcomm.exeDetected by Sophos as Troj/Bdoor-IPNo
PgzuwhzfnXcomma.exeDetected by Sophos as Troj/Agent-QTHNo
skypecmdXcommadcom.exeDetected by McAfee as RDN/PWS-Banker!dr and by Malwarebytes as Trojan.Banker.CMDNo
ComManagerXComManager.exeDetected by Malwarebytes as Backdoor.Agent.WS. The file is located in %AppData%\bitcoinMNo
Command & Conquer 3 Kane's Wrath Speed game.exeXCommand & Conquer 3 Kane's Wrath Speed game.exeDetected by Malwarebytes as Trojan.MSIL.UL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ashiyaneXcommand.batDetected by Dr.Web as Trojan.Siggen5.59284 and by Malwarebytes as Trojan.AgentNo
COMMANDXcommand.exeDetected by Symantec as Trojan.PWS.QQPass.ENo
WinProfileXCommand.exeDetected by Trend Micro as TROJ_BUDDY.ENo
Messenger6Xcommand.pifDetected by Symantec as W32.Inzae.B@mmNo
Win CommandXcommand32.exeDetected by Trend Micro as WORM_AGOBOT.XQNo
candyXcommand32.exeDetected by Sophos as W32/Rbot-LVNo
IomegaWareNCommander.exePart of IomegaWare by Iomega (now LenovoEMC) for use with their range of external drives. "IomegaWare provides integrated features that will help you find, format, protect, manage and change settings on your Iomega drives"No
System FirewallsXcommandprompt32.exeDetected by Trend Micro as WORM_RBOT.BJTNo
zBrowser LauncherUCommandr.EXEFor a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have themNo
Browser LauncherUCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keysNo
CommCtrNcommctr.exe"Net2Phone CommCenter® is software that allows you to make phone calls and send faxes to anywhere in the world"No
Windows Common Files ManagerXCommgr.exeDetected by Microsoft as Win32/Wecykler and by Malwarebytes as Trojan.AgentNo
Comm DriverXcommh32.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this is not the legitimate older G Data "PC Spion" PC monitoring and surveillance software which is typically located in %System%. This one is located in %ProgramFiles%\Java\jre6\lib\deployNo
Comm DriverXcommh32.exeDetected by Malwarebytes as Trojan.Bitcoin. Note - this is not the legitimate older G Data "PC Spion" PC monitoring and surveillance software which is typically located in %System%. This one is located in %ProgramFiles%\Java\jre6\lib\imNo
Comm DriverUcommh32.exeG Data "PC Spion" PC monitoring and surveillance software - no longer available. Captures all users activity on the PC, see here. Disable/remove it if you didn't install it yourself!No
Windows Hijack Protection SystemXcommngr.exeAdded by a variant of Troj/Agent-FYD. The file is located in %System%\ComNo
printer spoolerXcommonaccess.exeDetected by Sophos as Troj/Delf-LBNo
LogitechYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
Communications_HelperYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
Communications_Helper.exeYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
LogitechCommunicationsManagerYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
CommunicatorYCommunicator.exeMicrosoft Office Communicator - an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video. Now replaced by Microsoft LyncNo
Windows Hijack ProtectionXcomngr.exeDetected by Sophos as Troj/Agent-FYDNo
HKLMSKPYEXcomode.exeDetected by McAfee as RDN/Generic BackDoor!tx and by Malwarebytes as Backdoor.Agent.HKPGenNo
HKCUSKPYPEXcomode.exeDetected by McAfee as RDN/Generic BackDoor!tx and by Malwarebytes as Backdoor.Agent.HKPGenNo
ComodoXComodo.exeDetected by McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.Agent.CM. Note - this is not a valid entry for Comodo security productsNo
Team ViewerXComodo.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a valid entry for either the TeamViewer remote support tool or Comodo security products. The file is located in %UserTemp%No
PandaXComodo.exeDetected by McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.Agent.CM. Note - this is not a valid entry for either Panda Security or Comodo security productsNo
comoBossUcomowin.exeDetected by Malwarebytes as PUP.Optional.Caster. The file is located in %ProgramFiles%\comoBoss. If bundled with another installer or not installed by choice then remove itNo
AutoXComp.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\GoogleNo
mplaartsXcompager.exeDetected by Malwarebytes as Trojan.Inject.VB. The file is located in %System%No
AOL CompanionUcompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
Companion ModuleUcompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
Compaq ConnectionsNCompaq Connections.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
Compaq Message ServerNCOMPAQ-RBA.EXEWorks with the CPQBootPerfDB (CPQBootPerfDB.exe) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problems. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Compaq Service DriversXcompaq.exeDetected by Sophos as W32/Sdbot-AFU and by Malwarebytes as Backdoor.IRCBotNo
IPOT Service DriversXcompaq.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Nvt32Xcomplaint_7251.exeDetected by Trend Micro as TROJ_ARTIEF.BNo
IComplementoXComplement.exeDetected by McAfee as Generic.dx!uiz and by Malwarebytes as Trojan.AgentNo
COM+ ManagerXcomplmgr.exeDetected by McAfee as Generic.dx!uem and by Malwarebytes as Trojan.AgentNo
componentewindows.exeXcomponentewindows.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonFiles%No
Compaq Service DriversXcompq.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Compaq Service Drivers 32Xcompq32.exeAdded by a variant of W32/Sdbot.wormNo
Compaq Service DriversXcompqs.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Compaqs Service DriversXcompqs.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
ComproRemoteUComproRemote.exeCompro VideoMate TV tuner and capture card - remote control driverNo
ComproSchedulerDTVUComproSchedulerDTV.exeCompro VideoMate TV tuner and capture card - schedulerNo
Comprovante-empresarial_20-11-2013.cplXComprovante-empresarial_20-11-2013.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
Comprovante-empresarial_21-11-2013.cplXComprovante-empresarial_21-11-2013.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
Comprovante.exeXComprovante.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
loadXcomprovante.pngDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "comprovante.png" (which is located in %LocalAppData%\Microsoft\Windows)No
comPrt.vbsXcomPrt.vbsDetected by Microsoft as TrojanDownloader:Win32/Tembatch.A and by Malwarebytes as Banker.Trace. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Service DriversXCompt.exeDetected by Sophos as W32/Rbot-ZJNo
Geography TX 1.0 NTXCompuSpeed.vbsDetected by Sophos as VBS/Newley-ANo
Geography TX 1.0 XPXCompuSpeed.vbsDetected by Sophos as VBS/Newley-ANo
CompuSpyUCompuSpy.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
esetXcomputer.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %AppData%\pdfNo
ComputerXcomputer.exeDetected by Malwarebytes as Trojan.Agent.CP. The file is located in %AppData%\System or %AppData%\System\[folder]No
COMPUTERBILD Vorteil-CenterNCOMPUTERBILD Vorteil-Center.exeTranslation: COMPUTERBILD Vorteil-Center (COMPUTERBILD Advantage-Center) "keeps you informed about offers and voucher promotions for hardware, software, movies and audio books to date. Once interesting bargains arrive, appear on your desktop a notice with additional information"No
Computer UpdaterNComputerUp-dater.ExeComputer Updater by SafeApp Software, LLC - "scans your computer and displays a list of programs that have Available Updates. You can then choose which updates you want to install"No
ComputerZ-TrayUComputerZTray.exeDetected by Malwarebytes as PUP.Optional.Ludashi. The file is located in %ProgramFiles%\LuDaShi. If bundled with another installer or not installed by choice then remove itNo
CompanionWizardXcompwiz.exeWinAntiVirus Pro 2007 rogue security software (and possibly others) - not recommended. The file is located in %CommonFiles%\Companion WizardNo
Comrade.exeNComrade.exeGameSpy Comrade is a first next-generation community gaming application. It is about an instant messaging program exclusive for gamers where you can know where are your friends playing and join them with a click. It has support for 60 games, automatic updates, and statistics. GameSpy is no longer availableNo
Microsft Corporation Version 2001.12.4414Xcomrel.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
ComReplXcomrepl.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate comrepl.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
comsafeguardXcomsafeguard.exeDetected by Malwarebytes as Rogue.ComSafeGuard. The file is located in %ProgramFiles%\comsafeguardNo
Microsft Corporation Version 2002.12.2414Xcomserv.exeAdded by the BUZUS.CL TROJAN!No
COMSMDEXENcomsmd.exeTray icon for 3Com 3C9xx series of network cards for easy diagnostics of the network cardsNo
COMServerXcomsrvr.exeDetected by McAfee as Generic BackDoor.wi and by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
COMServerXcomsrvr.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.cwsw and by Malwarebytes as Trojan.Downloader. The file is located in %System%\msappsNo
AudiagerXcomsscli.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Meeting ConnectionXcomsutil.exeDetected by Sophos as Troj/PPdoor-ENo
HwpUpdateXComsvc.exeDetected by Symantec as Trojan.NavedriNo
SMSERIALWORKSTARTERXcomsysobj.exeDetected by McAfee as FakeAlert-AH. The file is located in %Windir%. Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
comreplXcomuser.exeDetected by Malwarebytes as Trojan.Banker.USR. The file is located in %AppData%\ComNo
comxtXcomxt.exeDetected by Symantec as Trojan.ComxtNo
mlibsysmcXcomzcinc.exeDetected by Sophos as W32/Sdbot-CXSNo
conadvancedUconadvanced.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
ConnectionCenterUconcentr.exeCitrix online plug-in Connection Center - part of the Citrix ICA Client. Used to provide secure remote access and included with products such as XenApp and Receiver - and the older Presentation Server Client and Citrix online plug-inNo
Concurre?concurre.exeThe file is located in %System%. What does it do and is it required?No
Zekio StartupsXcondll.exeDetected by Sophos as W32/Agobot-AGDNo
Google ChormsXconf.exeDetected by McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Banker.ENo
Microsoft Firewall Settings LoaderXconf32.exeDetected by Sophos as W32/Sdbot-KMNo
CUCore Agent?ConfAgent.exePart of Radivision's "Click to Meet" video conferencing client - now part of Avaya and superseded by Scopia XT Video ConferencingNo
Configuration LoaderXconfgldr.exeDetected by Symantec as W32.Gaobot.gen!poly and by Malwarebytes as Backdoor.BotNo
ConfHostXconfhost.exeDetected by McAfee as PWS-Spyeye.q and by Malwarebytes as Trojan.PasswordStealerNo
AolConXconfig.comDetected by Symantec as W32.HLLW.TaplakNo
Microsoft Office Data EnergineXconfig.exeDetected by Dr.Web as Trojan.Siggen6.1488 and by Malwarebytes as Backdoor.Agent.ENo
system32Xconfig.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\system64No
Media SDKXconfig.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\configurationNo
WindowsDefenderXconfig.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\system (10/8/7/Vista) or %AllUsersProfile%\Start Menu\systemNo
Microsoft WindowsXconfig.exeDetected by Dr.Web as Trojan.Inject1.43389 and by Malwarebytes as Trojan.Agent.ENo
Configuration UtilityNCONFIG.EXEConfiguration and management utility for Linksys wireless productsNo
systemsXconfig.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\systemNo
winlogonXconfig.exeDetected by Microsoft as Backdoor:Win32/Lybsus.B and by Malwarebytes as Trojan.Agent.TraceNo
Microsoft_WindowsXconfig.exeDetected by Dr.Web as Trojan.Inject1.43389 and by Malwarebytes as Trojan.Agent.ENo
ConfigXCONFIG.EXEDetected by Trend Micro as TROJ_PSWGIP.B. The file is located in %Windir%No
config.exeXconfig.exeDetected by Malwarebytes as Trojan.Agent.WSG. The file is located in %AppData%No
Windows Service LayerXconfig.exeDetected by Trend Micro as WORM_RBOT.DDJNo
config.exeXconfig.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Zbot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WelcomeXCONFIG.EXEDetected by Trend Micro as TROJ_PSWGIP.BNo
ConfigServicesNConfig.exePart of initial setup on a Compaq PCNo
Microsoft Config FileXconfig.exeDetected by Malwarebytes as Trojan.Agent.KL. The file is located in %Root%No
Windows Config SystemXconfig.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
config.jsonXconfig.jsonDetected by Malwarebytes as Trojan.Agent.Script.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Config33.exeXConfig33.exeDetected by Trend Micro as BKDR_SDBOT.TNo
SystemServiceXconfigdll.exeDetected by McAfee as RDN/Generic.dx!d2e and by Malwarebytes as Backdoor.Agent.ADBNo
SERVICESSXconfigdll.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\tmpsysNo
Configuration LoaderXconfigldr.exeDetected by Sophos as W32/Agobot-PP and by Malwarebytes as Backdoor.BotNo
Update32Xconfigs.exeInstalled with an adult content hijacker which is detected by McAfee as QUrl-2. This file is located in %Windir%No
cmd32Xconfigs.exeAdult content hijacker - detected by McAfee as QUrl-2No
configsetupXconfigsetup32.exeDetected by Sophos as W32/Agobot-AFPNo
SYSTEMOSRUNXconfigsys.exeDetected by Malwarebytes as Trojan.Agent.RNS. The file is located in %Root%No
Palm MultiUser Config?Configtool.exeMultiUser configuration for a Palm PDA device? Is it required?No
Skype UpdateXconfigupdate.xeDetected by Dr.Web as Trojan.Siggen.65244No
Skype UpdateXconfigupdate.xeDetected by Dr.Web as Trojan.Siggen.65244 and by Malwarebytes as Malware.Packer.nps. Note - this is not a legitimate entry for the popular Skype VOIP softwareNo
configurationXconfiguration.exeDetected by Kaspersky as Trojan-Clicker.Win32.AutoIt.m and by Malwarebytes as Worm.AutoIt.Gen. The file is located in %Windir%\configurationNo
Windows Services LayerXconfigure.exeDetected by Sophos as W32/Rbot-GAKNo
ConfigUtilityUConfigUtility.exeWireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, IncNo
ExplorerXconfig_.comDetected by Sophos as W32/Floppy-D and by Malwarebytes as Trojan.AgentNo
Explorer5Xconfig_.comDetected by Trend Micro as WORM_VB.CBGNo
ConfirmXConfirmed.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger.MSIL. The file is located in %UserProfile%\Desktop - see hereNo
GearboxNconfsvr.exeNTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard. No longer applicable as NTLWorld has long since changed to Virgin MediaNo
Configuration Loader 2Xconfuldr.exeDetected by Sophos as W32/Agobot-FCNo
Real Updates DownloaderXconhost.exeDetected by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\RealNetworkNo
csrssbackupXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\System32No
RealLuncherXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
StikyNotesXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %UserProfile%No
Indesing MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
Windows system processXconhost.exeDetected by Dr.Web as Trojan.DownLoader10.30234 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in a "Windows" sub-folderNo
WindowsUpdateXconhost.exeDetected by Malwarebytes as Backdoor.Agent.E.Generic. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
conHostXconHost.exeDetected by Dr.Web as Trojan.DownLoader7.673 and by Malwarebytes as Backdoor.CycBot.Gen. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
conhostXconhost.exeDetected by Dr.Web as Trojan.KillFiles.11627 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\AcrobatNo
conhostXconhost.exeDetected by McAfee as BackDoor-EXI.gen.e and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
conHostXconHost.exeDetected by Dr.Web as Trojan.Click2.28205. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %LocalAppData%No
conhostXconhost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %ProgramFiles%\conhostNo
conhost.exeXconhost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\conhostNo
conhost.exeXconhost.exeDetected by Malwarebytes as Trojan.Agent.CNH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Java UpdaterXconhost.exeDetected by Symantec as Trojan.Melongad and by Malwarebytes as Backdoor.CycBot. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
AVIXconhost.exeDetected by McAfee as RDN/Generic.dx!crj and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Windir%\conhosNo
WinGat.iniXconhost.exeDetected by Malwarebytes as Trojan.Dropper.E. Note - this entry loads from the Windows Startup folder and the file is located in %MyDocuments% and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%No
UpdateXconhost.exeDetected by Trend Micro as TSPY_BAMKRO.C and by Malwarebytes as Trojan.ZBAgent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft\RealNo
UpdateXconhost.exeDetected by Sophos as Troj/MSIL-ADZ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %UserProfile%No
Window ManagerXconhost.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\AdobeNo
*Indesing MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
Windows HD UpdateXconhost.exeDetected by Dr.Web as Trojan.DownLoader10.30266 and by Malwarebytes as Backdoor.Agent.FL. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
Console HostXconhost.exeDetected by Malwarebytes as Backdoor.Agent.CH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Mozilla PluginsNo
Console Protect ServiceXconhost.exeDetected by Dr.Web as Trojan.DownLoader11.60034 and by Malwarebytes as Trojan.Agent.CPS. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft\ProtectNo
Console Window HostXconhost.exeDetected by Kaspersky as Trojan.Win32.Llac.smv and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
Console Window HostXconhost.exeDetected by Dr.Web as Trojan.MulDrop3.53785 and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\ConsoleNo
loadXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "conhost.exe" (which is located in %AppData%\Microsoft and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%)No
Console Window HostXconhost.exeDetected by Dr.Web as Trojan.DownLoader4.34032 and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Console Window HostNo
Console Windows hostXconhost.exeDetected by Malwarebytes as Backdoor.CycBot. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
WINCONHOSTXconhost.exeDetected by McAfee as RDN/Generic.dx!crj and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Windir%\conhosNo
Windows Host AppXconhost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Windows Host AppNo
*Oracle MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
DirectXXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Templates%No
Local Name ServiceXconhost.exeDetected by Malwarebytes as Trojan.Agent.LM. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
svchostXconhost.exeDetected by McAfee as BackDoor-EXI.gen.e and by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
svchostXconhost.exeDetected by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\updateNo
GoogleUpdaterXconhost.exeDetected by Malwarebytes as Trojan.Agent.BTMGen. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Temp%No
SunInteractiveXconhost.exeDetected by Malwarebytes as Backdoor.DarkComet.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\WindowsNo
AppleXconhost.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
Adobe UpdaterXconhost.exeDetected by Malwarebytes as Trojan.Agent.RND. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Adobe\Flash - see hereNo
Oracle MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
DefenderXconhost.exe settings.batDetected by Dr.Web as Trojan.Siggen6.25 and by Malwarebytes as Backdoor.Agent.ENo
conhost.lnkXconhost.lnkDetected by Dr.Web as Trojan.Siggen3.30349 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
conhost.vbsXconhost.vbsDetected by Malwarebytes as Trojan.Agent.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svchost86x.sysXconhost41.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp% - see hereNo
conhost86Xconhost86.exeDetected by McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.ENo
SteamsClientXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %AppData%No
SteamWevXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %Templates%No
SteamxXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %Templates%No
SteamXconhosts.exeDetected by Malwarebytes as Trojan.Agent.TPL. The file is located in %Templates%No
Steam ApplicationXconhosts.exeDetected by Malwarebytes as Trojan.Agent.TPL. The file is located in %Templates%No
SteamClientXconhosts.exeDetected by Dr.Web as Trojan.Inject2.27896 and by Malwarebytes as Trojan.Agent.TPLNo
conhstXconhst.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.CNHNo
Input ManagerXconima.exeDetected by Sophos as Troj/VB-FIS and by Malwarebytes as Backdoor.AgentNo
taskdayXconime.exeDetected by Sophos as Troj/Comame-E and by Malwarebytes as Trojan.Agent.CN. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%\tasksNo
System32Xconime.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %CommonFiles%No
ServiceEXEXconime.exeDetected by Symantec as Backdoor.Vasport and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %AppData%No
conimeUconime.exeMicrosoft Console IME process which is located in %System% and is used when an Asian language is used in Windows. Not required if you don't use Asian languages. Note - if you also have the files "bfghost.exe" and "editmm.exe" present on your system this file can be used by the BFGhost 1.0 Remote Administration Tool trojanNo
conimeXconime.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %UserTemp% and is not the legitimate Console IME process which is located in %System%No
conime.exeXconime.exeDetected by Dr.Web as Trojan.DownLoader9.58726 and by Malwarebytes as Trojan.Agent.SVC. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
conime.exeXconime.exeDetected by Symantec as W32.Avendog. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in WindowsNo
ExplorerRunXconime.exeDetected by Trend Micro as TROJ_PROXY.ABL and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %UserTemp%No
hdaudioTreiberXconime.exeDetected by Dr.Web as Trojan.Inject.12640 and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %LocalAppData%No
IMEXconime.exeDetected by Sophos as Troj/Dldr-G. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%No
LOCALHOSTXconime.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.CNM. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%No
Connection KeeperUConKeepM.exe"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"No
allkeeperXconlhost.exeDetected by Malwarebytes as Ransom.7ev3n. The file is located in %Root%\Users\PublicNo
ConMgrNConMgr.exeBluetooth Audio Configuration Monitor - part of "Bluetooth Feature Pack 5.0" from CSR (who are now part of Qualcomm Technologies)No
ConMgr.exeUconmgr.exeConnection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcutNo
Sistema de CommXconmsyrtl.exeDetected by Sophos as Troj/Agent-LMV and by Malwarebytes as Backdoor.IRCBotNo
Service aresXconmysys.exeDetected by Sophos as W32/VBInj-V and by Malwarebytes as Trojan.AgentNo
Cisco WebEx ConnectUconnect.exeCisco WebEx web conferencing - "combines desktop sharing through a web browser with phone conferencing and video, so everyone sees the same thing while you talk"No
Sametime ConnectUConnect.exeIBM Sametime - instant messaging and Web conferencing software. Formerly by LotusNo
Belkin Home Base Control CenterUConnect.exeControl Center for the Belkin Home Base network USB hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this wayYes
Belkin Network USB Hub Control CenterUConnect.exeControl Center for the Belkin Network USB Hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this wayYes
SX Virtual LinkUConnect.exeSX Virtual Link from Silex Technology America, Inc. Utility to connect USB devicesNo
Connect2PartyXConnect2Party.exeAdult content dialler - detected by Symantec as Dialer.ConnectPartyNo
connectaperXconnectaper.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Clicker.GenNo
CONNECTAUTrayAppNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
Sony Auto Update Tray ApplicationNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
ConnectifyUConnectify.exe"Connectify Hotspot is an easy to use software router for Windows computers that utilizes your PC's built in Wi-Fi card to wirelessly share any available Internet connection with friends, co-workers, and mobile devices"No
Connectify HotspotUConnectify.exe"Connectify Hotspot is an easy to use software router for Windows computers that utilizes your PC's built in Wi-Fi card to wirelessly share any available Internet connection with friends, co-workers, and mobile devices"No
SBC Yahoo! Connection ManagerNConnectionManager.exeUsed to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connectionNo
CONNECTAuto UpdateNCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
CONNECTSchedulerNCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
CONNECTAUTrayAppNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
NcrfgXconost.exeDetected by Malwarebytes as Backdoor.Agent.NG. The file is located in %System%No
conostXconost.exeDetected by Trend Micro as TROJ_DROPER.RENo
conmswfXconrnbne.exeDetected by Sophos as W32/Sdbot-DEXNo
conscorrXconscorr.exeDetected by Trend Micro as TROJ_DELF.DWNo
AuthdlerXconscsvc.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
ConsXconsol32.exeHijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installedNo
CommonXconsole.exeDetected by Microsoft as Trojan:Win32/Gitwen.ANo
ShellXconsolehost.exe,explorer.exeDetected by Dr.Web as Trojan.Inject1.46212 and by Malwarebytes as Trojan.Agent.CNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "consolehost.exe" (which is located in %AppData%\Microsoft\Windows)No
ConsoleLaunchXConsoleLaunch.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.GenNo
systrasxXCONSOLES.EXEDetected by Sophos as W32/Sdbot-NWNo
ConsoleWindows.exeXConsoleWindows.exeDetected by McAfee as RDN/Generic Dropper!qg and by Malwarebytes as Backdoor.Agent.ENo
Consumer InputUConsumerInput.exeConsumer Input online research software "which anonymously records your Internet browsing behavior." Detected by Malwarebytes as PUP.Optional.ConsumerInput. The file is located in %ProgramFiles%\Consumer Input. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Consumer Input Rewarded with MyPoints, Consumer InputUConsumerInputRewardedwithMyPoints,ConsumerInput.exeConsumer Input online research software "which anonymously records your Internet browsing behavior." Detected by Malwarebytes as PUP.Optional.ConsumerInput. The file is located in %ProgramFiles%\Consumer Input Rewarded with MyPoints, Consumer Input. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Consumer Input Rewarded with MyPoints, Consumer Input UpdateUConsumerInputRewardedwithMyPoints,ConsumerInputUa.exeConsumer Input online research software "which anonymously records your Internet browsing behavior." Detected by Malwarebytes as PUP.Optional.ConsumerInput. The file is located in %ProgramFiles%\Consumer Input Rewarded with MyPoints, Consumer Input. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Consumer Input UpdateUConsumerInputUa.exeConsumer Input online research software "which anonymously records your Internet browsing behavior." Detected by Malwarebytes as PUP.Optional.ConsumerInput. The file is located in %ProgramFiles%\Consumer Input. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
contactierUcontactier.exe"Working with Contactier provides you with the ability to automatically synchronize all the contacts from all major social networks and to be sure that your contacts are identical and fits other users which has your details inside its address books." Detected by Malwarebytes as PUP.Optional.Contactier. The file is located in %LocalAppData%\contactier.com\contactier\Application\[version]. If bundled with another installer or not installed by choice then remove itNo
ContentExplorerUContentExplorer.exe"Content Explorer is a free, ad-supported utility that makes searching and discovering information easy. Highlight any word or phrase with your mouse and Content Explorer will provide you with immediate access to Wikipedia and other popular sites to give you all the information you need on the word you highlighted." Detected by Malwarebytes as PUP.Optional.ContentExplorer. The file is located in %AppData%\ContentExplorer. If bundled with another installer or not installed by choice then remove itNo
ContentMergerNContentMerger10.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - used to merge any content from a previous version of these tools with the new versionNo
ContentMergerNContentMerger11.exePart of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - used to merge any content from a previous version of these tools with the new versionNo
ContentTransferWMDetector.exeUContentTransferWMDetector.exePart of Sony's Content Transfer Software which "provides an easy way to transfer music, video, photos, and podcasts to the Walkman® playerNo
contextfrUcontextfr.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
contextprodUcontextprod.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
ContraviroXContraviro.exeContraviro rogue security software - not recommended, removal instructions hereNo
ContraVirusXContraVirus.exeContraVirus rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ContraVirus. The file is located in %ProgramFiles%\ContraVirusNo
ContraVirusXContraVirusPro.exeContraVirus rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ContraVirus. The file is located in %ProgramFiles%\ContraVirusNo
googleXcontray.exeDetected by Sophos as Troj/Plugx-P and by Malwarebytes as Backdoor.Agent.CTRNo
NETGEAR USB Control CenterYControl Center.exeNETGEAR USB Control Center utility which automatically manages the printing queue and handling for USB printers connected to supported Netgear routers on PCs running the ReadySHARE USB Printer softwareNo
Hawking UDS Control CenterUControl Center.exeAssociated with Hawking Technologies, Inc wireless products. The file is located in %ProgramFiles%\Hawking\Control CenterNo
WinJavaUpdateXcontrol.cplDetected by McAfee as Generic.dx!uanNo
Parent ControlXcontrol.exeDetected by Malwarebytes as Trojan.Agent.DLK. The file is located in %AppData%No
Windows ControlXControl.exeDetected by Trend Micro as TROJ_GREK.A. If there is another file with the same file name in the Windows folder, this malware overwrites it with the dropped fileNo
Windows UpdatesXcontrol.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\dataNo
SandboxieControlUControl.exe"SandBoxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer"No
StartControlXcontrol.exeDetected by Malwarebytes as Trojan.Agent.DLK. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%No
j6GgCXwtFMXcontrol.exe [path] j6ggcxwtfm.cplDetected by Microsoft as Trojan:Win32/Sefnit.K. The "j6ggcxwtfm.cpl" file is located in %ProgramFiles%\anouicgfwkkv1vNo
[various names]Xcontrol64.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ControlCenterXControlCenter.exeDetected by Dr.Web as Trojan.AVKill.29329 and by Malwarebytes as Trojan.MSILNo
WSEP Status+ConfigurationUcontroldGUI.exeUser interface for the WatchGuard Security Event Processor (WSEP) Status/Configuration dialog box associated with the Firebox series of security products from WatchguardNo
controlini700res.exeXcontrolini700res.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters]No
controlkidsYcontrolkids.exeControl Kids parental control systemNo
Windows Update ControllerXcontroller.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Controller CompanionYControllerCompanion.exeSteam Controller Companion - "Navigate your PC desktop with a controller! Put mouse, media and keyboard control in the palms of your hands so you'll never have to leave the couch again!"No
ControlUser.exeXControlUser.exeDetected by Malwarebytes as Password.Stealer. The file is located in %AppData%\MDEN - see hereNo
ControlUser.exeXControlUser.exeDetected by Malwarebytes as Password.Stealer. The file is located in %LocalAppData%\JHNTKK - see hereNo
jCwkyOG/u32AguVkUQ==Xconvert.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\MalwarebytesNo
QA6XM3H2LQXConverterdll.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
converx6Xconverx6.exeDetected by Malwarebytes as Trojan.Korad. The file is located in %AppData%\converx6No
CookieJarUCookiejar.exeCookie Jar cookie manager from Jason's Toolbox - "lets you keep the cookies you want and delete the cookies you don't want. Simply sort cookies into Allowed and Banned (or Undecided) jars. Cookie Jar can then be set to run when Windows starts up and delete all Banned and/or Undecided cookies, leaving the Allowed ones alone." No longer availableNo
CookiePatrolYCookiePatrol.exeMemory-resident spyware cookie detector - part of the original anti-malware program by PestPatrol, Inc. Acquired by CA where it became eTrust PestPatrol Anti-Spyware and then CA Anti-Spyware - which is now included in CA AntiVirus PlusYes
cookwXcookw.exePart of the ErrClean rogue system error and cleaning utility - not recommended. See hereNo
Microsoft System CheckupXCool.exeDetected by Symantec as W32.HLLW.Donk.B and by Malwarebytes as Backdoor.Agent.MSUGenNo
NT Logging ServiceXcool.exeDetected by Sophos as W32/Sdbot-OONo
HELLBOT3Xcoolbot.exeDetected by Trend Micro as WORM_MYTOB.ABNo
NortonXcoolbrogameya.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
CoolStartUpXCoolGramS.exeDetected by McAfee as Generic.bfr!epNo
CoolMonUCoolMon.exeCoolMon by The CoolMon Project - "will display system information in a small configurable window. Most of the application`s data is retrieved from the Windows performance counters." No longer supportedNo
HP CoolSenseUCoolSense.exeSupports the HP CoolSense Technology feature in some HP notebook PCs "that combines hardware, software, and mechanical design to dynamically manage the temperature of a notebook, and help keep you comfortable while using it"No
SlipStreamYcooptel_acccore.exeAccélérateur CoopTel customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Accélérateur CoopTelYcooptel_accgui.exeAccélérateur CoopTel customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Copernic Desktop Search 4NCopernic.DesktopSearch.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
Copernic Desktop SearchNCopernicDesktopSearch.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
(Aqu? el nombre enelXcopiado.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%No
copied.vbeXcopied.vbeDetected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
copied.vbsXcopied.vbsDetected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
hpilezeleXcoposu.exeDetected by Trend Micro as WORM_SDBOT.ASUNo
SlipStreamYcoppercore.exeCopper HiSpeed customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Copper HiSpeedYcoppergui.exeCopper HiSpeed customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Compaq Service DrivrsXcopq.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
coprofitUcoprofit_stb.exe /run config.jsonDetected by Malwarebytes as PUP.Optional.Coupruon. Both files are located in %LocalAppData%\coprofit. If bundled with another installer or not installed by choice then remove itNo
CS UpdateXcopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllDetected by Microsoft as Trojan:Win32/Adclicker.AJNo
Copy handlerUCopy Handler.exeCopy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processesNo
WinShowUpdateXcopy winshow.new winshow.dllWinshow parasite related - which is a pop-up opener and homepage/search hijacker implemented as a Browser Helper Object (BHO), related to CoolWebSearch. Uses the HKLM\RunOnce key to replace "winshow.dll" with a new version - both files are located in %AppData%\winshow. Archived version of Andrew Clover's original descriptionNo
LiveUpdateNCopyer.exeUpdater for SAMSUNG PC Studio - a free PC software product that allows you to connect your mobile device to a PC and access mobile content as if the device and the PC were one. This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etcNo
copyexXcopyex.exeDetected by Sophos as Troj/DwnLdr-IUD and by Malwarebytes as Worm.AutoRunNo
Resume CopyUcopyfstq.exePart of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that functionNo
Compaqs Service DriverXcopypad32.exeDetected by Trend Micro as WORM_SDBOT.CSONo
CP?CopyProtectionNotifier.exeRelated to Emuzed advanced multimedia products (now part of Aricent - included with Windows XP Media EditionNo
Movie maquer_appXCopyright.exeDetected by Dr.Web as Trojan.Siggen3.59650 and by Malwarebytes as Backdoor.Agent.ENo
Core CalendarUCore Calendar.exeCore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUCore Calendar.exeCore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
Core ClockUCore Clock.exeCore Clock widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Clock.exe loads a file called "DXWidget.exe" and exitsNo
Core TempUCore Temp.exe"Core Temp is a compact, no fuss, small footprint program to monitor CPU temperatureNo
Core WeatherUCore Weather.exeCore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUCore Weather.exeCore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
DriverXcore.exeDetected by Malwarebytes as Trojan.PasswordStealer.E.Generic. The file is located in %AppData%\systemNo
EA CoreNCore.exeElectronic Arts "EA Link" software (now superseded by Origin) - which "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"No
System CoreXcore.exeDetected by Malwarebytes as Trojan.PasswordStealer.E.Generic. The file is located in %AppData%\systemNo
core32x86.exeXcore32x86.exeDetected by Malwarebytes as Trojan.Filecoder. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Core CalendarUCORECA~1.EXECore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"Yes
DesktopX WidgetUCORECA~1.EXECore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"Yes
CoreCenterUCoreCenter.exeMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
PoliciesXcoredx10.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
Coreguard Antivirus 2009XCoreguard 2009.exeCoreguard Antivirus 2009 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CoreguardAV. The file is located in %ProgramFiles%\Coreguard Antivirus 2009No
AVGUARDSHEDULERXcorehelper.exeDetected by McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Trojan.Agent.LAVONo
CorelCreatorClientNCorelCreatorClient.exePart of Corel® PDF Fusion™ - "an all-in-one PDF creator that lets you assemble, edit and create PDFs"No
CorelD.vbeXCorelD.vbeDetected by Malwarebytes as Backdoor.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CorelDraw ToolboxXCorelDraw.exeDetected by Sophos as W32/Sdbot-VZNo
Corel File Shell Monitor?CorelIOMonitor.exeInstalled with Corel media related software such as PaintShop Photo Pro, MediaOne and Photo Album. What does it do and is it required?No
corelname.vbsXcorelname.vbsDetected by Malwarebytes as Trojan.Agent.VB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CoresXCores.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
CoreScanMainXCoreScan.exeCoreScan rogue security software - not recommended, removal instructions hereNo
CoreSecureMainXCoreSecure.exeCoreSecure rogue security software - not recommended, removal instructions hereNo
File SanitizerUCoreShredder.exeFile Sanitizer feature of HP ProtectTools which "makes it easy to remove files that could be used to identify, contact or locate users. Choose manual or scheduled sanitizing, multiple levels of security and ensure free space is completely clear"No
CoreSrvXCORESRV.EXEAdded by unidentified malware - see here. The file is located in %ProgramFiles%\ACCESS~1\EXPL32No
CORESYSXCORESRV.EXEAdded by unidentified malware - see here. The file is located in %ProgramFiles%\ACCESS~1\EXPL32No
CoreTempAppXCoreTempApp.exeDetected by Malwarebytes as Adware.HPDefender. The file is located in %AppData%\CoreTempAppNo
Core WeatherUCOREWE~1.EXECore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"Yes
DesktopX WidgetUCOREWE~1.EXECore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"Yes
Core - To-Do ListUCore_ToDoList.exeCore - To-Do List widget for the DesktopX desktop utility from Stardock Corporation. Adds a "to do" task list on the desktop. Once started, Core_ToDoList.exe loads a file called "DXWidget.exe" and exitsNo
PC-Config32Xcorona.exeDetected by Sophos as W32/Coronex-ANo
[various names]Xcorrida.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
SLL2Xcorrupt.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
Corsair Utility EngineUCorsairHID.exeCorsair Utility Engine gaming software - with which "you get to use options like configure both the lighting portions of your keyboard and mouse as well as create powerful actions such as double macros, re-mappable key assignments, timer countdowns, dpi adjustments, and more"No
Corsair LINK 4UCorsairLink4.exeSystem Tray access to and notifications for version 4 of the Corsair Link monitoring/control utility - which can be used to monitor/control Corsair hardware (such as AIO water coolers, PSUs, etc) and monitor system hardware (temperatures, voltages, fan speeds, etc)Yes
CorsairLink4UCorsairLink4.exeSystem Tray access to and notifications for version 4 of the Corsair Link monitoring/control utility - which can be used to monitor/control Corsair hardware (such as AIO water coolers, PSUs, etc) and monitor system hardware (temperatures, voltages, fan speeds, etc)Yes
HKCUXcortex.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXcortex.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXcortex.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXcosa.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
PoliciesXcosa.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\installNo
HKLMXcosa.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
COSUCOSCLIENT.exeSystem Tray access to the Comodo Cloud backup utility - which provides "secure and reliable online storage for home and business users"No
cosineXcosine.exeDetected by Sophos as W32/Rbot-SWNo
Google UpdaterXcouleur.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Google UpdaterNo
1DECHryGWxXCouplex.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Browser ExtensionsUCouponsHelper.exeDetected by Malwarebytes as PUP.Optional.Spigot. The file is located in %AppData%\BrowserExtensions. If bundled with another installer or not installed by choice then remove itNo
cours-socio-2eme-annee.exeXcours-socio-2eme-annee.exeDetected by Dr.Web as Trojan.Siggen5.30319 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
courtsXcourts1.exeDetected by McAfee as PWS-Zbot-FBBE!5623A1E2E3E3 and by Malwarebytes as Trojan.Agent.CRENo
ActiveX UpdateXCouU.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp% - see hereNo
CowboysScreenServerUCowboysScreenServer.exeScreensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
CowboysScreenServerSvcUCowboysScreenServer.exeScreensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
Sistema de CommXcoxdsyrtl.exeDetected by Sophos as Troj/Agent-NDQ and by Malwarebytes as Backdoor.IRCBotNo
(Default)XCoyFilel.exeDetected by Malwarebytes as Trojan.GamesThief. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
QuicktlmeXcp.exeQuickPage - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ANo
Nu11ers3tXCp1.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.45783 and by Malwarebytes as Worm.AutoRun.ENo
CP32NOTUCP32BTN.EXEFor the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttonsNo
CP888M1NCP888M1.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPA9P2PSERVER?CPA9P2PS.exeFound on a Compaq Presario but what is it?No
Verizon Control PadNcpad.exeControl Pad - installed with Verizon Online ISP accounts. Tool designed to streamline the online experienceNo
Topic cPanrXcPaner.comDetected by Trend Micro as WORM_SDBOT.AJP. The file is located in %System%No
CPATR10UCPATR10.EXEDritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and ConstrastNo
Cookie PalUCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer supportedNo
CPBrWtchUCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer supportedNo
Clean PC MaxUcpcmhelper.exeClean PC Max by ConsumerSoft "is the ultimate tool for cleaning your PC. It removes junk and temp files, protects your privacy, and helps your PC run faster and cleaner. Plus, Clean PC Max is easy to use, fast, and free! Clean PC Max will put you in control and clean your hard drive, optimize settings, and help you remove unwanted extras." Detected by Malwarebytes as PUP.Optional.CleanPCMax. The file is located in %ProgramFiles%\ConsumerSoft\Clean PC Max. If bundled with another installer or not installed by choice then remove itNo
CPCmscl0ckXCPCmsclock.ExEDetected by Trend Micro as TROJ_IRCFLOOD.BFNo
COMODO PC TuneUpUcpctuneup.exeComodo PC TuneUp - "A powerful system optimization tool, PC TuneUp improves boot-up time and overall performance by removing junk files, repairing the registry, deleting malware, disabling non-essential start-up items and automatically resolving any critical Windows events you might be experiencing"No
McAfee FirewallYCPD.EXEFirewall bundled with McAfee VirusScan 6.*No
CPD_EXEYCPD.EXEFirewall bundled with McAfee VirusScan 6.*No
cpdsXcpds.exeDetected by Sophos as Troj/Ghudl-CNo
Comodo FirewallUCPF.exeSystem Tray access to, and notifications for an older version of Comodo Firewall by Comodo Group, IncNo
Comodo Personal FirewallYCPF.exeSystem Tray access to, and notifications for an older version of Comodo Firewall by Comodo Group, IncNo
CyberPatrolNewUcphq.exe"CyberPatrol gives you maximum parental control over your kids' online activities. You have the power to filter content, such as adult sites and inappropriate applications, and set limits on when your kids can go online"No
Cpl32verXCpl32ver.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. The file is located in %System%No
LManagerUCPLBCL53.EXESystem Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurationsNo
CplBTQ00NCplBTQ00.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPLDBL10NCPLDBL10.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPLDFL10UCPLDFL10.EXEPart of the EzButton feature on some Toshiba (and maybe others) laptops which support additional buttonsNo
CPM2YCPM.exeEntry added after installing Comodo Programs Manager by Comodo Group, Inc - which "helps users to comprehensively remove programs, drivers, services and Windows components. It monitors and records every change that a program makes to your computer so that it can completely undo those changes when it's time to uninstall." Once the system reboots it's replaced by the "COMODO Programs Manager Service (CPMService)" serviceNo
cpuminerUcpm.exeDetected by Malwarebytes as PUP.Optional.BitCoinMiner. The file is located in %AppData%\cpuminer. If bundled with another installer or not installed by choice then remove itNo
cpuminerUcpm.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
CPMonitorNCPMonitor.exeBackground process installed with versions of multimedia suites from Roxio and their CinePlayer BD/DVD player which monitors your optical drive and starts CinePlayer when a BD/DVD movie is inserted. Autoplay is normally enabled by default in Windows anyway (which you can set to use CinePlayer) or you can run CinePlayer manuallyNo
coupondoUcpnds.exe \run config.jsonDetected by Malwarebytes as PUP.Optional.Coupruon. Both files are located in %LocalAppData%\coupondo - see here. If bundled with another installer or not installed by choice then remove itNo
CPortPatch?CPPatch.exeCPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?No
A1000 Settings UtilityUcpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
Compaq Print FaxXcpqa1000.exeDetected by Trend Micro as WORM_SDBOT.BCV. Note the difference between the legitimate Compaq Fax Utility name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this wormNo
CPQAcDcYCPQAcDc.exeCompaq PowerCon power management software for laptopsNo
CPQBootPerfDBNCPQBootPerfDB.EXEWorks with the Compaq Message Server (COMPAQ-RBA.EXE) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problemsNo
CPQCalibYCPQCalib.exeCompaq PowerCon power management software for laptopsNo
CPQDFWAGNCpqDfwAg.exeFor Compaq PC's. Runs Compaq diagnostics on every bootNo
System DLFNcpqdiaga.exeCompaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configurationNo
CPQEASYACCUcpqeadm.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CPQEASYACCUCpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CpqeauiUcpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CPQInet Runtime ServiceUCpqInet.exeFor Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providersNo
CPQINKAGENTNcpqinkag.exeThat is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)No
Compaq PK DaemonUCPQKL.EXEFor Compaq laptops for programming user configurable keys. Not required unless you use themNo
cpqnsUcpqnpcss.exeRelated to Compaq.Net - not required if you don't use thatNo
CompaqSystrayNcpqpscp.exeCompaq System Tray iconNo
CpqsetNCpqset.exeDefault settings software in Hewlett Packard notebookNo
CPQTEAMUcpqteam.exeBundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration ToolNo
CpRmtKey?CpRmtKey.EXEComponent of the Toshiba Controls. The name suggests it might be related to a remote feature? What does it do and is it required?No
cprocsvcXcproc.exeDetected by Kaspersky as TR/Dldr.MSIL.Agent.C. The file is located in %System%\crunnerNo
CP_AutoStartupUcprotect.exeContentProtect Internet filtering software by ContentWatch. Originally available for homes and businesses alike but now only available for businessesNo
control panel software serviceXcprs.exeDetected by Sophos as W32/Rbot-FPINo
Norton Live Update ServerXcpsdv.exeDetected by Trend Micro as WORM_AGOBOT.EWNo
System DriversXcpsq32.exeDetected by Trend Micro as WORM_SDBOT.AXHNo
Microsoft CPU Over Heat ManagerXCPU.exeDetected by Microsoft as Worm:Win32/Slenfbot.ID and by Malwarebytes as Backdoor.BotNo
CPUCooLUCpucool.exeCPUCooL - a program to keep the processor cool when idle in "overclocked" systems. Also available via Start → Settings → Control PanelNo
CpuOptimizerXCpufix.exe cpuage.tntDetected by Trend Micro as WORM_RETADUP.D and by Malwarebytes as Worm.Agent.E.GenericNo
Main Intel CPU ControllerXcpuhost.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
CPU IdleXcpuidlexp.exeDetected by Sophos as W32/Agobot-BWNo
Cpu Level Up help?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CpuLevelUpHelp?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CpuLevelUpHelp.exe?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CPU ManagerXcpumgr.exeDetected by Symantec as W32.Pandem.B.WormNo
cpuminerUcpuminer-gw64.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
cpuminerUcpuminer-x86.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
CPUMonNCPUMon.exeCPUMon by Denis Kozlov - "is a simple little gadget for monitoring CPU performance from your desktop. It displays a real-time graph of CPU performance as well as current usage indicator"No
cpumsensors.exeXcpumsensors.exeDetected by Malwarebytes as Trojan.BitCoinMiner. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IntelProcNumUtilityUcpunumber.exeIntel Processor Serial Number Control Utility - allows you to enable and disable the processor serial number capability of an Intel PIII processor. System Tray icon providing the user with a visual state indicationNo
CPU Power MonitorUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpuPowerMonitorUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpuPowerMonitor.exeUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpusaveXCpusave.exeDetected by Symantec as Trojan.GemaNo
Cpusave32XCpusave32.exeDetected by Symantec as Trojan.GemaNo
GT15J4R49VXcpuserv.exeDetected by Trend Micro as TROJ_RADI.SMNANo
CPU Windows StatusXcpustats.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
CPVHOST SettingsXcpvhost.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
cpxUcpx.exeDetected by Malwarebytes as PUP.Optional.CPX. The file is located in %ProgramFiles%\cpx. If bundled with another installer or not installed by choice then remove itNo
Microsoft CPXP ProtocolXcpxp.exeDetected by Trend Micro as WORM_RBOT.ATPNo
My ComputerXcqcags.exeDetected by Sophos as W32/Sdbot-TJNo
CQlhkNZXCQlhkNZ.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %System%No
cqscp2ps.exe?cqscp2ps.exe"Compaq printer utility which is required in the startup menu in order to make the printer work correctly." Is it actually required?No
CQSCP2PSERVER?CQSCP2PS.EXE"Compaq printer utility which is required in the startup menu in order to make the printer work correctly." Is it actually required?No
Cr**.exe [* = random char]XCr**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Cr**32.exe [* = random char]XCr**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
explirerXcrack Internet Download Manager.exeDetected by Dr.Web as Trojan.Siggen6.25813 and by Malwarebytes as Backdoor.Agent.IXPNo
crack-full.vbsXcrack-full.vbsDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
crackXcrack.exeDetected by McAfee as RDN/Generic PWS.y!zw and by Malwarebytes as Trojan.Agent.ENo
crack.exeXcrack.exeDetected by McAfee as RDN/Generic PWS.y!zw and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CrackedXCrackedDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Cracker Crypt.exeXCracker Crypt.exeDetected by Malwarebytes as Trojan.Backdoor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
RadioMP3PlayerUcradio.exeRadio & MP3 Player plugin for the Crawler Toolbar by Crawler, LLC - 'Listen to internet radio streams and at the same time make recordings of your favorite songs & radio shows, listen to the music stored on your PC now even faster thanks to cool "drag & drop" function."' The Crawler Toolbar is a web browser toolbar and Browser Helper Object for Internet Explorer which monitors and reports back web pages viewed to its remote servers and will modify the home and search assistant pages to redirect searches to Crawler web sites. The file is located in %ProgramFiles%\crawler\radio. If bundled with another installer or not installed by choice then remove itNo
GoogleCrashHandlerXCrashHandler.exeDetected by McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Trojan.Clicker.GenNo
Salus CrashMonUCrashMon.exeDetected by Malwarebytes as PUP.Optional.Salus.PrxySvrRST. The file is located in %ProgramFiles%\Salus. If bundled with another installer or not installed by choice then remove itNo
CrashMonUCrashMon.exe UniversalUpdaterDetected by Malwarebytes as PUP.Optional.UniversalUpdater. The file is located in %ProgramFiles%\Universal Updater. If bundled with another installer or not installed by choice then remove itNo
CrashPlan TrayUCrashPlanTray.exeSystem Tray access to, and notifications for the CrashPlan online backup software from Code 42 SoftwareNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.1stBrowser. The file is located in %LocalAppData%\1stBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.BoBrowser. The file is located in %LocalAppData%\BoBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.Clara. The file is located in %LocalAppData%\Tortuga\Application. If bundled with another installer or not installed by choice then remove itNo
[random]Xcrasos.exeDetected by Sophos as Troj/DropPS-ANo
PoliciesXCrate Bug.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\installNo
crawfx43Xcrawfx43.exeDetected by McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.Messa.ENo
crawl.exeXcrawl.exeDetected by Malwarebytes as Ransom.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
CrawlerToolbarUCrawler.exeCrawler Toolbar by Crawler, LLC - a web browser toolbar and Browser Helper Object for Internet Explorer which monitors and reports back web pages viewed to its remote servers and will modify the home and search assistant pages to redirect searches to Crawler web sites. The file is located in %ProgramFiles%\Crawler Toolbar. If bundled with another installer or not installed by choice then remove itNo
COMODO Registry CleanerNCRC.exeCOMODO Registry Cleaner - part of Comodo System Utilities from Comodo Group, IncNo
Windows Services windirXcrc32.exeDetected by Kaspersky as Backdoor.Win32.SdBot.gxb and by Malwarebytes as Backdoor.Sdbot. The file is located in %Windir%No
Crc32stats DependenciesXCrc32stats.exeDetected by Symantec as W32.Mytob.GT@mmNo
crccrcs.exeXcrccrcs.exeDetected by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Configuration LoaderXcrcss.exeDetected by Trend Micro as WORM_AGOBOT.ADG and by Malwarebytes as Backdoor.BotNo
CRCSSXcrcss.exeDetected by Sophos as W32/IRCBot-TH. The file is located in %System%No
crcssXcrcss.exeDetected by McAfee as W32/Sdbot.bfr. The file is located in %Windir%No
Client Server Control ProcessXcrcss.exeDetected by Sophos as Troj/Agent-HRNo
PCprotXcrcss.exeAdded by unidentified malware. The file is located in %System%No
Windows Media UpdaterXcrease.exeDetected by Sophos as W32/Rbot-ATINo
Create Pain.vbsXCreate Pain.vbsDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Create A MonsterXcreateAMonster.exeKudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware relatedNo
CreateCDNCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start → ProgramsNo
CreateCD50NCreatecd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start → ProgramsNo
setFTPBackXcreatesw.exeDetected by Symantec as Backdoor.FTP_BmailNo
Creative Audio DriversXcreative.exeDetected by Sophos as W32/Rbot-FKRNo
CREATIVE SOUND BLASTER for Windows NTXcreative.exeDetected by Kaspersky as Backdoor.Win32.SdBot.bdb. The file is located in %System%No
Creative.exeXCreative.exeDetected by Symantec as W32.Prolin.Worm. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
CredentialsXCredentials.exeDetected by Dr.Web as Trojan.KillProc.20373 and by Malwarebytes as Trojan.Agent.CHNo
CreditCop2XCreditCop2Up.exeCreditCop rogue security software - not recommended, removal instructions hereNo
CreditCopXCreditCopUp.exeCreditCop rogue security software - not recommended, removal instructions hereNo
Credential® Backup® and Restore® Wizard®Xcredwiz.exeDetected by Sophos as Mal/MSIL-HH and by Malwarebytes as Trojan.AgentNo
AudioXcress.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AppData%\fsociety\FolderNo
cress.exeXcress.exeDetected by Malwarebytes as Trojan.FakeMS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXcretible.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\wintNo
PoliciesXcretible.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\wintNo
HKLMXcretible.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\wintNo
crfssXcrfss.exeDetected by Dr.Web as Trojan.Packed.23322 and by Malwarebytes as Backdoor.AgentNo
System Updater MachineXcrhwss.exeDetected by Sophos as Troj/Ciadoor-DQNo
voucherlmfao123XcrimepDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %AppData%No
crimepXcrimepDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %AppData%No
Crr1Xcript.batDetected by Symantec as Trojan.Ransomcrypt.AX and by Malwarebytes as Ransom.FileCryptorNo
Crr2Xcript.exeDetected by Symantec as Trojan.Ransomcrypt.AX and by Malwarebytes as Ransom.FileCryptorNo
Tool UpdateXcritical-update.exeDetected by Malwarebytes as Backdoor.Agent.CU. The file is located in %AppData%No
CriticalUpdateXcritical-update.exeDetected by Malwarebytes as Backdoor.Agent.CU. The file is located in %AppData%\Sec UpdateNo
MSUpdateXcriticalUpdate.exeDetected by Symantec as Adware.Affilred and by Malwarebytes as Trojan.AgentNo
critical_fixXcritical_fix.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% - see hereNo
C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exeUCritProc.exeKeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!No
Microsoft USB2 DriverXcrmss.exeDetected by Sophos as W32/Rbot-VKNo