Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st January, 2017
50984 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

2878 results found for C

Startup Item or Name Status Command or Data Description Tested
(Default)Xc ofor Rin logr.exeDetected by Microsoft as TrojanSpy:MSIL/Smets.gen!B and by Malwarebytes as Trojan.Keylogger. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
Windows DefenderXC++.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
autoautoXc.batDetected by Malwarebytes as PUP.Optional.MultiPlug.PrxySvrRST. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
0Xc.exeDetected by Malwarebytes as Trojan.Agent.DGGen. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %AllUsersProfile%\Start Menu (XP)No
YNO00BFRKMXc.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %Temp%No
ZeldarXc.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserTemp%No
WindowsUpdateXC.vbeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %UserProfile%\NGTMDNo
c.vbsXc.vbsDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
C0100Mon.exe?C0100Mon.exeLive! Cam Console Auto Launcher for the Creative Live! Cam range of webcams. Launches the camera console when using video messaging for example?No
C0NIMEXC0NIME.exeDetected by Dr.Web as Trojan.PWS.Qqpass.8524 and by Malwarebytes as Trojan.Agent. Note the number "0" in both the name and filenameNo
c0nime.exeXc0nime.exeDetected by Dr.Web as Trojan.DownLoader5.31944. Note the number "0" in both the name and filenameNo
h1b8Xc20t.exeDetected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %Temp%No
C29.exeXC29.exeAdded by the AGENT-UAJ TROJAN!No
C2CMonitorNC2CMonitor.exeClick to Convert from Inzone Software Limited - a PDF and HTML document converter for Windows documentsNo
C2C_Skype.exeXC2C_Skype.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
C2CSkypeXC2C_Skype.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\MicrosoftNo
c32cs2Uc32cs2.exeOlder version of CyberSentinel parental control softwareNo
CS32Uc32cs2.exeOlder version of CyberSentinel parental control softwareNo
c7ster32Xc7ster32.exeDetected by Dr.Web as Trojan.DownLoader12.5115 and by Malwarebytes as Trojan.Agent.CSNo
TV Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from V-Stream Multimedia/Jetway/Mentor/MTEK based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
TV Uzaktan KumandasıUC7XRCtl.exeRemote control support for TV tuner cards from INCA Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoder. TurkishNo
TV878 Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from V-Stream Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
Remote ControlUC7XRCtl.exeRemote control support for TV tuner cards from KWorld Multimedia/XTREME Multimedia based upon the Brooktree Bt878/Conexant Fusion Bt878/878A PCI video decoderNo
Roblox.exeXC8TaW.exeDetected by Malwarebytes as Backdoor.Bladabindi. The file is located in %AppData%No
AtherosMdSrvUpdateXc9fiq86o4.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %LocalAppData%\AtherosNo
c9mgrXc9mgr.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.tgzgNo
cXc:\archiv~1\win.comAdded by the CUYDOC TROJAN!No
Zone Labs ClientYca.exeEarlier version of EZ Firewall (based upon a rebranded version of ZoneAlarm Pro) - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
EZ FirewallYca.exeEZ Firewall - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suiteNo
caaspydelayedscanYCAAntiSpyware.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Runs a delayed scan on the first boot after installation before exitingYes
CaPPclUCAAntiSpyware.exePart of CA Anti-Spyware (either as a stand-alone product or as part of a suite). Runs a scan for spyware on startupNo
Microsoft Cab ManagerXcab.exeDetected by Sophos as Troj/Delf-JJNo
cababaafcadXcababaafcad.exeDetected by Sophos as Troj/Agent-AAVL and by Malwarebytes as Trojan.Agent.FSENo
MicroUpdateXcaballito.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.Agent.DCNo
cabcbfdbeffbfcgfdgfdgdfgXcabcbfdbeffbfcgfdgfdgdfg.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!sc and by Malwarebytes as Trojan.Agent.RNDNo
CabchkXCabchk.exeDetected by Symantec as Trojan.GemaNo
Cabchk32XCabchk32.exeDetected by Symantec as Trojan.GemaNo
CABCInstallXCABCInstall.exeIgnite Technologies (was CABC) content delivery softwareNo
Internet_SpeedupXCable Accelerator.exeAdded by the SPEEDUP-A WORM!No
[12 random characters]Xcabview1.exeIeDriver adware variantNo
cacaowebNcacaoweb.exe"Cacaoweb is a free plugin to watch, share and host videos and files online with no limits"No
DSAcassXcacasp.exeAdded by the SDBOT.AEL WORM!No
Automatic Media UpdateXCACHE.RVDAdded by unidentified malware. The file is located in %System%No
HKLMXcache1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\navigate - see hereNo
loadXcache1.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cache1.exe" (which is located in %AppData%\navigate) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same file, see hereNo
HKCUXcache1.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\navigate - see hereNo
dnscacheXcache1.exeDetected by Malwarebytes as Backdoor.Agent.HKP. The file is located in %AppData%\navigate - see hereNo
ShellXcacheexpress.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "cacheexpress.exe" (which is located in %UserTemp%\cacheexpress)No
CachemanNCacheman.exeFreeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-upNo
CacheMgrYCacheMgr.exePart of the Remote Update utility for older versions of Sophos antivirus products which provided an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
StubPathXcachemgr.exeDetected by Microsoft as Backdoor:Win32/Bifrose.IQNo
SystemeXcachereg.exeDetected by Dr.Web as Trojan.Siggen4.1693 and by Malwarebytes as Backdoor.Agent.STMGenNo
CacheSentry ProUCacheSentry Pro.exeCacheSentry Pro by EnigmaticSoftware - "is a program that takes over the management of the Internet Explorer (and AOL) web browser cache." No longer supportedNo
CACStarterNcacstart.exeCash A Check - check writing softwareNo
com.codeode.cactusspamfilterUcactusspamfilter.exeCactus Spam - free easy-to-use spam blockerNo
Cad ComponentsXCad Components.exeDetected by Dr.Web as Win32.HLLW.Phorpiex.131 and by Malwarebytes as Backdoor.Agent.DCNo
CADSUcads.exeOlder version of CyberSentinel parental control softwareNo
cadzagxusdefXcadzagxusdef.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!rf and by Malwarebytes as Trojan.Agent.USNo
caeaadbdabfedeaadXcaeaadbdabfedeaad.exeDetected by Malwarebytes as Riskware.Exit. The file is located in %LocalAppData%\{GUID}No
Adobe CSS5.1 ManagerXcaeaadbdabfedeaad.exeDetected by Malwarebytes as Riskware.Exit. The file is located in %LocalAppData%\{GUID}No
caeaadbdabfedeacXcaeaadbdabfedeac.exeDetected by Malwarebytes as Trojan.Winlock. The file is located in %CommonAppData%No
caeaadbdabfedeagfdgfdgdfgXcaeaadbdabfedeagfdgfdgdfg.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%No
ca40229ddXcafef9.exeDetected by Dr.Web as Trojan.DownLoader9.20821 and by Malwarebytes as Trojan.SpyEyesNo
CafeStationUCafeStation.exe"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"No
CA Personal FirewallUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
cafwUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
cafwcUcafw.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendationYes
ABBYY Community AgentNCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
CAgentNCAgent.exeAbbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documentsNo
ClearAllHistoryUcah.exe"Clear All History is an easy-to-use privacy tool that deletes Internet tracks such as browsing history, cache, cookies, autocomplete, search history, download history as well as history files from a variety programs such as Windows Media Player history, Microsoft Office programs, Google Desktop, Skype, Google Toolbar, Yahoo Toolbar and MSN Toolbar to help keep your Internet and computer activities private"No
CahootWebcardNCahootWebcard.exe"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when neededNo
CaiXCai.exeDetected by Malwarebytes as Spyware.Password. The file is located in %LocalAppData%No
CaISSDTUcaissdt.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product informationYes
Computer Associates Dashboard TrayUcaissdt.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product informationYes
CAIXA.exeXCAIXA.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonFiles%No
DlDir1XcaKeAdded by the CAKE WORM!No
Dir1XcaKeAdded by the CAKE WORM!No
PoliciesXcalc.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\addinsNo
PoliciesXcalc.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\CalculadoraNo
Java Platform SE Auto UpdaterXcalc.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\system32No
DEBUGGERXcalc.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\addinsNo
EssancialXcalc.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\calcNo
HKLMXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
loadXcalc.exeDetected by Malwarebytes as Backdoor.XTRat.Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "calc.exe" (which is located in %Windir%\System and is not the legitimate Windows calculator file of the same name which is located in %System%) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
Microsoft CalculatorXcalc.exeAdded by a variant of W32.IRCBot. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%No
Windows ConfigurationXcalc.exeDetected by Malwarebytes as Backdoor.NgrBot. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %MyDocuments%No
MicrosoftXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
calcXcalc.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\CalculadoraNo
TibiabotXcalc.exeDetected by Intel Security/McAfee as BackDoor-CEP!ic. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%No
Windows DefenderXcalc.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\system32No
HKCUXcalc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %Windir%\SystemNo
gpresult.exeXcalc.exeDetected by Malwarebytes as Trojan.Agent.GPGen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\EmweNo
internet.exeXcalc.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hd and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Windows calculator file of the same name which is located in %System%. This one is located in %AppData%\regsidtNo
ScanRegistryXcalc.vbsDetected by Sophos as VBS/Cod-BNo
CALC32XCALC32.EXEDetected by Sophos as W32/Spybot-ECNo
calc5.exeXcalc5.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
calc5.exeXcalc5.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
Verificador de Calendário Ulead Photo ExpressNCalCheck.exeUlead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually. Portuguese versionNo
Ulead Calendar CheckerNCalCheck.exeUlead Photo Express 6 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 3.0 SE Calendar CheckerNCalCheck.exeUlead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 4.0 Calendar CheckerNcalcheck.exeUlead Photo Express 4.0 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express 4.0 SE Calendar CheckerNCalCheck.exeUlead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express Calendar CheckerNcalcheck.exeUlead (now Corel) Photo Express 3.0, 4.0, 5 SE and My Scrapbook 2.0 include the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express Calendar Checker For My Custom EditionNCalCheck.exeUlead Photo Express 4.0 My Custom Edition (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Ulead Photo Express SE Calendar CheckerNCalCheck.exeUlead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Photo Express Calendar CheckerNcalcheck.exeUlead Photo Express 2 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
Photo Express Calendar Checker SENCALCHECK.EXEUlead Photo Express 2 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manuallyNo
PhotoExplosionCalCheckUcalcheck.exeCalendar management feature of Nova Development's Photo ExplosionNo
CalcXCalcplugin.exeDetected by Malwarebytes as Trojan.Agent.MPLGen. The file is located in %AppData%\MicrosoftNo
PoliciesXcalculator.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\LumiaNo
HKLMXcalculator.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\LumiaNo
CalculatorXCalculator.exeDetected by Malwarebytes as MSIL.LockScreen. The file is located in %AppData%No
HKCUXcalculator.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\LumiaNo
Desktop iCalendarUCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
iCalendarUCalendar.exeOlder version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktopYes
PlainSight Desktop CalendarUCalendar.exePlainSight Desktop Calendar by Desksware - "It can display Microsoft® Outlook® data, which you can directly manipulate, and weather forecasts from weather information servers. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
CalendarUCalendar.exeThis entry can be added by PlainSight Desktop Calendar and older versions of Desktop iCalendar from Desksware and the older Calendar 200X - which is no longer supported by or available from the authorYes
Calendar 200X ReminderNcalendar.exePart of Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. Displays reminders for holidays, anniversaries, tasks, etc. Disabling this entry via the program also disables the "Calendar 200X Monitor" entryYes
Logo Calibration LoaderUCalibrationLoader.exeEye-One Match (or i1Match) monitor calibration software for use with professional imaging tools such as the X-Rite (was GretagMacbeth) Eye-One Display LT and iDisplay 2 or the Pantone Eye-One Display 2No
CGFLoaderNCalibrizeLoader.exe"Calibrize is free software that helps you to calibrate the colors of your monitor in three simple steps. Just download the software and follow the procedure to generate a reliable color 'profile' and adjust the colors of your monitor automatically"No
CalibrizeResumeNCalibrizeResume.exeCalibrize is free software that helps you to calibrate the colors of your monitor in three simple steps. Just download the software and follow the procedure to generate a reliable color 'profile' and adjust the colors of your monitor automatically"No
calkXcalk.exeDetected by Sophos as Troj/StartPa-FHNo
calkypamcyfxXcalkypamcyfx.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
Call32XCall32.exeDetected by Sophos as Troj/Spammit-HNo
Active CallerIDUCallerID.exeActive Caller ID from SoftRM - "is a powerful full-featured Caller ID detection software that will turn your PC into an advanced Caller ID device. It uses your MODEM and Caller ID service provided by your local phone company in order to identify who's calling"No
msenngerXcalling.comDetected by Sophos as Troj/Zapchas-EB and by Malwarebytes as Backdoor.IRCBotNo
PolderbitS Call RecorderNCallRecorder32.exePolderbitS Call Recorder from PolderbitS Software - "can record from programs like Skype, VoipBuster, VoipStunt, Google Talk, Yahoo Messenger, Windows Live Messenger, Office Communicator, Lync 2010 and more. It can do automatic recording in the background. Then save recordings as wav or mp3 sound files, either mixed-mono or dual channel stereo." No longer availableYes
PolderbitS Call RecorderNCallRecorder64.exePolderbitS Call Recorder from PolderbitS Software - "can record from programs like Skype, VoipBuster, VoipStunt, Google Talk, Yahoo Messenger, Windows Live Messenger, Office Communicator, Lync 2010 and more. It can do automatic recording in the background. Then save recordings as wav or mp3 sound files, either mixed-mono or dual channel stereo." No longer availableYes
Calendar Monitor?calmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
calmonitor?calmonitorBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at presentYes
Calendar 200X Monitor?calmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this oneYes
calmonitor?calmonitor.exeBackground task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this oneYes
Calnique Popup StopUcalniquepopstop.exePopup stopper extra for the Calnique Custom Calculator from Speciality Calendars. No longer available from the publisherNo
caluruviqwalXcaluruviqwal.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see hereNo
camXcam.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
Cam.exeXCam.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %UserTemp%No
Generic Host ProcessXcamacttiv.exeDetected by AVG as the CIADOOR.13 TROJAN!No
Camaro CalendarUCamaro Calendar.exeCalendar gadget included with the Camaro theme for MyColors from Stardock CorporationNo
Camaro ClockUCamaro Clock.exeClock gadget included with the Camaro theme for MyColors from Stardock CorporationNo
Camaro WeatherUCamaro Weather.exeWeather gadget included with the Camaro theme for MyColors from Stardock CorporationNo
camchatXcamchatplugin.exeDetected by Malwarebytes as Trojan.VBKrypt. The file is located in %AppData%\camchatpluginNo
CamCheckNCamCheck.exeNuCam camera software relatedNo
Camera DetectorUCamdetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
Camera DetectorUCAMDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
CamenoUCameno.exeCameno is a program which brings tabbed windows to MSN Messenger 6.0 and aboveNo
CameraApplicationLauncher?CameraApplicationLaunchpadLauncher.exeSupports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?No
Logitech QuickCamUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
LogitechCameraAssistantUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
CameraAssistantUCameraAssistant.exeEntry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when requiredYes
camfrogXcamfrog.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate Camfrog video chat software by Camshare Inc. The file is located in %System%\MSDCSCNo
CamfrogNCamfrogNet.exe Camfrog Video Chat.exeCamfrog video chat software by Camshare IncNo
[12 random characters]Xcamocx28.exeIeDriver adware variantNo
[12 random characters]XCAMOCX74.exeIeDriver adware variantNo
HerculesCamService?CamService.exeRelated to the Hercules Dualpix HD Webcam. What does it do and is it required?No
Creative WebCam TrayNCamTray.exeCreative WebCam tray control - can be started manuallyNo
CamWizardYCamWizrd.exeLaunches the Logitech Camera Wizard on the first reboot after installing versions of Logitech QuickCam webcam softwareYes
cam_server.exeXcam_server.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cam_server.exeXcam_server.exeDetected by Dr.Web as Trojan.MulDrop2.48031 and by Malwarebytes as Backdoor.Agent.CMS. The file is located in %System%\sysfiles\serverNo
ASDPLUGINXcanada.exeAsdPlug premium rate adult content dialerNo
CanadaNCanada.exeKnown to be a dialler - but is it maliscous or clean?No
HELPERXcanada.exeAsdPlug premium rate adult content dialer variantNo
CanaryUcanary-std.exeCanary keystroke logger/monitoring program - remove unless you installed it yourself!No
Eac_CnryXcanary.exeDetected by Kaspersky as Trojan-Downloader.Win32.Wren.m - see hereNo
Candy Crush Saga.exeXCandy Crush Saga.exeDetected by Dr.Web as Trojan.Siggen6.20465 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CandyClockUCandyClock.exeCandy Clock by Gallicrow Software Limited - "is a colourful and highly configurable desktop clock program. The background of the clock can be set to use a picture file, many graphics formats are supported including animated gifs"No
Candycrush_MODS.exeXCandycrush_MODS.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
candynaXcandyna.exeDetected by Malwarebytes as Trojan.Clicker.Gen. The file is located in %UserProfile%\My MyPersonalStuffNo
CANoeUCANoe32.exeCANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systemsNo
ICompXpSpXCap.exeAdded by the BANCOS-BLW TROJAN!No
cap.txtXcap.txtDetected by Intel Security/McAfee as RDN/Generic Downloader.x!il and by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CAP3ON?CAP3ONN.EXECanon driver, purpose unknown. Is it required in startup?No
[12 random characters]Xcapesnpn.exeIeDriver adware variantNo
Capture Express 2000NCAPEXP.EXECapture Express - screen capture utilityNo
CA Personal FirewallYcapfasem.exeRuns the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)Yes
capfasemYcapfasem.exeRuns the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)Yes
CapFaxNCapFax.EXEPhoneTools fax softwareNo
CA Personal Firewall?capfupgrade.exeInstalled with CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to runYes
capfupgrade?capfupgrade.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to runYes
CAPingUCAPing.exeCitibank Citianywhere softwareNo
Intel(R) Common User InterfaceXcapiws.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.Agent.ICUNo
ShellXcapiws.exe,explorer.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.FakeAlert. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "capiws.exe" (which is located in %AppData%\Microsoft)No
Canon PC1200 iC D600 iR1200G Status Window?CAPM1LAK.EXECanon printer related - is it required in startup?No
CaponYCapon.exeCanon printer driverNo
CaponYCaponn.exeCanon printer driverNo
cappXcapp.exeDetected by Intel Security/McAfee as RDN/Downloader.a!qd and by Malwarebytes as Backdoor.Agent.ENo
CappUcapp.exeDetected by Malwarebytes as PUP.CNNIC. The file is located in %System%No
CA Anti-SpywareYCAPPActiveProtection.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle themYes
CAPPActiveProtectionYCAPPActiveProtection.exePart of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle themYes
Winxp updateXcAppp.exeDetected by Trend Micro as WORM_RBOT.DKONo
CapsHookUCapsHook.exeCaps Lock and Num Lock on-screen notifier for ASUS laptops and netbooks that don't have the equivalent LEDsNo
CapsLKNotifyUCapsLKNotify.exeDialog box that notifies the user when "Caps Lock" has been pressed on some Dell computersNo
captureXcapture.exeDetected by Sophos as Troj/Theef-BNo
CaptureBatNCapture.exe!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"No
CaptureAssistantUCaptureAssistant.exeCapture Assistant "is a convenient and easy-to-use text and graphics capture tool". It allows you to capture text, font information, graphics, etcYes
CarboniteSetupLite?CarbonitePreinstaller.exeRelated to the installation of Carbonite backup softwareNo
Carbonite BackupNCarboniteUI.exe"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"No
Sound DriverXcardriver.exeDetected by Sophos as Troj/Agent-APJN and by Malwarebytes as Trojan.Agent.MXTNo
Care20XCare20.exeRelated to TopMoxie adwareNo
Care2GTUUCare2GTU.exeCare2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep itNo
carpservUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
CARPserviceUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
SoftK56 Modem DriverUcarpserv.exeAssociated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for exampleYes
CARPserverXCARPserver.exeDetected by Sophos as Troj/Banker-AN and by Malwarebytes as Trojan.Agent.ENo
ConfiggLoaderXcart322.exeAdded by the GAOBOT.DJ WORM!No
TaskListXcartao.exeDetected by Kaspersky as Trojan-Banker.Win32.Bancos.yr. The file is located in %System%No
cartaoXcartao.exeDetected by Sophos as Troj/Banker-FANo
Cas2StubXcas2stub.exeCasinoClient adwareNo
Comodo AntiSpamYCAS32.exeSystem Tray access to, and notifications for the now discontinued Comodo AntiSpam from Comodo Group, Inc - "client-based software product that eliminates spam forever from the computer's email system"No
Harmony 98 - CasioOrgUCasAgnt.exeEnterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000No
XTNDConnect PC - CasioOrgUCasAgnt.exeCasio Pocket PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
CasAgntUCasAgnt.exeProgram by Extended Systems which allows you to sync your Casio PDA with your PCNo
CA Security SuiteUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
cctrayUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
cascUcasc.exeInstalled with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detectedYes
CAS ClientXcasclient.exeCasinoClient adwareNo
SettingValueXcasd.exeDetected by Sophos as W32/Sdbot-PG and by Malwarebytes as Backdoor.SDBotNo
caseyvideoXcaseyvideo.exeMalware causing adult content popupsNo
caseyvideo[*] [* = digit]Xcaseyvideo[*].exe [* = digit]Malware causing adult content popupsNo
CashBackXcashback.exeCashBackBuddy adwareNo
Cashsurfers Cashbar NavigatorNCashbar.ExeCashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"No
CashFiestaXCashfiesta.exeDetected by Trend Micro as ADW_CASHFIESTA.ANo
GerenteXcasita.exeDetected by Dr.Web as Trojan.DownLoader11.36226 and by Malwarebytes as Trojan.Agent.GRNo
casrcssb.exe%UserTemp\casrcssb.exeXcasrcssb.exeDetected by Malwarebytes as Trojan.CCProxy. The file is located in %UserTemp%No
CassandraXCASSANDRA.EXESuperSpider hijacker - a CoolWebSearch parasite variant. Also detected by Total Defense as a variant of the Krepper trojanNo
winservitXcassl.exeDetected by Trend Micro as WORM_RBOT.ASGNo
CasStubXcasstub.exeDetected by Sophos as Troj/Cass-ANo
casuxtacarixXcasuxtacarix.exeDetected by Dr.Web as Trojan.DownLoader9.61055 and by Malwarebytes as Trojan.Agent.USNo
DiskstartXcat.exeStartportal - Switch dialer and hijacker variant, see here. Also detected by Sophos as Troj/Delf-JENo
DNSPROVIDEXCatalystLoader.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.MNRNo
CatchCodeXCatchCode.exeCatchCode rogue security software - not recommended, removal instructions hereNo
CATEYEYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
On-Line ProtectionYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Quick Heal AntiVirusYCATEYE.EXEPart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQonYes
Quick Heal On-Line ProtectionYCateye.exePart of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying"No
ccube_TrustListYcatl_001.exeInstalled with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite) and runs only once on the first boot after installation is complete before exitingYes
MonitoringXcatmonn.exeDetected by Dr.Web as Trojan.DownLoad1.16841No
catrootXcatrootsz.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Trojan.Agent.KRNo
DeviiderXcatsdisc.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
catsrvXcatsrv.exeAdded by an unidentified TROJAN - see hereNo
[12 random characters]Xcatsrvps.exeIeDriver adware variantNo
catxmlXcatxml.exeDetected by Total Defense as Backdoor.Win32.Agent.ce. The file is located in %Windir%\tasksNo
cause_structureXcause-behave.exeDetected by Sophos as Troj/Agent-ALOP and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-grow.exeDetected by Sophos as Troj/MSIL-BSV and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-push.exeDetected by Sophos as Troj/Trustez-S and by Malwarebytes as Backdoor.Agent.STLNo
cause_structureXcause-were.exeDetected by Sophos as Troj/Mdrop-GNO and by Malwarebytes as Backdoor.Agent.STLNo
cauurifXcauurif.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
Norton Live UpdaterXCavapsvc.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
CAVRIDYCAVRID.exeReal-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download themYes
CA Anti-VirusYCAVRID.exeReal-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download themYes
CAVSYCAVS.exeCheyenne AntiVirus - acquired by CA and no longer availableNo
CyberScrub AutoUpdateYCAVSch.exeAutomatic updates for CyberScrub AntiVirus - which licensed Kaspersky Anti-Virus Lite. No longer supported or available from the authorNo
CaAvTrayYCAVTray.exeSystem Tray access to earlier versions of the CA antivirus products - including EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo!No
CAZNOVASXCAZNOVAS.exeAdded by the CAZNO TROJAN!No
ccube_Install_LockYcazz_001.exeInstalled with security products from CA and runs only once on the first boot after installation is complete before exitingYes
AdobeReaderProXcbdzfrsl.exeDetected by Kaspersky as Backdoor.Win32.Rbot.azq and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
SystemXcber.exeDetected by Trend Micro as TROJ_DLOADER.NXNo
cbInterfaceUcbInterface.exeSystem Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP/2K/NT). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredNo
Cobian BackupUcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 10 InterfaceUcbInterface.exeSystem Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 8 interfaceUcbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup 9 interfaceUcbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup AmanitaUcbInterface.exeSystem Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup Black MoonUcbInterface.exeSystem Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
exkatajXcbkdkiw.exeAdded by the FANBOT-F WORM!No
CallBumpingYcbpopw.exeRelated to the Gazel 128 PCI ISDN adapter by Bewan Systems. Required if you use it but now discontinued since Pace acquired BewanNo
Microsoft System Restore ConfigurationXCBRSS.EXEAdded by a variant of the SPYBOT WORM!No
Remote Data Backups TaskBar IconUCBSysTray.exeSystem Tray access to Remote Data Backups online system/data backup utilityNo
KingSoft PowerWord PENCBTray.exeOld version of the Kingsoft PowerWord Chinese and English two way translation software/e-dictionaryNo
CBWAttnUCBWAttn.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
CBWHostUCBWHost.exeRequired for Bitware to answer incoming faxes, can cause sleep mode problemsNo
TaskmanXcbzvl.exeDetected by Trend Micro as TROJ_RIMECUD.ASH and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "cbzvl.exe" (which is located in %UserProfile%)No
SQConfigCheckerXcc.exeXupiter SQWire toolbar related. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the futureNo
WocatXcc3250mtp.exeDetected by Dr.Web as Trojan.Carberp.1211 and by Malwarebytes as Trojan.Agent.ENo
Clean Access AgentNCCAAgent.exeCisco Clean Access Agent from Cisco Systems, IncNo
ccagent.exeXccagent.exeControl Center and Control Components rogue security software - not recommended, removal instructions here and hereNo
Core Process AplicationXccapl.exeDetected by Kaspersky as Backdoor.Win32.Rbot.gen. The file is located in %System%\ComNo
Core Process Aplication x16Xccapl16.exeDetected by Trend Micro as WORM_SPYBOT.AFTNo
Core Process Aplication x32Xccapl32.exeDetected by Kaspersky as Trojan-Dropper.Win32.Sramler.e. The file is located in %System%\ComNo
Common ClientYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
ccAppYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
ccApp.exeXccApp.exeAdded by the RBOT-HJ WORM! Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%No
SymantecXccapp.exeAdded by the REATLE WORM! Note - this is not a Symantec fileNo
Symantec Security TechnologiesYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
Norton Auto-ProtectXccApp.exeAdded by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filenameNo
Symantec ServiceXccApp.exeAdded by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filenameNo
System Process UninstallXccapp.exeSystemProcess adware. Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%No
Client and Host Security PlatformYccApp.exePart of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without thisYes
Antivirus Protection ServicesXccapp2.exeDetected by Total Defense as Win32.Rbot.EXI. The file is located in %System%No
Symantec Configuration LoaderXccApp32.exeDetected by Sophos as W32/Agobot-EENo
ServicesLogXccapp32.exeDetected by Sophos as W32/Rbot-AMXNo
HP DesktopXccappms.exeAdded by the SDBOT-TG WORM!No
ccAppsXccApps.exeDetected by Sophos as W32/Kangaroo-BNo
SymRunXccApps.exeDetected by Sophos as Troj/Kagen-ANo
blah serviceXccapps32.exeDetected by Trend Micro as WORM_RBOT.TVNo
6331905XCCAV.exeDetected by Dr.Web as Worm.Siggen.1163No
ccavYccavsrv.exePart of COMODO Cloud Antivirus - which "uses a powerful combination of virus monitoring, auto-sandbox and behavior analysis technologies to immediately protect your computer from all known and unknown malware"Yes
ccdbefddcfeaebXccdbefddcfeaeb.exeDetected by Malwarebytes as Trojan.Agent.NV. The file is located in %AppData%\cc60db38-3ef1-4d24-8d95-c429fe359aeb79No
ccdbefddcfeaebadXccdbefddcfeaebad.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\{GUID}No
Adobe CSS5.1 ManagerXccdbefddcfeaebad.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\{GUID}No
ccdbefddcfeaebcXccdbefddcfeaebc.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %CommonAppData%No
ccdbefddcfeaebsacfsfdsfXccdbefddcfeaebsacfsfdsf.exeDetected by Malwarebytes as Trojan.Dropper.PL. The file is located in %CommonAppdata%No
ccDHCP32XccDHCP32.exeDetected by Sophos as W32/Agobot-HJNo
CCDoctorYccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase - "an enterprise-grade configuration management system that provides highly secure version control with work and build management support." ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
CCDoctorLogonTestingYccdoctor.exeChecks your system to make sure it's configured properly for running IBM Rational ClearCase - "an enterprise-grade configuration management system that provides highly secure version control with work and build management support." ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase productNo
Microsoft Driver SetupXccdrive32.exeDetected by Sophos as Troj/Agent-LYL and by Malwarebytes as Worm.PalevoNo
ccenterYCCenter.exeRising antivirusNo
ccepicXccepic.exeAdded by the MSIL-H TROJAN!No
CcEvtMgrYccEvtMgr.exeCommon process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Keeps track of all events occurring for these products and writes these into the Activity log - which can be viewed through the Reports section. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
SunJavaSchedXccEvtMngr.exeDetected by Sophos as W32/Sdbot-YPNo
nortonsantivirusXccEvtMngr.exeDetected by Sophos as Troj/Hzdoor-ANo
ccEvtMrg.exeXccEvtMrg.exeDetected by Trend Micro as WORM_RBOT.GZNo
dddfXccf.exeDetected by Malwarebytes as Password.Stealer. The file is located in %Temp%No
BullGuard UpdateYCCHAT.EXEPart of the updater for an old version of Bullguard antivirusNo
ccHelpXccHelp.htaSearchq adwareNo
RunXcchost.exeDetected by Sophos as Troj/Squatbot-CNo
ccStartXccInfo.exeDetected by Sophos as W32/Agobot-GQNo
CodeCleanXCCIntro.exeCodeClean rogue security software - not recommendedNo
winlogon_userXccIsass.exeAdded by the SILLYFDC.BBT WORM!No
CCleanerXCClean.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %AppData%\ProgramasNo
AvastSvcXCClean.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %AppData%\ProgramasNo
Ccleaner Co.XCcleaner Update.exeDetected by Malwarebytes as Trojan.Agent.CL. The file is located in %AppData%No
CCleaner UpdateXCCleaner x86.exeDetected by Malwarebytes as Trojan.MSIL. Note - this is not a valid CCleaner file and it is located in %AppData%\CCleaner UpdateNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry although the file is located in %ProgramFiles%\CCleanerNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %System%\Program Files\CCleaner\[random] - see examples here and hereNo
CCleaner Resident Cleaner ServiceXCCleaner-resident.exeDetected by Malwarebytes as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %Temp%\Program Files\CCleaner - see hereNo
WinCleanerXccleaner.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %System%\WindowsCCleanerNo
CcleanerXccleaner.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %AppData%No
CcleanerXCCleaner.exeDetected by Sophos as Troj/Agent-ATLD and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %CommonAppData%\AhnLabNo
CCleanerUCCleaner.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
CCleaner MonitoringUCCleaner.exeSystem Tray access to, and monitoring feature of the CCleaner (version 5.* onwards) freeware system optimization, privacy and cleaning tool which keeps the main program up-to-date and system clean of redundant filesYes
CCleaner.exeXCCleaner.exeDetected by Intel Security/McAfee as Generic Dropper!dob and by Malwarebytes as Backdoor.MSIL.PGen. Note - this is not the legitmate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %AppData%\EcUQcsIdRaxsWYFZemcIQR\EcUQcsIdRaxsWYFZemcIQR\0.0.0.0No
Avast!XCCleaner.exeDetected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %UserTemp%No
ShellXccleaner.exeexplorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "ccleaner.exeexplorer.exe" (which should be located in %AppData% but does not exist as there should have been a "," between "ee")No
CCleanerUCCleaner64.exeCCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleanerYes
CCleaner MonitoringUCCleaner64.exeSystem Tray access to, and monitoring feature of the CCleaner (version 5.* onwards) freeware system optimization, privacy and cleaning tool which keeps the main program up-to-date and system clean of redundant filesYes
Host.exeXccleaners.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
ccleanersXccleaners.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
winlogonXCCleanerstartup.batDetected by Dr.Web as Trojan.DownLoader9.13273 and by Malwarebytes as Trojan.Agent.TraceNo
aqvaXCCleanerstartup.batDetected by Malwarebytes as Trojan.BitcoinMiner. The file is located in %AppData%\aqvaNo
CCleanerUpdates.exeXCCleanerUpdates.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ccleanerxx.exeXccleanerxx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\ccleanerxx.exeNo
CCLTInstallCheck?CCLTInstallCheck.exePart of Radivision's "Click to Meet" video conferencing client - now part of Avaya and superseded by Scopia XT Video ConferencingNo
WindowsUpdateXCCNQY-FZDDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %AppData%\IXBQTNo
CorrectConnectNCConnect.exeBroadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut availableNo
ccProxyYccProxy.exeCommon process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP). Located in %CommonFiles%\Symantec Shared, this should not be confused with Youngzsoft's CCProxy proxy server software which is located in either %Root%\CCProxy or %ProgramFiles%\CCProxyNo
CCProxyUCCProxy.exeCCProxy proxy server software from Youngzsoft. A proxy server is a computer system or (in this case) and application that acts as an intermediary for requests from clients seeking resources from other servers. Located in either %Root%\CCProxy or %ProgramFiles%\CCProxy, this should not be confused with the Symantec version included in older versions of Norton Internet Security or the discontinued Norton AntiSpam which is located in %CommonFiles%\Symantec SharedYes
ccPrxy.exeXccPrxy.exeDetected by Sophos as W32/ShipUp-H and by Malwarebytes as Trojan.ShipUpNo
ccPwdSvcYccPwdSvc.exeCommon process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. The exact purpose is unknown at presentNo
CcPxySvcYCCPXYSVC.exeCommon process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Real Statics AgentXccreal.exeAdded by a variant of Backdoor:Win32/RbotNo
Common ClientYccRegVfy.exePart of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
ccRegVfyYccRegVfy.exePart of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"Yes
USD DriverXccrss.exeDetected by Trend Micro as WORM_SDBOT.BFHNo
ccSetMgrYccSetMgr.exeCommon process for older versions of Symantec's products including Norton Internet Security, Norton AntiVirus, Norton Ghost and the now discontinued Norton Personal Firewall and Norton SystemWorks suite. Manages the secure storage and management of the various configuration settings for these products. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Norton Antivirus CCDebugXCCSEVRT.exeAdded by the SDBOT.ACJ WORM!No
novavappXccsmn.exeSysinternals Antivirus rogue security software - not recommended, removal instructions hereNo
Configuration LoaderXccSort.exeDetected by Trend Micro as WORM_AGOBOT.SR and by Malwarebytes as Backdoor.BotNo
Sygate Personals FirewallsXccsrn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
novavapprXccsrr.exeSysinternals Antivirus rogue security software - not recommended, removal instructions hereNo
WINTASKMGRXccsrs.exeAdded by the MYTOB.Q WORM!No
winprotectionXccsrss.exeAdded by the SILLYFDC.BBT WORM!No
ccStartXccStart.exeDetected by Sophos as W32/Agobot-IRNo
Norton StartXccStart.exeAdded by the SDBOT-OX WORM!No
HotXccsvchst.exeDetected by Malwarebytes as Trojan.Reconyc. The file is located in %MyDocuments%\Microsoft OfficeNo
ccsvchst.exeXccsvchst.exeDetected by Dr.Web as Trojan.DownLoader6.51095 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Symantec security service located in %CommonFiles%\Symantec Shared. This one is is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ccSvcHst.exeXccSvcHst.exeDetected by Sophos as W32/Sdbot-DIW. Note - this is not the legitimate Symantec security service located in %CommonFiles%\Symantec Shared. This one is located in %Windir%No
ccsvit.exeXccsvit.exeDetected by Sophos as Troj/StartPa-HPNo
(Default)Xcct.exeDetected by Malwarebytes as Trojan.FakeMS. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %WinTemp%No
CA Security SuiteUcctray.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert stateYes
cctrayUcctray.exeInstalled with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert stateYes
XGCCTVServerYCCTvServer.exeRelated to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security featuresNo
nortonavXCCUPD32.EXEAdded by an unidentified WORM or TROJAN!No
ccUpdateXccUpdate.exeAdded by the AGOBOT.YS WORM!No
Norton UpdateXccUpdate.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Norton UpdaterXccUpdate.exeAdded by the AGOBOT.ALW WORM!No
ccUpdMgrUccUpdMgr.exeIn Loco Parentis parental control software. Uninstall this software unless you put it there yourself!No
CCUTRAYICONUCCU_TrayIcon.exeRelated to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®No
Adobe_RLXXccwap.exeDetected by Sophos as Troj/Bckdr-RCLNo
CorelCENTRAL 10NCCWin10.exeCorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002No
CorelCENTRAL 9Nccwin9.exeCorelCENTRAL 9 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2000No
1XCD Key Cs Go.exeDetected by Malwarebytes as Trojan.FakeGen. The file is located in %AppData%No
MP3 CD ExtractorNCD-Extractor.exe"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"No
cd1Xcd1.exePremium rate adult content diallerNo
Computer Defender 2009Xcd2009.exeComputer Defender 2009 rogue security software - not recommended, removal instructions hereNo
Auto CD-ROM StartupXcdaccess.exeDetected by Trend Micro as WORM_SPYBOT.BLANo
Microsoft softwareXcdaccess.exeDetected by Trend Micro as WORM_RBOT.ABKNo
CDAServerUCDASrv.exePart of the Samsung Easy Printer Manager installed with certain Samsung printers and scanners. Unless you are sharing this printer on a network or use the printer to scan, this file does not need to runNo
CyberDefender Early Detection CenterXcdas[random].exeCyberDefender Early Detection Center rogue security software - not recommended. On testing with a clean image, this reported registry entries pointing to the legitimate Java "jqs_plugin.dll" file (located in %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie as the Anticlear rogue (see an example here). In addition, it claimed that the installer for an older version of HashTab contained W32.MalwareF.KJAE and quarantined a valid 7-zip file ("7zCon.sfx" in %ProgramFiles%\7-Zip) as W32/Malware. Also read this post where a Tech Support person uses other free tools such as MBAM to fix a problemNo
CdcompatXCdcompat.exeDetected by Symantec as Trojan.GemaNo
Cddrv32Xcddrv32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Cool DeskUcdesk.exeCool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to youNo
CDInterceptorNcdi.exeCD indexer for measuring the speed of CD playersNo
cdloaderYcdloader2.exeMagicJack - a "softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"No
MS-ConnectXcdm.exeMS-Connect - Switch dialer and hijacker variant, see here. Also detected by Kaspersky as Trojan.Win32.Dialer.ddNo
HKLMXcdm.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Archivos de ProgramasNo
HKCUXcdm.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\Archivos de ProgramasNo
CdnCtrXcdnup.exeDetected by Malwarebytes as Adware.CDN. The file is located in %ProgramFiles%\CNNIC\CdnNo
SystemTraXCDPlay.EXEAdded by the LOVGATE.Z WORM!No
%ProgramFiles%\CDROM\CDROM.exeXCDROM.exeDetected by Kaspersky as Trojan.Win32.Cosmu.akah and by Malwarebytes as Worm.Agent. The file is located in %ProgramFiles%\CDROMNo
Cdrom ControllerXcdromcntrl.exeDetected by Sophos as Troj/Battry-ANo
MicrosoftROMDriverServiceXcdrss.exeAdded by the IRCBOT.BLF BACKDOOR!No
cdsXcds.exeAdded by the SPYMON TROJAN!No
CDSpeed.exeXCDSpeed.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.aex. The file is located in %Windir%No
CD Storage MasterNcdstorager.exeCD Storage Master - "A powerful program designed to catalog your CD/DVD/Blu-Ray discs , boasts a number of handy features for organizing your collection"No
CD Storage Master 2009Ncdstorager.exeCD Storage Master - "A powerful program designed to catalog your CD/DVD/Blu-Ray discs , boasts a number of handy features for organizing your collection"No
CD Tray PalNCDTray.exeCD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"No
CDTrayPalNcdtray.exeCD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"No
UpdateXCDUpdater.exe"Carpe Diem" adult premium rate dialler relatedNo
CD-DVD Lock for Win95/98/Me/2k/XPUCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
CDVAgentUCDVAgent.exeLoads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
JDK55WFMZYXcdx.exeDetected by Trend Micro as TROJ_MONDER.RONNo
CadenzaUCdzSvc.exeCadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devicesNo
CyDoorXCD_Load.exeDetected by Symantec as Adware.Cydoor and by Malwarebytes as AdWare.CydoorNo
CydoorUpdateXCD_Load.exeDetected by Symantec as Adware.CydoorNo
ClickTheButtonXcd_load.exeDetected by Intel Security/McAfee as Downloader-MYNo
ceeiLjmUBGBADuXceeiLjmUBGBADu.exeAdded by the FAKEAV-DVF TROJAN!No
CeEKEYUCeEKey.exeHot Key utility included on Toshiba Satellite laptopsNo
celculibpyghXcelculibpygh.exeDetected by Intel Security/McAfee as RDN/Downloader.a!mq and by Malwarebytes as Trojan.Agent.USNo
runXCeline.scrDetected by Sophos as Troj/Celine-A. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "Celine.scr" (which is located in %Root%)No
CEventMgrXCell.exeDetected by Sophos as Troj/Bifrose-AKNo
EasyPDFCombine EPM SupportUcemedint.exeEasyPDFCombine toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyPDFCombine_ce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CenProtectXCenProtect.exeCenProtect rogue security software - not recommended, removal instructions hereNo
Control CenterUCenter.exeAssociated with Hawking Technologies, Inc wireless products. Located in %ProgramFiles%\Hawking\WLAN Card UtilitiesNo
T-Mobile Communication CentreUCentre.exeT-Mobile Communication Centre configuration/management utility for their range of mobile broadband devicesNo
CeEPOWERUCePMTray.exeToshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate timesNo
-=C34pn4=-XCepna.exeDetected by Dr.Web as Trojan.StartPage.58846 and by Malwarebytes as Trojan.StartPageNo
Y-WormXCepna.exeDetected by Dr.Web as Trojan.Siggen6.22766 and by Malwarebytes as Backdoor.Agent.ENo
syscodecaudioXCEQL0H9AT4.exeDetected by Malwarebytes as Worm.Ainslot. The file is located in %AppData%\audiocodecNo
Advanced Internet ProtocolXcerf.exeAdded by a variant of W32.Spybot.Worm. The file is located in %System%No
CerrusXCerrus.exeDetected by Malwarebytes as MSIL.LockScreen. The file is located in %AppData%No
Certificate Policy EngineXCertPolEng.exeDetected by Sophos as Troj/Agent-ZBH and by Malwarebytes as Backdoor.Agent.DCNo
Legacy VGA Drivers V1.0Xcertproc32.exeAdded by the AGENT.NEM TROJAN!No
CertReg?certreg.exeRelated to a Gemplus (now Gemalto) product. The file is located in %ProgramFiles%\Gemplus\CertReg. What does it do and is it required?No
Sun MicroSystems Inc.XCertRegister.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.BotNo
Windows Defender®XCertRegister.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.BotNo
CertStoreInitYCertStoreInitAladdin eToken (now Gemalto MFA) authentication and password managementNo
ISS_CerttoolYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
IBM Client SecurityYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
certtoolYcerttool.exePart of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption optionsYes
SetecCertUtilUCertutil.exeSetec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TVNo
CesarFTPNCesarFTP.exeCesarFTP is an easy and powerful FTP Server. It supports a complete virtual file system which allows you to preserve your disk structure. It also supports ban masks, ratio and quotas, events, especially automatic processing of uploaded files. It has native NT service support." No longer supportedNo
EasyPDFCombine Search Scope MonitorUcesrchmn.exeEasyPDFCombine toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyPDFCombine_ce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
cessrs.exe -startUcessrs.exe -startDetected by Malwarebytes as PUP.Optional.UPUpdata. The file is located in %AppData%\UPUpdata. If bundled with another installer or not installed by choice then remove itNo
Driver Control Manager v7.1Xcetrdeje.exeDetected by Sophos as W32/AutoRun-BKK and by Malwarebytes as Trojan.AgentNo
Driver Control Manager v7.5Xcetrdeosa.exeDetected by Intel Security/McAfee as Generic Malware.dg!ats and by Malwarebytes as Trojan.AgentNo
CevoClientXcevo.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. The file is located in %UserTemp%\MSDCSCNo
cryptoexpertUcexpert.exeCryptoExpert from SecureAction Research. Advanced on the fly encryption systemNo
CryptoExTrayV3?CexTray.exePart of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?No
CryptoExVolumeAutoMount?CexVolume.exePart of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?No
cezqicidudceXcezqicidudce.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.USNo
cfcmonXcfcmon.exeDetected by Intel Security/McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.CFNo
BJCFDNCFD.exeBroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
CFDNCFD.exeBroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programsNo
Microsoft Driver SetupXcfdrive32.exeDetected by Sophos as Troj/Agent-OJR and by Malwarebytes as Worm.PalevoNo
cffmonXcffmon.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %ProgramFiles%\FontsNo
cfFncEnabler.exeNcfFncEnabler.exeToshiba "Config Free" wireless network manager on their range of laptopsNo
Corel Colleagues & Contacts RemindersNcffrem.exeCorel Colleagues & Contacts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office and Corel Print House MagicNo
Corel Family & Friends remindersNcffrem.exeCorel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House MagicNo
Configuration ManagerXcfg32.exeBookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%No
cfgboostXcfgboot.exeAdded by an unidentified WORM or TROJAN!No
dmrc3dlgXcfgbRESM.exeDetected by Malwarebytes as Trojan.Passwords.PE. The file is located in %System%No
Microsoft RuntimeXCfgDll32.exeAdded by the RANDEX.BD WORM!No
dvHighMemUcfgmng32.exePureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)Yes
cfgmng32Ucfgmng32.exePureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)Yes
cfgmonXcfgmon.exeDetected by Intel Security/McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.CFGNo
Wins32 OnlineXcfgpwnz.exeDetected by Symantec as W32.Bropia.RNo
Printer Update?cfgreg.exeThe file is located in %Windir%. Maybe a registration reminder or automatically updates drivers or application software for a printer?No
ConfigSafeUCFGSAFE.EXEConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choiceNo
runXcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "cfgsys32.exe" (which is located in %Windir%)No
loadXcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cfgsys32.exe" (which is located in %Windir%)No
cfgsys32Xcfgsys32.exeBackdoor.Win32.Asylum.013.e malware. The file is located in %Windir%No
NAVCFGUCfgWiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start MenuYes
Norton PasswordManagerUcfgwiz.exeConfiguration wizard for Symantec's now discontinued Norton Password Manager security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate) and confirms the default configuration settingsNo
Norton SystemWorksUCfgWiz.exeConfiguration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settingsYes
CfgwizUcfgwiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus, Norton Internet Security and Norton SystemWorks security products. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time the software is launched via the Start MenuYes
SW CfgWizUcfgwiz.exeConfiguration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settingsYes
IS CfgWizUcfgwiz.exeConfiguration wizard for older versions of Symantec's Norton Internet Security (and the now discontinued Norton Personal Firewall). On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton Internet Security is launched via the Start MenuYes
NAV CfgWizUCfgWiz.exeConfiguration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start MenuYes
Configuration WizardXCfgwiz32.exeDetected by Trend Micro as BKDR_HCKTCK.2K.C. Note - do not confuse with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)No
BWRINXCfHaX.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.amy and by Malwarebytes as Trojan.PurBarNo
TMA distributionUcfinst.exePart of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clientsNo
CFi ShellToys Utility ManagerUCFiShlMan.exeManager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"No
Micrcsoft Certificate ServicesXcflmon.exeDetected by Sophos as W32/Rbot-FWVNo
cfmmon.exeXcfmmon.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fh and by Malwarebytes as Worm.AutoRunNo
Microsoft Vista Upgrade Validation ServiceXcfmon.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
CTMON.EXEXcfmon.exeDetected by Sophos as Troj/Clckr-ANNo
cFosDNT?cFosDNT.execFos DSL Modem driver related. What does it do and is it required?No
cFosInst_Check?cfosinst.execFos DSL Modem driver related. What does it do and is it required?No
cFosSpeedUcFosSpeed.execFosSpeed Internet acceleration program from cFos Software GmBH - "increases your throughput and reduces your Ping. Whenever you access the Internet with more than one data stream cFosSpeed can optimize the traffic"No
COMODO Firewall ProYcfp.exeSystem Tray access to, and notifications for an older "Pro" version of Comodo Firewall by Comodo Group, IncNo
COMODO Internet SecurityYcfp.exeSystem Tray access to, and notifications for the range of internet security products from Comodo - including Internet Security, Antivirus and FirewallNo
Warning: do not remove it! (system)Ycfpsys.exe"Folder Password Protect is a software program that allows you to set a password for folders of your choice"No
WindowsXCfreer.exeDetected by Sophos as W32/Culler-CNo
CFSServ.exeUCFSServ.exeBelongs to Toshiba's configfree utility and searches for Wireless DevicesNo
cftmocXcftmoc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
ctfmonXcftmon.exeDetected by Sophos as Troj/Delive-A and by Malwarebytes as Trojan.AgentNo
Windows Display SystemXcftmon.exeDetected by Dr.Web as Win32.HLLW.Autoruner.54764 and by Malwarebytes as Trojan.DownloaderNo
PoliciesXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
PoliciesXcftmon.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\CryptoSuiteNo
HKLMXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKLMXCftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\CryptoSuiteNo
HKLMXCftmon.exeDetected by Intel Security/McAfee as Generic.bfr!dx and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
IndexersXcftmon.exeDetected by Intel Security/McAfee as Generic.dx!zxd and by Malwarebytes as Trojan.DownloaderNo
Winsock2 driverXCFTMON.EXEAdded by a variant of the IRCBOT BACKDOOR!No
HKCUXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\FontsNo
HKCUXCftmon.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXCftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKCUXCftmon.exeDetected by Intel Security/McAfee as Generic.bfr!dx and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ControlExecTrompXcftmon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
autoloadXcftmon.exeDetected by Sophos as W32/Socks-E and by Malwarebytes as Trojan.AgentNo
cftmonXcftmon.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\FontsNo
cftmonXcftmon.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cftmonXcftmon.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %Windir%\CryptoSuiteNo
Windows xmutlerXcftmon32.exeDetected by Intel Security/McAfee as Downloader-CKW and by Malwarebytes as Backdoor.BotNo
cftmonmoXcftmonmo.exeDetected by Dr.Web as Trojan.DownLoader11.22949 and by Malwarebytes as Trojan.Downloader.ENo
cftmonsXcftmons.exeDetected by Malwarebytes as Trojan.Llac. The file is located in %AppData%No
cftmonsXcftmons.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.CFGenNo
Microsoft OfficeXcftmons.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%No
cftmonsi2Xcftmonsi2.exeDetected by Intel Security/McAfee as Generic.dx!vxx and by Malwarebytes as Trojan.Agent.CFTNo
cftmonsvXcftmonsv.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
CFTMONXCFTMONSYS.EXEDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
SFtrb ServiceXcftrb32.exeDetected by Symantec as W32.Sobig.D@mmNo
cft_monXcft_mon.exeDetected by Intel Security/McAfee as Generic PWS.y!dsfNo
cfyXcfy.exeSurfenhance.com SearchForIt adware variantNo
CGI Firewall ScriptXCGIAGENT.EXEDetected by Sophos as W32/Bropia-UNo
Norton Crashguard MonitorNCGMenu.EXETroublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001No
CGServerUcgserver.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programsNo
Cgtask ServicesXcgtask.exeAdded by the LALA.B TROJAN!No
Microsoft Windows Files LoaderXcgy32win.exeDetected by Sophos as W32/Rbot-AXR and by Malwarebytes as Trojan.MWF.GenNo
CgywinXcgywin32.exeDetected by Sophos as W32/Rbot-AEINo
3Xchair.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %CommonAppdata%\WindowsYNo
ChamClockUChamClock.exeChameleon Clock - system tray clock replacementNo
HomeAlarmUChamClock.exeChameleon Clock - system tray clock replacementNo
PoliciesXChampion.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\WinDirNo
ActiveMultiwallpaperUChanger.exeActive Multiwallpaper Changer by Nextriver - "is a cute easy-to-use program that changes your desktop background within defined time interval. Simply choose the folder you would like to use wallpapers from, check what pictures to show and off you go!"No
ChangerXchanger.exeDetected by Malwarebytes as Trojan.Injector.MSS. The file is located in %AppData%\Changer\ChangerNo
PSD Tools ChannelXChannelUp.exeDetected by Intel Security/McAfee as Adware-BuddyLinksNo
ChapelsXChapels.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\ylpCM7IX9E3V6JNo
Animated WallpaperUCharm Waterfall.exeCharm Waterfall animated desktop wallpaper from Desktop AnimatedNo
gpresult.exeXcharmap.exeDetected by Malwarebytes as Trojan.Agent.GPGen. Note - this is not the legitimate charmap.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\IME12No
[random]Xcharmapnt.exeDetected by Sophos as Troj/Bancos-DRNo
System startupUcharmapx.exeOnly required if using an oriental languageNo
Bingo Charm?charms.exeSome kind of screen icon kind of like desk flag, but it gives you a choice of icons?No
chat with me online priveted.exeXchat with me online priveted.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ChatangoNChatango.exeChatango - "is an online IM service for people to converse with each other. Chatango has multiple uses for multiple purposes, including business, anime, roleplaying, and other topics. It is free to make an account, easy to embed and customize, can handle traffic spikes, works on phones and tablets, and many chat rooms are family friendly." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediatelyNo
Chat loginXchatlogin.exeDetected by Trend Micro as WORM_ANTINNY.FNo
mands2Xchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
loves2Xchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
loveuoyXchatser.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\InstallDir - see hereNo
ChatStatUChatStat.exeChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productiveNo
chaveGBtL2TMXchaveGBtL2TM.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\chaveGBtL2TMNo
chcenterNchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"No
chcp.exeXchcp.exeAdded by the SDBOT.BMH BACKDOOR!No
High Definition Audio Property Page ShortcutUCHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be requiredNo
sysberay2Xche#.exeDetected by Malwarebytes as Trojan.Agent - where # represents one or more digits. The file is located in %Windir% - see examples here and hereNo
che32Xche.ocx.vbsDetected by Sophos as WM97/Adenu-BNo
CIONche7e1~1.exeChatItOut webcam chat programNo
cheatenginezXcheatenginez.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
GigaByteXCheatle.exeAdded by the SHODI.B VIRUS!No
Check&GetUCheck&Get.exeCheck&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contentsNo
eRecoveryServiceYcheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
CheckXCheck.exeDetected by Sophos as W32/VB-DRNNo
OBRCheckYcheck.exeNow part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's requiredYes
seccheckXcheck.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!bbs and by Malwarebytes as Backdoor.Agent.ENo
WinCheckXcheck.exeDetected by Sophos as W32/Delbot-YNo
check119Xcheck119_up.exeCheck119 rogue security software - not recommended, removal instructions hereNo
CheckCU?CheckCU.exeInstalled with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and EstonianNo
CheckCustomWorksUpdateNCheckCWupdate.exeUpdate checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"No
WashAndGo - Cleanup of old BackupfilesUchecker.exeWashAndGo - temp file cleanerNo
CheckIt 86UCheckIt86.exeCheckIt 86 popup blockerNo
ChecklistNChecklist.exeChecklist task management utility by Task Solutions Inc (formerly 4th Software)No
ChecklistSrvUChecklistSrv.exeChecklist task tracking and management utility by Task Solutions Inc (was 4th Software)No
Registry Startup CheckXcheckreg.exeDetected by Sophos as Troj/RemLoad-ANo
CheckRunv9_uninstallerXCheckRunv9.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
svhoostXchecksys.exeChinese originated TROJAN! The file is located in %System%No
XvidNCheckUpdate.exeUpdate manager for the Xvid video codecNo
PoliciesXcheckupdates.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\Mozilla FirefoxNo
RealtekXcheckupdates.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %ProgramFiles%\Mozilla FirefoxNo
Blackmagic CheckVersion PCI?CheckVersionPCI.exeRelated to the "Decklink" range of products from Blackmagic Design Pty. Ltd. What does it do and is it required?No
Ads Expert Browser BackupUCheckWork.exePart of Ad Expert Browser - which "is a new program used to analyze the online advertising market to obtain detailed statistics about websites advertising on different pay-per-click advertising systems." Detected by Malwarebytes as PUP.Optional.AdExpertBrowser. The file is located in %AppData%\AEB. If bundled with another installer or not installed by choice then remove itNo
ChedotUchedot.exeDetected by Malwarebytes as PUP.Optional.Ghokswa. The file is located in %LocalAppData%\Chedot\Application. If bundled with another installer or not installed by choice then remove itNo
ChedotNotificationServiceAutoRunUchedot_notifications.exeDetected by Malwarebytes as PUP.Optional.Ghokswa. The file is located in %LocalAppData%\Chedot\Application\[version]. If bundled with another installer or not installed by choice then remove itNo
WMBootNChekList.exeAssociated with Wingman game controllers. Not required but what does it do?No
CHEM ORDER G190.exeXCHEM ORDER G190.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMT. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NVIDIA GeForce ExperienceXCHEM SPEC.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMTNo
ShellXCHEM SPEC.exe,Explorer.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.LMT. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "CHEM SPEC.exe" (which is located in %LocalAppData%\nvidia)No
Windows firewall managerXchh.exeAdded by a variant of the RANDEX.GEL WORM!No
Chiarooscuro hoording.exeXChiarooscuro.exeDetected by Malwarebytes as Backdoor.Messa.E. The file is located in %AppData%\ hoordingNo
chickXchick.exeDetected by Malwarebytes as Trojan.Agent.CHK. The file is located in %AppData%No
chiCkieXchiCkie.exeDetected by Symantec as W32.ChikoNo
ChikkaDefaultUChikkaLauncher.exeChikka PC text messanger and IM clientNo
ChilyClientUChilyClient.exeChily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
eixfiXchina.batDetected by Trend Micro as BAT_WCUP.ANo
china11msnXCHINA11MSN.EXEAdded by the ENVID.O WORM!No
ghostedXchiome.exeDetected by Dr.Web as Trojan.DownLoader10.8716 and by Malwarebytes as Trojan.Downloader.XNNo
chisignupXchisignup.exeDetected by Dr.Web as Trojan.DownLoader8.32006No
%Windir%\chit.EXEXchit.EXEDetected by Dr.Web as Trojan.DownLoader10.30574 and by Malwarebytes as Trojan.Downloader.ENo
ChkAdminNCHKADMIN.EXECompaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"No
MicroSys-CheckAjourNChkAjour.exeAjour by Micro-Sys Software - is a "free personal calendar, organizer, reminder and information manager"No
SB Audigy 2 Startup Menu?ChkColor.EXERelated to the Creative Sound Blaster Audigy 2 range of sound cardsNo
CheckDialerUChkDial.exeHispasec CheckDialer modem connection monitoring toolNo
UninstalTimeXchkdisk.exeDetected by Dr.Web as Trojan.Siggen1.31088 and by Malwarebytes as Backdoor.AgentNo
AdobeReaderProXchkdisk.exeDetected by Sophos as W32/Rbot-BDV and by Malwarebytes as Backdoor.BotNo
iSsrze6yv3eCnPlQXchkdsk.exeDetected by Malwarebytes as Trojan.VB. The file is located in %AppData%\Mozilla\Firefox\extensions\{5f861d5e-11c5-4f1d-b5d2-4a34d8358787}\components\mamNo
[3-4 random letters]Xchkdsk.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. Note - the legitimate Windows chkdsk.exe will always be located in %System% and will NOT figure among the startups!No
Disk CheckXchkdsk32.exeDetected by Sophos as Troj/DownLdr-IMNo
CHK DiskerXchkdsker.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
NT Printing ServiceXchkdsks.exeDetected by Microsoft as Win32/Archivarius and by Malwarebytes as Trojan.AgentNo
NT Printing ServicesXchkdsks.exeDetected by Sophos as Troj/Buzus-M and by Malwarebytes as Backdoor.BotNo
NT Printing ServiceXchkdskss.exeDetected by Microsoft as Win32/Archivarius and by Malwarebytes as Trojan.AgentNo
Microsoft DLL VerifierXchkfile.exeDetected by Sophos as W32/Rbot-AOC and by Malwarebytes as Backdoor.AgentNo
Pe2ckfnt SENchkfont.exeUsed to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menuNo
Generic ChkMailUChkMail.exeMail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrived. The models supported are AS62FM945GM1, AS62JM945PM1 and AS62JM945PM2 - see hereNo
ChkMailUChkMail.exeMail-checking utility supplied with some Acer and ASUS notebooks that uses an LED to notify the user when an E-mail has arrivedNo
ASUS ChkMailUChkMail.exeMail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrivedNo
Java Plug-inXchknt32.exeDetected by Intel Security/McAfee as Spy-Agent.fg and by Malwarebytes as Trojan.ZbotNo
CHK NTXchkntf.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
ChkDiskXchk_disk.exeAdded by an unidentified WORM or TROJAN!No
chimeraXchm.exeDetected by Dr.Web as Trojan.DownLoader11.39792 and by Malwarebytes as Trojan.Rodecap.ENo
DiscoverAncestry EPM SupportUchmedint.exeDiscoverAncestry toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DiscoverAncestry_ch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
avagent3974Xchnb8895.exeAntiVirus ransomware security software - not recommended, removal instructions hereNo
Change Lines?chngline.exeUnknown entry on some Dell machines. The file is located in %Root% - see hereNo
ChoiceMailUCHOICEMAIL.EXEChoiceMail from DigiPortal Software. Block spam with an Email firewallNo
ChokeXChoke.exe -blahhhDetected by Symantec as W32.Choke.WormNo
ExplorerXChome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Trojan.AgentNo
HKLMXChome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXchome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
HKCUXChome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hi and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXchome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
PoliciesXchomeexeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\installNo
ChomikBoxUChomikBox.exeChomikBox - Polish utility that "is a small and friendly program that will allow you to easily add files to your hamster, download, and listen to music directly from the pages of the site!" The "hamster" referred to is an online storage serviceNo
chorm.exeXchorm.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.CH. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXChorme.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\MicrosoftNo
HKLMXChorme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\MicrosoftNo
Chorme.exeXChorme.exeDetected by Dr.Web as Trojan.DownLoader10.63856No
Google ChormeXChorme.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserTemp%No
HKCUXChorme.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\MicrosoftNo
HKLMXchost.exeDetected by Intel Security/McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.HMCPol.GenNo
chost.exeXchost.exeDetected by Intel Security/McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.SpyNetNo
HKCUXchost.exeDetected by Intel Security/McAfee as Generic.dx!wua and by Malwarebytes as Backdoor.HMCPol.GenNo
chost.lnkXchost.lnkDetected by Dr.Web as Trojan.Siggen3.30349 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DATISA chostsXchosts.exeDetected by Dr.Web as Trojan.StartPage.60365 and by Malwarebytes as Trojan.StartPage.CHNo
chostsvXchostsv.exeAdded by the BANPAES.C TROJAN!No
windows taskbarXChouf-This.exeDetected by Sophos as W32/Autorun-BQP and by Malwarebytes as Trojan.AgentNo
NetShowXchqq.exeDetected by Intel Security/McAfee as RDN/Generic VB.b!a and by Malwarebytes as Trojan.StartPageNo
Key NameXchr0me.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2t and by Malwarebytes as Backdoor.Agent.ENo
chrebdp_CsUXchrebdp_CsU.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.MSSNo
Microsoft Driver SetupXChrg.exeDetected by Malwarebytes as Worm.Palevo. The file is located in %System%\driversNo
Christmas Music PlayerNChristmas Music Player.exe"Christmas Music Player brings the music of the Christmas Holiday to your desktop"No
ZackerXChristmas.exeAdded by the MALDAL-C WORM!No
clicupUchrmndr.exeDetected by Malwarebytes as PUP.Optional.ClicUp. The file is located in %LocalAppData%\clicup. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
03cfa1487a94d2b11760b77d3e3b04b3Xchrom.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.MSIL.GenXNo
Chrom.exeXChrom.exeDetected by Dr.Web as Trojan.DownLoader11.6281 and by Malwarebytes as Trojan.Agent.CH. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ChrommXChrom.exeDetected by Malwarebytes as Backdoor.Agent.PDL. The file is located in %AppData%\ChromNo
PoliciesXchrom2.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\chrom2No
HKLMXchrom2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\chrom2No
HKCUXchrom2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\chrom2No
ChromaticUchromatic.exeDetected by Malwarebytes as PUP.Optional.Chromatic. The file is located in %LocalAppData%\Chromatic\application. If bundled with another installer or not installed by choice then remove itNo
ChromeXChrome Support.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\MSDCSC - see hereNo
chrome toolbarXchrome toolbar.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
chrome updateXchrome update.exeDetected by Malwarebytes as Trojan.MSIL.Injector. The file is located in %AppData%\chromeNo
chromeXchrome.batDetected by Dr.Web as Trojan.DownLoader6.8804No
chrome.batXchrome.batDetected by Malwarebytes as Trojan.Agent.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
1Xchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
HATXchrome.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.STG. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\whitehatNo
dXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%No
MicroUpdateXChrome.exeDetected by Dr.Web as Trojan.DownLoader8.37127. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%\Google_chromeNo
explorXchrome.exeDetected by Malwarebytes as Trojan.Downloader.E. Note - this entry loads from the Windows Startup folder, The file is located in %MyDocuments% and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\ApplicationNo
HKCUSER2FFXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
NAVIGATERXChrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%\GoogleNo
Google UpdatesXchrome.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google ChromeNo
WebDiscoverBrowserUchrome.exe"The WebDiscover browser seamlessly integrates your favorite Chrome features and settings into one convenient tool to search the web... all from the comfort of your desktop." Detected by Malwarebytes as PUP.Optional.WebDiscoverBrowser. The file is located in %ProgramFiles%\WebDiscoverBrowser\[version] - unlike the standard Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
ctfmonXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\TorjanNo
ctfmonXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ctn and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserStartup%\FirefexNo
ctfmonXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\SexyNo
HKCUZXchrome.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
cXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DownloadsNo
Rede EthernetXChrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
winkeyXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\winNo
Host Process for Windows ServicesXChrome.exeDetected by Intel Security/McAfee as Generic BackDoor and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %LocalAppData%No
digitalXchrome.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
tfgfhjgkjXChrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
GoogleChromeXchrome.exeDetected by Dr.Web as Trojan.MulDrop4.9457. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleChromeNo
ShellXChrome.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "Chrome.exe" (which is located in %AppData%\InstallDir and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
ShellXchrome.exeDetected by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "chrome.exe" (which is located in %UserTemp%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
AutoUpdateXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
GoogleChromeAutoLaunch_[ID]Uchrome.exeDetected by Malwarebytes as PUP.Optional.NotChromeRun. The file is located in %LocalAppData%\Chromium\Application. If bundled with another installer or not installed by choice then remove itNo
PoliciesXChrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
WindowsStartXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
GoogleChromeAutoLaunch_[ID]Uchrome.exeAllows Google Chrome applications to run in the background when Chrome is closed - which means they still use system resources. To disable them all click the Chrome menu in the browser toolbar → Settings → Show advanced settings → System → deselect "Continue running background apps when Google Chrome is closed". See here for more information and examples here and hereNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\dir\install\install - see hereNo
2015Xchrome.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
GoogleChromeAutoLaunch_[ID]Uchrome.exeCustom build of the Chromium (Chrome) web browser bundled with various adware installers. Detected by Malwarebytes as PUP.Optional.FastBrowser. The file is located in %ProgramFiles%\Fast Browser\Application. If bundled with another installer or not installed by choice then remove itNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
FusionBrowserUchrome.exe"Fusion seamlessly integrates your favourite Chrome browser features and settings into one convenient tool that is accessible directly from the comfort of your desktop." Detected by Malwarebytes as PUP.Optional.FusionBrowser. The file is located in %ProgramFiles%\FusionBrowser\[version] - unlike the standard Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. If bundled with another installer or not installed by choice then remove itNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
PoliciesXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
PoliciesXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
PoliciesXchrome.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
QWGDXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\googleNo
QWQQXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\googleNo
loadXChrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
loadXchrome.exeDetected by Malwarebytes as Backdoor.Agent.MWT. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.exe" (which is located in %AppData%\Twitch and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
loadXchrome.exeDetected by Intel Security/McAfee as Generic.bfr. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Chrome.exe" (which is located in %System%\SYSTEM32 and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
loadXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.exe" (which is located in %System%\syswindr and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
[4 digits]Xchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
loadXChrome.exeDetected by Malwarebytes as Backdoor.XTRat. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Chrome.exe" (which is located in %Windir%\Chrome and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
Adobe Reader and Acrobat ManagerXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\MuAwaY\data\interfaceNo
NvidiaXChrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
ServerXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
HKLMXChrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\InstallDir - see hereNo
HKLMXchrome.exeDetected by Intel Security/McAfee as Generic.bfr!gs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\dir\install\installNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
HKLMXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDir - see hereNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
HKLMXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SpeechNo
IchromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
HKLMXchrome.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
HKLMXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
HKLMXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\InstallDir - see hereNo
HKLMXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
ATIVXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in an "App" sub-folderNo
NVIDIA corportationXchrome.exeDetected by Malwarebytes as Trojan.Agent.CRP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\Winrar\Skype\MicrosoftNo
AHMMWDXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!ex and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
AVAST32Xchrome.exeDetected by Intel Security/McAfee as BackDoor-CZP.dr and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
DARK@123XChrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleWinNo
ChromeXChrome.exeDetected by Intel Security/McAfee as Generic.dx!b2aq and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
dllhostXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Templates%No
chromeXchrome.exeDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.CH. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\contre strike 1.6No
googleXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
ChromeXChrome.exeDetected by Dr.Web as Trojan.DownLoader2.37076 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\DirectoryNo
Java UpdaterXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
chromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in "%AppData%\google "No
ChromeXchrome.exeDetected by Microsoft as Ransom:Win32/Genasom.EJ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\google\chromeNo
ChromeXChrome.exeDetected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes as Backdoor.Agent.CHGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\System\ServicesNo
chromeXchrome.exeDetected by Dr.Web as Trojan.DownLoader6.5297 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\SystemNo
win32Xchrome.exeDetected by Malwarebytes as Backdoor.Agent.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%No
WindowsHostXchrome.exeDetected by Malwarebytes as Backdoor.Agent.WH. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\ProgramData\SystemNo
ChromeXChrome.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\ChromeNo
chromeXchrome.exeDetected by Intel Security/McAfee as Generic.bfr!gs and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
ChromeXchrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
chromeXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
chromeXchrome.exeDetected by Microsoft as TrojanSpy:Win32/Keylogger.FM and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%No
chromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
ChromeXChrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
chromeXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ProNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
Google ChromeXchrome.exeDetected by Dr.Web as Trojan.DownLoader4.33575. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\subfolderNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Agent.MNR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\windowsNo
Google ChromeXchrome.exeDetected by Malwarebytes as Trojan.Banker. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\ApplicationNo
Google chromeXchrome.exeDetected by Malwarebytes as Trojan.Crypt.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\CCleanerNo
Google ChromeXchrome.exeDetected by Malwarebytes as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\Google ChromeNo
Java UpedateXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\Microsoft\Wirar\MicrosoftNo
HKLMACH1HKXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hb and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\syswindrNo
bXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
HKCUXChrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\InstallDirNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\InstallDir - see hereNo
HKCUXchrome.exeDetected by Intel Security/McAfee as Generic.bfr!gs and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%No
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\installNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System% - see hereNo
HKCUXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\installNo
Chrome helpXchrome.exeDetected by Malwarebytes as Trojan.PWS. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDir - see hereNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\smssNo
Chrome ServicesXchrome.exeDetected by Kaspersky as Trojan-PSW.MSIL.Agent.dyi. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google ChromeNo
HKCUXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SpeechNo
GOOGLE CHROME UPDXchrome.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!tw and by Malwarebytes as Trojan.Agent.GC. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\updateNo
HKCUXchrome.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\SYSTEM32No
HKLMZXchrome.exeDetected by Intel Security/McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\.ExplorerNo
HKCUXChrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\ChromeNo
HKCUXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\installNo
Chrome UpdaterXchrome.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Cookies%\DCSCMINNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\InstallDir - see hereNo
HKCUXchrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%\smssNo
chrome.exeXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData% - see hereNo
Yahoo MessenggerXchrome.exeDetected by Sophos as W32/Autorun-NG and by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
Chrome.exeXChrome.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\ChromeNo
chrome.exeXchrome.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\tempNo
chrome.exeXchrome.exeDetected by Intel Security/McAfee as RDN/Generic.dx!ctt and by Malwarebytes as Trojan.Agent.MNRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\windowsNo
Chrome.exeXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
chrome.exeXchrome.exeDetected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%No
JavaXchrome.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InstallDirNo
SkypeXchrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%\MuAwaY\data\interfaceNo
SkypeXChrome.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%No
SkypeXchrome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
Chrome.exeaXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DesktopNo
Chrome.exebXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
Chrome.execXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
Audio(HD)Xchrome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\InternetNo
Chrome.exedXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\FavoritesNo
Chrome.exeeXChrome.exeDetected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)No
aXchrome.exeDetected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\DesktopNo
taskmgrXchrome.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!ze and by Malwarebytes as Backdoor.Agent.CHR. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\chromeNo
RUNDLL32Xchrome.exeDetected by Malwarebytes as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\updaterNo
Google UpdateXchrome.exeDetected by Dr.Web as Trojan.MulDrop1.54424. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%No
Google UpdateXchrome.exeDetected by Malwarebytes as Trojan.PWS. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%No
Google UpdateXchrome.exeDetected by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%\MyAppsNo
ProMINXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%No
WindowsProcessXchrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData% - see hereNo
(Default)XChrome.exeDetected by Malwarebytes as Trojan.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and note that this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %CommonAppData%No
hggjhgkjXChrome.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\SystenNo
Adobe FlashXchrome.exeDetected by Malwarebytes as Backdoor.Agent.HKP. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%\System32No
ShellXchrome.exe,explorer.exeDetected by Malwarebytes as Backdoor.Agent.CHR. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "chrome.exe" (which is located in %AppData%\Google_Update and is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application)No
loadXchrome.exe.lnkDetected by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "chrome.exe.lnk" (which is located in %AppData%\service32), see hereNo
chrome.exe.lnkXchrome.exe.lnkDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
Google ChromeXchrome.scrDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\subfolder - see hereNo
Chrome.vbsXChrome.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
Chrome32.exeXChrome32.exeDetected by Microsoft as Ransom:MSIL/JigsawLocker.A and by Malwarebytes as Trojan.Agent.CHRNo
Yahoo MessenggerXchrome9.exeDetected by Dr.Web as Trojan.StartPage.39111 and by Malwarebytes as Backdoor.BotNo
ChromeAddonXchromeaddon.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
chromebrowserXchromebrowser.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Windir%No
ExploreDLLXChromeDll.exeDetected by Dr.Web as Trojan.DownLoader12.25355 and by Malwarebytes as Trojan.Downloader.DLLNo
adobereaDllXChromeDll.exeDetected by Dr.Web as Trojan.DownLoader12.28213 and by Malwarebytes as Trojan.Downloader.ADBNo
ChromedllXChromedll.exeDetected by Malwarebytes as Trojan.Downloader.CHR. The file is located in %AppData%\ChromeNo
ChromeDllXChromeDll.exeDetected by Dr.Web as Trojan.DownLoader11.22942 and by Malwarebytes as Trojan.Downloader.CHR. The file is located in %Temp%No
HOST-MANAGERXchromee.exeDetected by Malwarebytes as Trojan.Agent.HSTM. The file is located in %Root%\PersfLogs\sys - see hereNo
HKLMXchromee.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
GVb72t6bIXtKRzHXchromee.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %MyDocuments%No
HKCUXchromee.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
ChromeExtraXChromeExtra.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.INCNo
chromenetXchromenet.exeDetected by Sophos as Troj/Malit-FI and by Malwarebytes as Trojan.Agent.ENo
chromer.exeXchromer.exeDetected by Dr.Web as Trojan.DownLoader9.44152 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AdobeXchromes.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\InstallNo
ChromeServiceXChromeService.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.XTRat.ENo
PoliciesXChromesupport.exeDetected by Intel Security/McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.Agent.PGenNo
NoobcakeXChromesupport.exeDetected by Intel Security/McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.AgentNo
BunniesXChromesupport.exeDetected by Intel Security/McAfee as RDN/Generic.dx!o and by Malwarebytes as Backdoor.AgentNo
ChromeUpdater15Xchromesvc15.exeDetected by Dr.Web as Trojan.DownLoader7.9944 and by Malwarebytes as Backdoor.IRCBotNo
MicroUpdateXchromeupd.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
ShellXChromeUpdate.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "ChromeUpdate.exe" (which is located in %LocalAppData%\Google)No
BrowserMeXChromeUpdate.exeDetected by Dr.Web as Trojan.Siggen6.49839 and by Malwarebytes as Trojan.AgentNo
MicrosoftXChromeupdate.exeDetected by Dr.Web as Trojan.MulDrop5.18932 and by Malwarebytes as Trojan.Agent.MSGenNo
GoogleUpdateXChromeUpdate.exeDetected by Malwarebytes as Trojan.Agent.IGen. Note - this is not a legitimate Google Chrome browser entry and the file is located in %AppData%\GoogleUpdateNo
ChromeUpdateXChromeUpdate.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not a legitimate Google Chrome browser entry and the file is located in %CommonAppData%\ChromeUpdateNo
chromeupdateXChromeUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.27987. Note - this is not a legitimate Google Chrome browser entry and the file is located in %CommonFavorites%No
Google updaterUchromeupdater.exeDetected by Malwarebytes as PUP.Optional.Montiera. The file is located in %LocalAppData%\Google\Chrome - see an example here. If bundled with another installer or not installed by choice then remove itNo
ChromeUpdaterXChromeUpdater.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!uh and by Malwarebytes as Backdoor.Agent.MSCNo
ChromeXchromeupdates.exeDetected by Malwarebytes as Backdoor.Andromeda. The file is located in %AppData%\UpdateNo
Google UpdateXChromeupdt.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fj and by Malwarebytes as Backdoor.Agent.DCENo
chromexs.exeXchromexs.exeDetected by Malwarebytes as Ransom.Jigsaw. Note the space at the beginning of the filename, which is located in %AppData%\Chromexs - see hereNo
Chrome_debugXChrome_debug.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
chrome_updateXchrome_frame_helper.exeDetected by Dr.Web as Trojan.DownLoader11.26352 and by Malwarebytes as Backdoor.Agent.CHRNo
Chrome_Loader.exeXChrome_Loader.exeDetected by Microsoft as Backdoor:Win32/Dekara.ANo
Chrome_Patch.exeXChrome_Patch.exeDetected by Dr.Web as Trojan.DownLoader6.3060 and by Malwarebytes as Trojan.AgentNo
CHROMESERVICESXchrome_services.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ANDNo
Google ChromiumXChromium.exeDetected by Dr.Web as Trojan.DownLoader11.19253 and by Malwarebytes as Trojan.Agent.RNSNo
svchostXChromo.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ts and by Malwarebytes as Backdoor.Bot.ENo
cftmonXChromo.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ts and by Malwarebytes as Backdoor.AgentNo
chronoUchrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
ChronographUchrono.exeChronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered overNo
Chroom.exeXChroom.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Chroom.exeXChroom.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry loads from HKCU\Run and the file is located in %UserTemp%No
Windows AudioXchroom.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\InstallNo
Chroome.exeXChroome.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ClientXChroome.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserStartup%No
Chroome.vbsXChroome.vbsDetected by Malwarebytes as Trojan.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ViewshXchrscr.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\WiacplNo
dpmoprovXchsbserv.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %System%No
DiscoverAncestry Search Scope MonitorUchsrchmn.exeDiscoverAncestry toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DiscoverAncestry_ch\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CyberhawkUCHTray.exeCyberhawk from Novatix. Protects against viruses, spyware, identity theftNo
ChronitelInitTV?CHTVINIT.EXEThe file is located in %System%. What does it do and is it required?No
Task ManagerXchucem.exeDetected by Intel Security/McAfee as W32/Chucem.wormNo
JavaUpdate2Xchupdates.exeDetected by Intel Security/McAfee as RDN/Generic.dx!itNo
Microsoft Driver SetupXChvgrm.exeDetected by Avira as TR/Kolab.82432 and by Malwarebytes as Worm.PalevoNo
FemmeXchwia.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cnn and by Malwarebytes as Backdoor.Agent.ENo
ci1gntXci1gnt.exeDetected by Kaspersky as the AGENT.DHU TROJAN!No
Windows Printing DriverXciadvs.exeDetected by Sophos as Troj/Buzus-MNo
Windows Printing DriverXciadvss.exeDetected by Microsoft as Win32/ArchivariusNo
TaskmanXciboq.exeDetected by Sophos as Mal/EncPk-AFU. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "ciboq.exe" (which is located in %UserProfile%)No
Component BrowserXcicedit.exeDetected by Malwarebytes as Backdoor.Agent.CD. The file is located in %System%No
BTHMAN32Xcicscli.exeDetected by Malwarebytes as Trojan.Agent.PRP. The file is located in %System% - see hereNo
iiwmy+m+uXybhss=Xcidaemon.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate CiDaemon.exe XP/2K process which is always located in %System%. This one is located in %AppData%\Microsoft\MMCNo
WindowsFileSystemXcidaemon32.exeAdded by the RBOT-FSP WORM!No
WinXP Catalog ServiceXcidaemon32.exeDetected by Kaspersky as Backdoor.Win32.Rbot.aeuNo
Microsoft Driver SetupXcidrive32.exeDetected by Sophos as Troj/Agent-NES and by Malwarebytes as Worm.PalevoNo
cihost.exeXcihost.exeAdded by the LINST TROJAN!No
Memory Allocation HostXcihost.exeDetected by Avast as a variant of the IRCBOT-CHZ WORM!No
Microsoft Data HelperXcihost.exeMalware, possibly a variant of the LINST TROJANNo
cihuqcyrilwyXcihuqcyrilwy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
CIJ2P2PSERVERYCIJ2P2PS.EXECompaq IJ200 printer utility which is required in order to make the printer work correctlyNo
CIJ3P2PSERVERYCIJ3P2PS.EXECompaq IJ300 printer utility which is required in order to make the printer work correctlyNo
CIJ7P2PSERVERYCIJ7P2PS.EXECompaq IJ700 printer utility which is required in order to make the printer work correctlyNo
CIJ9P2PSERVERYCIJ9P2PS.EXECompaq IJ900 printer utility which is required in order to make the printer work correctlyNo
NTdhcpXCiKewl.exeDetected by Sophos as Troj/QQRob-NNo
TotalComicBooks EPM SupportUcimedint.exeTotalComicBooks toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalComicBooks_ci\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
CimSyncUcimsync.exeProficy CIMPLICITY by GE - "is a client/server based visualization and control solution that helps you visualize your operations, perform supervisory automation and deliver reliable information to higher-level analytic applications"No
startXcimv.exeDetected by Dr.Web as Trojan.MulDrop5.3972. The file is located in %LocalAppData% (10/8/7/Vista) or %UserProfile%\Local Settings (XP)No
msconfigXcimv.exeDetected by Malwarebytes as Spyware.Password. The file is located in %LocalAppData%No
CinemaNowMediaManagerAppUCinemanowShell.exeMedia manager for the CinemaNow digital video distribution serviceNo
Cingular Communication ManagerYCingularCCM.exeCingular Communication Manager by Cingular Wireless (now taken over by AT&T) - "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"No
SoftwareXcipsn.exeAdded by the FORBOT-DM WORM!No
cirdeaqarycrXcirdeaqarycr.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!he and by Malwarebytes as Trojan.Agent.USNo
Duwee wong CerbonXCirebons.exeAdded by the BHARAT.A WORM!No
Datechecker?cisco.exeThe file is located in %System%No
RDSoundXCiscoWi.exeDetected by Dr.Web as BackDoor.DarkNess.41 and by Malwarebytes as Trojan.AgentNo
AutoVirusProtectionXciscv.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
boguzooXcisepud.exeDetected by Dr.Web as Trojan.DownLoader8.36444No
Memory Allocation ServerXciserv.exeDetected by Microsoft as Worm:Win32/Slenfbot.BHNo
TotalComicBooks Search Scope MonitorUcisrchmn.exeTotalComicBooks toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TotalComicBooks_ci\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Optimise.comXcisrss.comDetected by Dr.Web as Trojan.MulDrop4.53993 and by Malwarebytes as Trojan.Agent.CMNo
Memory Allocation ServicesXcisrv.exeAdded by the IRCBOT.FC BACKDOOR!No
CISrvr ProgramNCISRVR.EXERelated to internet setup on Compaq PC'sNo
CissiXCissi.exeAdded by the CISSI.A WORM!No
loadXcisvc.exeDetected by Symantec as Trojan.Downbot. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cisvc.exe" (which is located in %Temp%)No
FamilyKeyLoggerUcisvc.exeFamily Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLoggerNo
SystemServiceXcisvc.exeDetected by Intel Security/McAfee as Generic.dx!tqsNo
CisvcXcisvc.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate cisvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Ci SvrXcisvr.exeAdded by the IRCBOT.AWN BACKDOOR!No
CitiUCSUCitiUCS.exeCitibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"No
Citi Virtual Account NumbersNCitiVAN.exeCiti Virtual Account Numbers - change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
CitiVANNCitiVAN.exeCiti Virtual Account Numbers - change a credit card number in a random fashion for each purchase. The number will only be used once and never againNo
citulhenwyhyXcitulhenwyhy.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
CivaXCiva.exeAdded by the SDBOT.ARI WORM!No
Windows Loader ServiceXcivsc.exeAdded by a variant of Backdoor:Win32/RbotNo
WinFirewallXcIzp.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\Installer - see hereNo
FirewallXcIzp.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %System%\Installer - see hereNo
RunmeAtStartupXcj.exeDetected by Dr.Web as Trojan.DownLoader5.31016 and by Malwarebytes as Trojan.AgentNo
cjbXcjb*.exeAdded by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjbNo
cjbXcjb.exeAdded by the AGENT.ALZE TROJAN!No
CJETXCJet.exeFFToolBar adware toolbarNo
BJ Status Monitor 522UCJSTR3G.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 530UCJSTR4B.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 550UCJSTR4Y.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor 600UCJSTR5I.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Printer Status MonitorNCJSTSR.EXECanon BJ printer status monitorNo
CleverKeysUCK.exeCleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
CKAUCKA.exePart of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection aliveYes
SymKeepAliveUCKA.exePart of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection aliveYes
ckhfs4Xckhfs4.exeDetected by Microsoft as PWS:Win32/Frethog.ADNo
GameTrekkers EPM SupportUckmedint.exeGameTrekkers toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GameTrekkers_ck\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
startkeyXCKOTS.exeDetected by Sophos as Troj/Bifrose-HM and by Malwarebytes as Backdoor.BotNo
GameTrekkers Search Scope MonitorUcksrchmn.exeGameTrekkers toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GameTrekkers_ck\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
kamsoftXckvo.exeDetected by Sophos as Troj/Gamania-BW and by Malwarebytes as Trojan.AgentNo
error report checkerXckvpr.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.xNo
Bench Settings CleanerUcl.exeDetected by Malwarebytes as PUP.Optional.Bench. The file is located in %ProgramFiles%\Bench\Proxy. If bundled with another installer or not installed by choice then remove itNo
Lenovo SettingsXclac.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.TWNo
[various names]Xclamav.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ClamWinYClamTray.exeSystem Tray access to, and notifications for ClamWin free antivirusNo
eckoXclaro.exeDetected by Sophos as Troj/Dloadr-AQJNo
RegistryUclass0117[random].exeBlackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install itNo
class454~@#Uclass454.exeXPSpy surveillance software. Uninstall this software unless you put it there yourselfNo
Classic ShellYClassicStartMenu.exeClassic Start Menu (part of Classic Shell by Ivo Beltchev) - "is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features"Yes
Classic Start MenuYClassicStartMenu.exeClassic Start Menu (part of Classic Shell by Ivo Beltchev) - "is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features"Yes
Clavier+UClavier.exeClavier+ allows you to "create keyboard shortcuts using almost any keys, including the Windows key"No
dimsdrtXclbcmf32.exeDetected by Malwarebytes as Spyware.Password. The file is located in %System%No
clcbt.exeXclcbt.exeDetected by Sophos as Troj/Agent-CBANo
CLCLSetUCLCL.exeCLCL clipboard caching utilityNo
clcl3Xclcl3.exeAdded by the AGENT.ES TROJAN!No
clcl7Xclcl7.exeAdded by a variant of the Covert Sys Exec TROJAN!No
XtremeXCLD.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\ADSLNo
CleeanXCleaan.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
SystemCleanerXClean2.exeAdded by the AUTORUN-AZE WORM!No
CleanEasyImg?cleanall.exeThe file is located in %Root%\apps\easydvd. What does it do and is it required?No
CleanatorXCleanator.exeCleanator rogue privacy program - not recommended, removal instructions hereNo
CleanCatchMainXCleanCatch.exeCleanCatch rogue security software - not recommended, removal instructions hereNo
cleancertXcleancert.exeCleancert rogue security software - not recommended, removal instructions hereNo
Windows SleepXCleaner.exeDetected by Malwarebytes as Trojan.Agent.BCM. The file is located in %AppData%No
 PAL Evidence EliminatorNCleaner.exePAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis. No longer supported. Note the space at the beginning of the "Startup Item" fieldNo
MCleanerComXCleanerComLaunch.exeCleanerCom rogue security software - not recommended, removal instructions hereNo
cleanhlcXcleanhlc.exeDetected by Dr.Web as Trojan.DownLoader2.57773 and by Malwarebytes as Backdoor.BotNo
cleanhtmXcleanhtm.exeAdded by the MDROP-DPE TROJAN!No
cleanmanagerSXcleanmanagerU.exeCleanManager rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
Clean MgrXcleanmg.exeAdded by the IRCBOT.BBO BACKDOOR!No
winlogonXcleanmg.exeDetected by Sophos as Troj/Agent-ICR and by Malwarebytes as Trojan.Agent.TraceNo
DrWatsonXcleanmgr.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!uq and by Malwarebytes as Backdoor.Agent.ENo
Adobe UpdaterXcleanmod.exeDetected by Malwarebytes as Trojan.Agent. This file is located in %AppData%No
CleanRegPath?CleanReg.exeADSL modem related. What does it do and is it required?No
cleansweep.exeXcleansweep.exeDetected by Sophos as Troj/Agent-NEU and by Malwarebytes as Trojan.AgentNo
CleanTempUCleanTemp.exeCleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerNo
CleanTemp 1.5UCleanTemp.exeVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
UCS Clean TempUCleanTemp.exeVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
CleanTempUCLEANT~1.EXECleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerNo
CleanTemp 1.5UCLEANT~1.EXEVersion 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing powerYes
CleanUpYCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
CleanupProgram?cleanup.exeSony Vaio related - what does it do and is it required? Located in a C:\Sonysys folderNo
adi CleanUpYCleanUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry keyYes
CleanVMainXCleanV.exeCleanV rogue security software - not recommended, removal instructions hereNo
clean_serviceXclean_service.cmdAdded by the REFAZ WORM!No
DesktopX WidgetUClear meter bar .exeClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
Clear meter barUClear meter bar .exeClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exitsYes
ArcadeMovieServiceNclear.fiMovieService.exePart of Acer Arcade Deluxe - a default program included with all Acer computers for media management. Movie service by CyberlinkNo
Clear2PCXClear2PCLaunch.exeClearPC rogue security software - not recommended, removal instructions hereNo
Internet Disk CleanerUClearHistory.exe"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
Internet Disk CleanerUCLEARH~1.EXE"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"No
DesktopX WidgetUCLEARM~1.EXEClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"Yes
Clear meter barUCLEARM~1.EXEClear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"Yes
ClearProtectXClearProtect.exeClearProtect rogue security software - not recommended, removal instructions hereNo
ClearScreen PlayerUClearScreenPlayer.exeClearScreen Player offers seamless online video viewing directly on your desktop while working, browsing the Web or gaming. Detected by Malwarebytes as PUP.Optional.ClearScreenPlayer. The file is located in %ProgramFiles%\ClearScreenPlayer. If bundled with another installer or not installed by choice then remove itNo
ClearVaccineMainXClearVaccine.exeDetected by Malwarebytes as Rogue.ClearVaccine - not recommended. The file is located in %ProgramFiles%\ClearVaccineNo
H2OYcledx.exeRelated to copyright protection products by SyncroSoftNo
cleen.batXcleen.batDetected by Malwarebytes as Trojan.Background. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
GMX Clicktionary 2.8NCleverlearn Clicktionary.exeVersion of Clicktionary by Cleverlearn modified for German media firm GMX. "Clicktionary is your quick and dependable translation tool, power-packed with features designed to give you the results you need, while giving you the fun side of learning as well"No
clfmonXclfmon.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
clfmon.exeXclfmon.exeDetected by Sophos as Troj/Agent-BJNo
nvsvca32Xclfmon.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
SYSTEMYTXclfnom.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\Outlook ExpressNo
SCSIXclhhnkfrd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\SCSISERNo
CLHomeMediaServerNCLHomeMediaServer.exeSystem Tray access to the CyberLink Live remote media access serviceYes
CyberLink LiveNCLHomeMediaServer.exeSystem Tray access to the CyberLink Live remote media access serviceYes
Microsoft Server ApplacationsXcli.exeDetected by Sophos as W32/Rbot-GAQNo
ATICCCNcli.exe runtimeATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting WindowsNo
ATI CATALYST System TrayNCLI.exe SystemTraySystem Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktopNo
cli64.exeXcli64.exeDetected by Dr.Web as Trojan.Inject1.31487 and by Malwarebytes as Trojan.VBInjectNo
MicronetXClick.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.CLINo
Click.exeXClick.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.CLI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SlipStreamYclick21core.exeAcelerador Click21 customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Acelerador Click21Yclick21gui.exeAcelerador Click21 customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
VonageUclick2call.exeVonage Voice over IP Internet phone serviceNo
adsacquyXclickads.exeDetected by Dr.Web as Trojan.DownLoader9.40260 and by Malwarebytes as Trojan.DownLoaderNo
ClickMeNClickMe.exeClickM "JOKE" programNo
ClickoffUClickoff.exeClickoff automatically dismisses annoying dialog boxesNo
Best Buy pc appNClickOnceSetup.exe"Best Buy pc app brings you the latest in digital software, games and services. Once it's installed, all you need to do is explore and select the applications you want from our large selection of continuously updated digital content"No
clickpang.exeXclickpang.exeDetected by Dr.Web as Trojan.DownLoad3.16060 and by Malwarebytes as Adware.KoradNo
ClickPotatoLiteSAXClickPotatoLiteSA.exeClickPotato adwareNo
Click Radio TunerNclickr~1.exeClickRadio - subscription service playing radio music via the internet. No longer availableNo
ClicktionaryNClicktionary.exeClicktionary by Cleverlearn - "is your quick and dependable translation tool, power-packed with features designed to give you the results you need, while giving you the fun side of learning as well"No
ClickTray CalendarNClickTray.exe"ClickTray Calendar is a user-friendly calendar, address, and reminder program that can be accessed quickly from the Windows system tray. You can create almost unlimited notes, enter repetitive tasks, create To Do lists, and set alarms. It also has a practical fiscal week or month picture display"Yes
clickupXclickup.exeDetected by Intel Security/McAfee as Generic.dx!bh3t and by Malwarebytes as Adware.KorAdNo
clickvaccineusbXclickvaccineusb.exeClick Vaccine rogue security software - not recommended, removal instructions hereNo
Express ClickYesUClickYes.exe"Express ClickYes is a tiny program that runs in the system tray and automatically clicks the Yes button for the Outlook security prompt, that asks you to confirm mail sending from third party applications or access to Outlook's address book"No
clicon-AgentUclicon.exeDetected by Malwarebytes as PUP.Optional.ClicOn. The file is located in %Temp%\clicon. If bundled with another installer or not installed by choice then remove itNo
CLICONFGXCLICONFG.EXEAdded by the OPASERV.T WORM!No
Cli ConfgXcliconfig.exeAdded by a variant of the SPYBOT WORM! See hereNo
QClient UpdateXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
DigiGuideNclient.exeDigiguide for Windows - "The most comprehensive and powerful TV listings tool available. Digiguide for Windows is the TV guide of choice for the avid TV viewer or media professional who requires a technically superior and extensive TV listings research tool"No
DigiGuide TV GuideNClient.exeDigiguide for Windows - "The most comprehensive and powerful TV listings tool available. Digiguide for Windows is the TV guide of choice for the avid TV viewer or media professional who requires a technically superior and extensive TV listings research tool"No
JavaJDKXClient.exeDetected by Malwarebytes as Trojan.Agent.JVGen. The file is located in %AppData%\Microsoft - see hereNo
Windows ClientXclient.exeDetected by Sophos as Troj/Backdr-AM and by Malwarebytes as Backdoor.BotNo
WindowsXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
WindowsXclient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\WindowsNo
Alpha Client StartupXClient.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %AppData%\SubDirNo
NetWeaveClientXClient.exeDetected by Intel Security/McAfee as Generic.tfr!x and by Malwarebytes as Trojan.AgentNo
JavaUpdateXClient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
RocketTabUClient.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\RocketTab. If bundled with another installer or not installed by choice then remove itNo
RocketTabUClient.exeDetected by Malwarebytes as PUP.Optional.RocketTab.PrxySvrRST. The file is located in %ProgramFiles%\Search Extensions. If bundled with another installer or not installed by choice then remove itNo
officeXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDir - see hereNo
GXLVEEXClient.exeDetected by Intel Security/McAfee as Ransom and by Malwarebytes as Backdoor.Agent.DCENo
UpdatesXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
Client MonitorXclient.exeDetected by Sophos as Troj/Autoit-BNS and by Malwarebytes as Backdoor.LuminosityLink.GenericNo
Quasar Client StartupXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
StartupXClient.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
NETXClient.exeDetected by Dr.Web as Trojan.DownLoader7.11513 and by Malwarebytes as Spyware.KeyLogger. The file is located in %AppData%\{Emissary}No
netXclient.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\emissaryNo
intel graphicsXclient.exeDetected by Malwarebytes as Trojan.KeyLogger. The file is located in %CommonAppData%\intelNo
Babylon RATXclient.exeDetected by Malwarebytes as Backdoor.BabylonRat. The file is located in %CommonAppData%\Babylon RAT - see hereNo
HahhhaXclient.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2j and by Malwarebytes as Backdoor.Agent.FNNo
ClientHelperXclient.exeDetected by Malwarebytes as Worm.Rebhip. The file is located in %AppData%\HelpNo
ClientStartupXClient.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AppData%\SubDirNo
client-v2Xclient.exeDetected by Dr.Web as Trojan.DownLoader9.21319 and by Malwarebytes as Trojan.Agent.MNRNo
TaskmgrXclient.exeDetected by Malwarebytes as Trojan.Agent.TSK. The file is located in %CommonAppData%\TaskmgrNo
Lizard RatXclient.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2j and by Malwarebytes as Backdoor.Agent.FNNo
microXclient.exeDetected by Malwarebytes as Trojan.PasswordStealer.E. The file is located in %CommonAppData%\microNo
Remote ToolXClient.exe.exeDetected by Dr.Web as Trojan.DownLoader7.22362 and by Malwarebytes as Trojan.MSILNo
Comm64XClient64.exeDetected by Malwarebytes as Trojan.MSIL.SLS. The file is located in %UserTemp% - see hereNo
BufferZoneYCLIENTGUI.EXEBufferZone from Trustware - "is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"No
eSnipsUClientGW.exeeSnips Client Gateway from eSnipsNo
loadXclienthelp.exeDetected by Malwarebytes as Trojan.GameThief. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "clienthelp.exe" (which is located in %AppData%\Steam)No
clienthelp.exeXclienthelp.exeDetected by Malwarebytes as Trojan.GameThief. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXclienthost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "clienthost.exe" (which is located in %AppData%\Microsoft)No
WIN32DSXclienttimer.exeEziin adwareNo
WIN32ioXclienttimer.exeEziin adwareNo
svchostXClieT.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\SuDirNo
Clinet.exeXClinet.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
atigktxx_HostXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
atipblag_SystemXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
amdhwdecoder_InfoXclinfo.exe aticfx32.dll, ADL_Display_DeviceConfig_GetDetected by Symantec as Trojan.Cozer and by Malwarebytes as Trojan.Agent.ATSGenNo
clinicvaccineusbXclinicvaccineusb.exeClinic Engine rogue security software - not recommended, removal instructions hereNo
clipboard.exeXclipboard.exeAdded by an unidentified WORM or TROJAN!No
ClipSrvXCLIPBRD3D.EXEDetected by Sophos as W32/Mofei-DNo
clipdiaryUclipdiary.exeClipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"No
Clipmate6NClipMate.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'No
ClipMate7NClipMate.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'No
Clip Service ManagerXclipmg.exeAdded by the DELF.DXJ TROJAN!No
ClipMate5NClipMt5#.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'. # represent a digit for the version numberNo
Clipmate6NClipMt6#.exeClipMate Clipboard Extender by Thornsoft - 'saves time and makes you more productive by adding clipboard functions that the Windows clipboard leaves out, such as holding thousands of "clips", instead of just one at a time'. # represent a digit for the version numberNo
ClipomaticNClipomatic.exeClipomatic by Mike Lin. Clipboard cache program "which remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data". No longer supportedNo
ClipSrvXclipserv.exeDetected by Sophos as W32/Sdbot-AAVNo
ClipSrvXclipservr.exeAdded by the SDBOT-AFE WORM!No
ClipSrvXclipsrv.exeDetected by Intel Security/McAfee as Downloader-FIK and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %AppData%\MicrosoftNo
ClipSrvXclipsrv.exeDetected by Intel Security/McAfee as Downloader-FIK. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%No
ClipSrvXclipsrv.exeDetected by Dr.Web as Trojan.DownLoader17.42929 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%\MicrosoftNo
ClipSrvXclipsrv.exeDetected by Dr.Web as Trojan.DownLoader10.2122 and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %LocalAppData%\Microsoft\WindowsNo
clipsrvXclipsrv.exeDetected by Intel Security/McAfee as RDN/Generic.dx!eh. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %Windir%No
ClipSrvXclipsrv.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
Clip ServicerXclipsrvc.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Clip SrvXclipsv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
ClipsvcXclipsv.exeDetected by Trend Micro as BLACKHOLE.F BACKDOOR!No
LocalSystemXclipsvr16.exeAdded by the FEMO BACKDOOR!No
LocalSystemXclipsvr32.exeAdded by the FEMO BACKDOOR!No
ClipTrak ProNClipTrak Pro.exeClipTrak - clipboard extender which allows easy access for later use with a cache which contains the most resent 100 clips you copied to the clipboard.No
ClipTrakNClipTrak.exeClipTrak - clipboard extender which allows easy access for later use with a cache which contains the most resent 100 clips you copied to the clipboard.No
ClipTrakkerNClipTrakker.exeCliptrakker clipboard extender. Now discontinuedNo
CLI ServicesXclisrv.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Catalyst® Control Center LauncherNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
ATICCCNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
StartCCCNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
CLIStartNCLIStart.exePuts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → ProgramsNo
SMS Client ServiceUclisvc95.exeWhen the Systems Management Server (SMS) Client Service starts on a domain controller, it modifies the SMSCliToknAcct, user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)No
algorithmXcllhost.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
cllmono.exeXcllmono.exeDetected by Malwarebytes as Trojan.Agent.TIB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CLMemoSysTrayNCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
CLMemoSysTray ApplicationNCLMemoSysTray.exeSystem Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"Yes
CyberLink MediaLibray ServiceUCLMLSvc.exeInstalled with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CLMLServerUCLMLSvc.exeCyberLink MediaLibray Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CLMLServer for HP TouchSmartUCLMLSvc.exeCyberLink MediaLibray Service - included with the version of CyberLink's PowerCinema installed on the HP Touchsmart range of desktops and notebooks and used to manage the media libraries, providing advanced file search, browsing and tracking. Some report it uses excessive system and memory resourcesNo
CLMLSvcUCLMLSvc.exeCyberLink MediaLibray Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resourcesYes
CyberLink MediaLibray ServiceUCLMLSvc_P2G10.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingYes
CLMLServer_For_P2G10UCLMLSvc_P2G10.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingYes
CLMLServer_For_P2G8UCLMLSvc_P2G8.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingNo
CLMLServer_For_P2G9UCLMLSvc_P2G9.exeCyberLink MediaLibray Service - included with CyberLink's Pwoer2Go. Used to manage the media libraries, providing advanced file search, browsing and trackingNo
CLMFrontPanelUclmpanel.exeSystem tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lostNo
Content List Management SubsystemXclmss.exeAdded by the SPYBOT-EL WORM!No
QuickInstallPackXCLN_2009FreeInstall.exeInstalled and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard CenterNo
PinYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to itNo
PinMcLnkYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to itNo
SetDefaultPrinterYcloaker.exeUsed by HP and Compaq computers to hide the windows of programs passed as arguments to it. In this instance the arguments are %System%\cmd.exe /c %Root%\hp\bin\defaultprinter\SetDefaultPrinter.cmdNo
Windows InsecureXClock.exeAdded by the SDBOT.GAV WORM!No
Clock Widget (HTC Home)NClock.exeClock Widget from HTC Home - which is "a free set of widgets for Windows like on HTC Smartphones." The default installation includes the QuickShare ad-supported browser enhancement which can in turn install the Delta toolbarYes
147Xclock.pifDetected by Dr.Web as Trojan.MulDrop3.53831 and by Malwarebytes as Trojan.Agent.PFNo
AccessoriesPlusUclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clockNo
SkinClockUClockTraySkins.exeClock Tray Skins by Drive Software - "is the advanced replacement for standard Windows tray clock. See the time, seconds, day, date, percent of memory in use and system UpTime in different skins. Displays the time for any of the time zones"No
ClockWiseUCLOCKWISE.EXEClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSyncNo
wiseXclockwise.exeDetected by Sophos as Troj/Lazar-ANo
ClocXUClocX.exeClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms, etcNo
CloneCDNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsYes
CloneCD TrayNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsNo
CloneCDTrayNCloneCDTray.exeSystem Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDsYes
[random]XCloud AV 2012v121.exeCloud AV 2012 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.CloudAV2012No
Cloud Net - BetaXcloud.exeDetected by Dr.Web as Trojan.DownLoader9.29878 and by Malwarebytes as Trojan.Agent.BTCNo
cloudpop.exeXcloudpop.exeDetected by Dr.Web as Trojan.DownLoad3.5224 and by Malwarebytes as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpopNo
cloudpop_.exeXcloudpop_.exeDetected by Malwarebytes as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpopNo
CloudSystemBoosterNCloudSystemBooster.exeCloud System Booster cloud based optimization utility by Anvisoft - "Clean up system junk files, fix registry errors, repair browser problems, optimize your PC system to boost your PC Performance"No
cloud_.exeXcloud_.exeDetected by Dr.Web as Trojan.DownLoad3.5224 and by Malwarebytes as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpopNo
cloverXclover.exeDetected by Kaspersky as AdWare.Win32.KSG.rr and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlusNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader7.20450 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\brainclan CPNo
clover_uXclover_updater.exeDetected by Kaspersky as AdWare.Win32.Agent.svv and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlusNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader6.2016 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\intothemap CPNo
clover_uXclover_updater.exeDetected by Dr.Web as Trojan.DownLoader7.4655 and by Malwarebytes as Adware.CloverPlus. The file is located in %ProgramFiles%\KoreaMessenger CPNo
ClownfishNClownfish.exeClownfish by Shark Labs - "is an online translator for all your outgoing messages in Skype. Now you could write in your native language and the recipient will receive the message translated to their language. There are different translation services you could choose from"No
WINCLPXclp.exeDetected by Intel Security/McAfee as RDN/PWS-Lineage!c and by Malwarebytes as Spyware.OnlineGamesNo
COMODOUCLPSLA.exePart of Comodo Group's Cloud Scanner online malware service and their GeekBuddy remote support tool - which is available as a separate product and is installed (but not licensed) with their free and retail security products such as Internet Security, Antivirus and FirewallNo
Comodo Launch Pad TrayUCLPTray.exeSystem Tray access to LaunchPad - as bundled with older versions of Comodo's free offerings such as Comodo Antivirus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see hereNo
CLPushUpdate?CLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
CyberLink Live?CLPushUpdate.exePart of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updatesYes
CyberLat Ram CleanerUCLRamCleaner.exeCyberLat RAM Cleaner - memory optimizer. No longer supported or available from the authorsNo
MSVersionXClrSchP038.exeAdded by the POPMON.A TROJAN - also known as PopMonster adwareNo
Windows System32Xclsas32.exeDetected by Sophos as W32/Rbot-AZONo
Windows System32 DriverXclsass32.exeAdded by the SDBOT-AGG WORM!No
clsavXclsav.exeAdded by the AUTORUN-BTQ WORM!No
APVXDWINYClShield.exe"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"No
winsrvXclsnsv.exeDetected by Malwarebytes as Trojan.Korad. The file is located in %ProgramFiles%No
cls_pack.exeXcls_pack.exeDetected by Sophos as Troj/FakeAV-AQB and by Malwarebytes as Backdoor.BifroseNo
SearchProtectUcltmng.exeSearch Protect by Conduit Ltd - is a "free desktop application that saves your preferred browser settings so that they can't be changed by software you download from the Internet." Detected by Malwarebytes as PUP.Optional.ConduitSearchProtect. The file is located in %AppData%\SearchProtect\bin. If bundled with another installer or not installed by choice then remove itNo
SearchProtectAllUcltmng.exeSearch Protect by Conduit Ltd - is a "free desktop application that saves your preferred browser settings so that they can't be changed by software you download from the Internet." Detected by Malwarebytes as PUP.Optional.ConduitSearchProtect. The file is located in %AppData%\SearchProtect\bin. If bundled with another installer or not installed by choice then remove itNo
ClUpdateUClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
ClauerUpdateUClUpdate.exeAutomatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keysNo
CleverKeysUClvrKeys.exeOlder version of CleverKeys - which "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"No
cLYIMk5F.exeXcLYIMk5F.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!rl and by Malwarebytes as Trojan.Agent.RNSNo
Start RF Wireless MouseYcm20.exeWireless mouse driverNo
Desksite CMAUcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
cmaUcma.exeDeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"No
CyberMedia AgentNCMAGENT.EXEPart of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabledNo
MachineTestXCMagesta.exeAdded by the SDBOT-NE WORM!No
cnfgCavYCMain.exePart of an older version of Comodo AntivirusNo
Connection ManagerNCManager.exeSBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the serviceNo
CMAPPXcmappclient.exeCasClient adware - also detected as the CMAPP TROJAN!No
loadXcmd /c svchost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\svchost\svchost.exe"No
loadXcmd /c [path] .NET Framework.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\.NET Framework.exe"No
loadXcmd /c [path] adover.exeDetected by Malwarebytes as Trojan.Agent.ADB. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\adober\adover.exe"No
loadXcmd /c [path] avg.exeDetected by Malwarebytes as Backdoor.Agent.BP. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %WinTemp%\bypass\avg.exe"No
loadXcmd /c [path] dllhost.exe;;Detected by Malwarebytes as Backdoor.Agent.DLH. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\Windows\dllhost.exe". Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserTemp%\WindowsNo
loadXcmd /c [path] file.exeDetected by Sophos as Troj/Nano-D and by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\FolderName\file.exe"No
loadXcmd /c [path] file.exeDetected by Sophos as Troj/Fareit-SL and by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %UserTemp%\FolderName\file.exe"No
loadXcmd /c [path] NETFramework.exeDetected by Sophos as Troj/MSIL-EUU and by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\NETFramework.exe"No
LoadXcmd /c [path] netprotocol.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\ScreenToGif\netprotocol.exe"No
loadXcmd /c [path] scsiwind.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\scsiwind.exe"No
loadXcmd /c [path] Svchost.exeDetected by Malwarebytes as Backdoor.Agent.DCE. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Svchost.exe" (the legitimate svchost.exe process which is always located in %System%)No
loadXcmd /c [path] svchost.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Sys34\svchost.exe"No
loadXcmd /c [path] udpsv.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\udpsv.exe"No
loadXcmd /c [path] winrarDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\FolderName\winrar"No
loadXcmd /c [path] wpasv.exeDetected by Malwarebytes as Trojan.Dropper. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Windows\wpasv.exe"No
loadXcmd /c [path] xpsrchw.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the line "cmd /c %AppData%\Microsoft\Blend\14.0\FeedCache\xpsrchw.exe"No
dXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserProfile%\FavoritesNo
Command PromptXcmd.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%No
eXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)No
cXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %MyDocuments%No
hpcmdXcmd.exeDetected by Sophos as Troj/AdClick-DS. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in the "spool" sub-folderNo
cmdXcmd.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%No
cmdXcmd.exeDetected by Malwarebytes as Spyware.Dyre. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %LocalAppData%No
cmd.exeXcmd.exeDetected by Dr.Web as Trojan.DownLoad3.26379. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
cmd.exeXcmd.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Temp%No
cmd.exeXcmd.exeDetected by Dr.Web as Trojan.Siggen4.27324 and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
systeoXcmd.exeDetected by Dr.Web as Trojan.Siggen6.36149 and by Malwarebytes as Trojan.Agent.STMQQ. Note - this entry either replaces or loads the legitimate cmd.exe process which is always located in %System%. Which is the case is unknown at this timeNo
GoogleUpdateXcmd.exeDetected by Malwarebytes as Trojan.Agent.IGen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %LocalAppData%No
Windows Console Microsoft MeditionXcmd.exeDetected by Dr.Web as Trojan.DownLoader11.5347 and by Malwarebytes as Trojan.Downloader.E. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
HKLMXcmd.exeDetected by Intel Security/McAfee as Generic.bfr!do and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
bXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
Win32 ConsoleXcmd.exeDetected by Trend Micro as WORM_ABI.C. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
MqqZXcmd.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%No
HKCUXcmd.exeDetected by Intel Security/McAfee as Generic.bfr!do and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %Windir%\InstallDirNo
aXcmd.exeDetected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System%. This one is located in %UserProfile%\DesktopNo
PanoramSho####Ucmd.exe /c del /q /f [path] [filename]Detected by Malwarebytes as PUP.Optional.ArcadeCandy.WnskRST - where # represents a digit. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The file is located in %LocalAppData%\PanoramSho#. If bundled with another installer or not installed by choice then remove itNo
isDeleteMeUcmd.exe /c isDel.batUsed by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product. The "isDel.bat" file is located in %WinTemp%No
FIX2-[6 letters]XCMD.EXE /C START wsmprovhost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "wsmprovhost.exe" file is located in %AppData% - see examples here and hereNo
WMSDOS-ServicePack2Xcmd.exe /c [path] WMSDOS.sysDetected by BitDefender as Trojan.Downloader.Delf.OFC. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted. The file is located in %Root% - see hereNo
Sistema OperacionalXcmd.exe [path] aaa.batDetected by Symantec as Trojan.Banker.I and by Malwarebytes as Trojan.Banker. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aaa.bat" file is located in %Temp%No
asodakaossdXcmd.exe [path] aiaksfoiaksjsof.vbsDetected by Intel Security/McAfee as RDN/Ransom!ee and by Malwarebytes as Trojan.Agent.MNR. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aiaksfoiaksjsof.vbs" file is located in %AppData%No
asodkaosdXcmd.exe [path] aiksfoiakjsof.vbsDetected by Intel Security/McAfee as RDN/Ransom!ee and by Malwarebytes as Trojan.Agent.MNR. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aiksfoiakjsof.vbs" file is located in %AppData%No
AMD AVT?Cmd.exe [path] kdbsync.exeRelated to AMD's Accelerated Video Transcoding (AVT) architecture which helps speed up video conversations. "AVT is a combination of hardware and low level software to convert H.264 and MPEG-2 video sources, up to 1080p resolution, to H.264 MPEG-2 file format to fit the target device supported resolutions and bitrates, up to 1080p resolution" - read more in this PDFNo
Dynamic Dns BinaryXcmd16.exeDetected by Sophos as W32/Rbot-XM and by Malwarebytes as Trojan.AgentNo
CMDXcmd32.exeDetected by Bitdefender as Win32.P2P.Tanked.BNo
cmd32Xcmd32.exeDetected by Dr.Web as Trojan.Siggen4.26128 and by Malwarebytes as Backdoor.PoisonIvy. The file is located in %System%No
cmd32Xcmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd. The file is located in %System%\InstallDirNo
loadXcmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "cmd32.exe" (which is located in %System%\InstallDir) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKLMXcmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd and by Malwarebytes as Backdoor.HMCPol.GenNo
Ass and tittiesXCMD32.EXEAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
HKCUXcmd32.exeDetected by Intel Security/McAfee as Generic.tfr!cd and by Malwarebytes as Backdoor.HMCPol.GenNo
Configuration LoaderXcmd32.exeDetected by Symantec as Backdoor.Sdbot and by Malwarebytes as Backdoor.BotNo
ControlPanelXcmd32.exe internat.dll,LoadKeyboardProfileDetected by Sophos as Troj/Dloader-HF. Note - the "cmd32.exe" file is located in %System%No
cmd64Xcmd64.exeCoolWebSearch Msconfd parasite variantNo
PoliciesXcmdagent.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\Sys32No
HKLMXcmdagent.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32No
system managementXcmdagent.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %Templates%No
HKCUXcmdagent.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32No
cmdbcsXcmdbcs.exeAdded by the LINEAG-GKW TROJAN!No
CmdconXcmdcon.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
TrueMobile 1150 Client ManagerYcmdel.exeClient Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"No
CMDHostXCMDHost#.exeDetected by Malwarebytes as Backdoor.Agent.Gen - where # represents a digit and the file is located in %AppData%No
win32Xcmdhost32.exeDetected by Malwarebytes as Backdoor.Agent.Gen. The file is located in %Windir%No
cmdl32Xcmdl32.exeDetected by Kaspersky as Trojan.Win32.Buzus.hgva. The file is located in %Windir% - see hereNo
cmdl32.exeXcmdl32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
accw0866Xcmdl_950.exeDetected by Malwarebytes as Trojan.Ursnif. The file is located in %System%No
relinsonXcmdno.exeDetected by Sophos as Troj/Dropper-PSNo
cmdpri.exeXcmdpri.exeDetected by Dr.Web as Trojan.DownLoader9.25289 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Command Prompt32XCmdPrompt32.pifDetected by Symantec as W32.Assiral.B@mmNo
Cinnabd Prompt32XCmdPrompt32.pifDetected by Sophos as W32/Assiral-BNo
mctatendXcmdrcfg.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
cmdsXcmds.exeDetected by Intel Security/McAfee as GenericR-CRI and by Malwarebytes as Trojan.Agent.WNSGenNo
MyLifeXCmdServ.exeDetected by Trend Micro as WORM_HOLAR.ANo
CmdShell.exeXCmdShell.exeDetected by Sophos as Troj/Bckdr-QHYNo
WCMDXcmdwin32.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.DCENo
MsgSvcMgr32Xcmdzxdll.exeDetected by Sophos as W32/Rbot-AEKNo
CMEXcme.exeGAIN adware by Claria CorporationNo
Check MessengerUcmesseng.exeCheck Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisnessNo
CmeSYSXCMEsys.exeGAIN adware by Claria CorporationNo
CmeUPDXCMEupd.exeGAIN adware by Claria CorporationNo
COMODO Memory FirewallYcmf.exe"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack." Now discontinuedNo
CMFibulaXCMFibula.exeCASClient adwareNo
CmFlywaveNameNCmFlywav.exeDriver for the Linksys WMB54G Wireless-G Music BridgeNo
McAfee GuardianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
GuardianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
CMGrdianUCMGrdian.exeMcAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly othersNo
CMGShieldUIUCMGShieldUI.exeUI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDsNo
Microsft Security Monitor ProcessXcmh.exeDetected by Kaspersky as Backdoor.Win32.EggDrop.v. The file is located in %Windir%No
ORiNOCOUCmluc.exeClient Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI cardNo
sysupdateXcmman32.exeAdded by the VB.AMX TROJAN!No
Microsoft Connection Manager MonitorXcmmon.pifDetected by Sophos as W32/Rbot-AKVNo
msysXcmmon32.exeDetected by Kaspersky as AdWare.Win32.BHO.dzd. The file is located in %Windir%No
cmmon32.exeXcmmon32.exeDetected by Dr.Web as Trojan.Inject1.13506 and by Malwarebytes as Trojan.InjectNo
Cmmon32SysXcmmon32.exeAdded by the SMALL.CL TROJAN!No
HKCUXcmmon32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
AXcmmon32.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!vf and by Malwarebytes as Backdoor.Agent.RAGenNo
cmmonw32Xcmmonw32Detected by Dr.Web as Trojan.Siggen4.26128No
asr_otokXcmmoosk.exeDetected by Malwarebytes as Trojan.Backdoor.SK. The file is located in %System%No
runNcmmpu.exeMIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI). Note - this entry loads via "run" section of WIN.INI on operating systems prior to Windows NT and the file is located in %System%No
Windows Disk ManagerXcmnvc.exeAdded by the SLENFBOT.JR WORM!No
[various names]Xcmon14.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DC300 MonitorUcmonitor.exeMonitor for a Acer DC300 digital cameraNo
Task AlertXcmosvc.exeAdded by a variant of the IRCBOT BACKDOOR!No
[12 random characters]Xcmpbk321.exeIeDriver adware variantNo
CMPDPSRVUCMPDPSRV.EXEPrinter Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printersNo
cmrsfXcmrsf.exeDetected by Sophos as Troj/Delf-HUNo
cmrssXcmrss.exeDetected by Trend Micro as TROJ_DELF.DU and by Malwarebytes as Trojan.BankerNo
cmrstXcmrst.exeAdded by the BANCOS.S TROJAN!No
cmrstXcmrst.scrDetected by Sophos as Troj/Dloader-FPNo
Microsoft System32 UpdateXcmsrg.exeDetected by Sophos as W32/Rbot-GNNo
Subsystem MonitorXcmsrm.exeDetected by Dr.Web as Trojan.Siggen1.54194 and by Malwarebytes as Trojan.Agent.SBMNo
Ethernet DriverXcmsrrs.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
SystemControlerXcmss.exeDetected by Intel Security/McAfee as Generic PWS.y and by Malwarebytes as Trojan.Agent.GenNo
Microsoft UpdateXcmss.exeDetected by Sophos as W32/Rbot-ATQ and by Malwarebytes as Backdoor.BotNo
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.AVKill.22183 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\GoogleUpdaterNo
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.AVKill.15254 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\JavaUpdaterNo
IntellRaidConfigurerXcmss.exeDetected by Dr.Web as Trojan.DownLoader7.21665 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\WinAppsNo
Windows CMS ProtocolXcmss.exeDetected by Sophos as W32/Rbot-BFTNo
cmssXcmss.exeDetected by Kaspersky as Trojan.Win32.Agent2.eko. The file is located in %Temp%No
MicrosofUpdateXcmss.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\ConfigSysNo
Microsofts UpdatezXcmsssr.exeAdded by unidentified malware. The file is located in %System%No
CmSTPXcmstp.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate cmstp.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
CamtasiaXcmstudio.exe.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not a legitimate entry for Camtasia Studio from TechSmith and the file is located in %AppData%\MicrosoftNo
CMSystemXCMSystem.exeCASClient adwareNo
Cmt101Xcmt101.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
CmUCRRun?CmUCReye.exeRelated to devices by Medion Display. What does it do and is it required?No
ClickmonsterXCMupdate.exeDetected by Intel Security/McAfee as Generic.tfr and by Malwarebytes as Adware.KoradNo
cmutilXcmutil.exeDetected by Sophos as Troj/Agent-DFNNo
CMWorkstationUcmwkse.exeCyber Monitor 2004 by Enter - "professional billing, monitoring and management system for Internet cafes, libraries, schools, hotels and other institutions that provide computers for public use"No
Cmx32Xcmx32.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
WindowsUpdateXcmxmg.bat wwupt.uoiDetected by Malwarebytes as Backdoor.IRCBot.Gen. Both files are located in %AppData%\xltbmNo
Windows System FileXcmxp.exeAdded by the SPYBOT.KHO WORM!No
CNAP2 LauncherUCNAP2LAK.EXECanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
CNBABEXCNBABE.EXEAppears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsingNo
Microsoft Driver SetupXcndrive32.exeDetected by Malwarebytes as Worm.Palevo. The file is located in %Windir% - see hereNo
nClientXcnen.exeDetected by Sophos as W32/Delbot-ALNo
UpdateComponentXCNF UPD.EXEAdded by the SPYBOT.GEN VIRUS!No
shambl3rXcnf.batAdded by the REMABL WORM!No
Configuration ManagerXCnfgldr.exeDetected by Symantec as Backdoor.SdbotNo
Cnfrm32Xcnfrm.exeAdded by the MIMAIL.D WORM!No
Cn323Xcnfrm33.exeDetected by Symantec as W32.Mimail.G@mm and by Malwarebytes as Worm.AgentNo
[various names]Xcnftips.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
IJNetworkScanUtilityUCNMNSUT.EXENetwork utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computerNo
BJ Status Monitor Canon i250Ucnmss Canon i250 (Local).exeCanon i250 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i320Ucnmss Canon i320 (Local).exeCanon i320 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i455Ucnmss Canon i455 (Local).exeCanon i455 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i470DUcnmss Canon i470D (Local).exeCanon i470D printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i550Ucnmss Canon i550 (Local).exeCanon i550 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i560Ucnmss Canon i560 (Local).exeCanon i560 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i850Ucnmss Canon i850 (Local).exeCanon i850 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i860Ucnmss Canon i860 (Local).exeCanon i860 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i865Ucnmss Canon i865 (Local).exeCanon i865 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i950Ucnmss Canon i950 (Local).exeCanon i950 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon i9900Ucnmss Canon i9900 (Local).exeCanon i9900 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP110 Series PrinterUcnmss Canon MP110 Series Printer (Local).exeCanon MP110 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP130 Series PrinterUcnmss Canon MP130 Series Printer (Local).exeCanon MP130 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP360 Series PrinterUcnmss Canon MP360 Series Printer (Local).exeCanon MP360 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP390 Series PrinterUcnmss Canon MP390 Series Printer (Local).exeCanon MP390 Series printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP700 PrinterUcnmss Canon MP700 Printer (Local).exeCanon MP700 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon MP730 PrinterUcnmss Canon MP730 Printer (Local).exeCanon MP730 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP1000Ucnmss Canon PIXMA iP1000 (Local).exeCanon PIXMA iP1000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP1500Ucnmss Canon PIXMA iP1500 (Local).exeCanon PIXMA iP1500 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP2000Ucnmss Canon PIXMA iP2000 (Local).exeCanon PIXMA iP2000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP3000Ucnmss Canon PIXMA iP3000 (Local).exeCanon PIXMA iP3000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP4000Ucnmss Canon PIXMA iP4000 (Local).exeCanon PIXMA iP4000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP6000DUcnmss Canon PIXMA iP6000D (Local).exeCanon PIXMA iP6000D printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon PIXMA iP8500Ucnmss Canon PIXMA iP8500 (Local).exeCanon PIXMA iP8500 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon BJC-2000Ucnmss1u.exeCanon BJC-2000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon BJC-2100Ucnmss2f.exeCanon BJC-2100 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S400Ucnmss2p.exeCanon S400 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S600Ucnmss2v.exeCanon S600 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S300Ucnmss38.exeCanon S300 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor S100Ucnmss3a.exeCanon S100 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S100SPUcnmss3c.exeCanon S100SP printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S9000Ucnmss3i.exeCanon S9000 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S520Ucnmss3m.exeCanon S520 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S750Ucnmss3q.exeCanon S750 printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S200SPUcnmss3y.exeCanon S200SP printer status monitor - for monitoring printer status, checking ink levels, etcNo
BJ Status Monitor Canon S330Ucnmss45.exeCanon S330 printer status monitor - for monitoring printer status, checking ink levels, etcNo
Microsoft Synchronization ManagerXcnnet.exeDetected by Microsoft as Backdoor:Win32/Sdbot.NL and by Malwarebytes as Backdoor.BotNo
Mspatch89Xcnqmax.exeAdded by the RANDEX.P WORM!No
Canon Quick MenuNCNQMMAIN.EXECanon Quick Menu "is a utility software that allows you to easily start the applications and manuals that are supplied with your printer and also quickly access online product information"Yes
CanonQuickMenuNCNQMMAIN.EXECanon Quick Menu "is a utility software that allows you to easily start the applications and manuals that are supplied with your printer and also quickly access online product information"Yes
CanonSolutionMenuExUCNSEMAIN.EXECanon Solution Menu EX (now replaced by Quick Menu) "immediately starts the manuals or application software that allows you to print album or calendar easily, or scan photos and documents. It is a convenient control centre for your printer, scanner or All-In-One"No
CanonSolutionMenuUCNSLMAIN.exeCanon Solution Menu (now replaced by Quick Menu) "lets you get straight to the function of your device that you need"No
b5700x driveXcnssr.exeAdded by the MAHA-T TROJAN!No
System Failure StatisticXcnstat.exeAdded by the RBOT-LF WORM!No
Adobe ReaderXcnthost.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %Windir%\WinbootsNo
PoliciesXcnthost.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\WinbootsNo
Protection CenterXcntprot.exeProtection Center rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.ProtectionCenterNo
CnwiDeviceAgentUcnwida.exeCanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
GARO Status MonitorUcnwism.exeCanon printer status monitor - for monitoring printer status, checking ink levels, etcNo
CnxDslTaskBarNCnxDslTb.exeConexant DSL Taskbar as used on their AccessRunner ADSL modem and others such as the Samsung AHT-E310, ZTE ZXDSL852 and TeleWell EA100BNo
WooCnxMonNCnxMon.exeWanadoo (which was rebranded as Orange and is now part of EE) broadband ISP relatedNo
CNYHKeyUCNYHKey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
ledpointerUCNYHKey.exeEnables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended featuresNo
Windows Service AgentXco0l.exeDetected by Sophos as W32/Rbot-GQY and by Malwarebytes as Backdoor.BotNo
ActiveXXcoast.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dfh and by Malwarebytes as Backdoor.Agent.IDF. The file is located in %AppData%\AnglenoisNo
ActiveXXcoast.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!b2y and by Malwarebytes as Backdoor.Agent.IDF. The file is located in %AppData%\WindowsDirNo
coayaoXcoayao.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %UserProfile%No
CobBUUCobBU.exeCobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian BackupUCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 6UCobBU.exeCobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 7UCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 7 ApplicationUCobBU.exeCobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
CobianUCobian.exeCobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP/2K/NT). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredNo
Cobian Backup 10UCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 8UCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup 9UCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup AmanitaUCobian.exeCobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup Black MoonUCobian.exeCobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
Cobian Backup BoletusUCobian.exeCobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (7/Vista/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when requiredYes
cobodorewamsXcobodorewams.exeDetected by Dr.Web as BackDoor.Bulknet.1351 and by Malwarebytes as Trojan.Agent.USNo
coboqjeaqoxgXcoboqjeaqoxg.exeDetected by Dr.Web as Trojan.DownLoader11.10672 and by Malwarebytes as Trojan.Agent.USNo
Cobian Backup 7 InterfaceUcobui.exeSystem Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
Cobian Backup Interface 6Ucobui.exeSystem Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
cobuiUcobui.exeSystem Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when requiredYes
DiskstartXCode.exeStartportal - Switch dialer and hijacker variant, see here. Also detected by Sophos as Troj/Delf-JENo
ShellXCodeBlocks.exeDetected by Malwarebytes as Trojan.PasswordStealer.CB. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "CodeBlocks.exe" (which is located in %AppData%\CodeBlocks and is not the legitimate Code::Blocks executable of the same name which is normally located in %ProgramFiles%\CodeBlocks)No
VideoCodecXCodec.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cpm and by Malwarebytes as Backdoor.Agent.ENo
codecdirectx.exeXcodecdirectx.exeDetected by Sophos as Troj/Banloa-AZYNo
CodecPackerXCodecPacker.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Messa.ENo
System ServiceXcoderxt.exeDetected by Sophos as W32/Rbot-ALDNo
CodeScanMainXCodeScan.exeCodeScan rogue security software - not recommended, removal instructions hereNo
CodeSecureMainXCodeSecure.exeCodeSecure rogue security software - not recommended, removal instructions hereNo
CodeSecurityMainXCodeSecurity.exeCodeSecurity rogue security software - not recommended, removal instructions hereNo
DivxXcodll.exeDetected by Sophos as Troj/Gravebot-ANo
Compd Service DrivrsXcodq.exeAdded by a variant of W32/Sdbot.wormNo
COD_CheatsXCOD_Cheats.exeDetected by Malwarebytes as Trojan.PasswordStealer.MSIL. The file is located in %AllUsersProfile%No
COEMsgDisplay?COEMsgDisplay.exePart of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?No
xcrxXCoffin Of Evil.exeDetected by Intel Security/McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%No
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%No
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdtNo
xcrxXCoffin Of Evil.exeDetected by Intel Security/McAfee as BackDoor-EDP. The file is located in %System%\fdNo
xcrxXCoffin Of Evil.exeDetected by Malwarebytes as Trojan.Inject.DF. The file is located in %System%\hiNo
xcrxXCoffin Of Evil.exeDetected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\MicrosoftNo
xcrxXCoffin Of Evil.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %System%\sohaibNo
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectoryNo
xcrxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%No
XCRX7OOXCoffin Of Evil.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.COENo
xdocxXCoffin Of Evil.exeDetected by Intel Security/McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%No
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%No
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdtNo
xdocxXCoffin Of Evil.exeDetected by Intel Security/McAfee as BackDoor-EDP. The file is located in %System%\fdNo
xdocxXCoffin Of Evil.exeDetected by Malwarebytes as Trojan.Inject.DF. The file is located in %System%\hiNo
xdocxXCoffin Of Evil.exeDetected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\MicrosoftNo
xdocxXCoffin Of Evil.exeDetected by Malwarebytes as Worm.Autorun. The file is located in %System%\sohaibNo
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectoryNo
xdocxXCoffin Of Evil.exeDetected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%No
XDOCXIOUXCoffin Of Evil.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.COENo
xcrxccXCoffin Of Evile.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%\winupdadNo
xdocxccXCoffin Of Evile.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%\winupdadNo
cogadXcogad.exeAdded by the DLOADR-CEP TROJAN!No
cogofhibracoXcogofhibraco.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.USNo
cogotfycykmeXcogotfycykme.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
AntivirusltcUpddatesXcoin.exeDetected by Intel Security/McAfee as RDN/Downloader.a!nx and by Malwarebytes as Trojan.Agent.MNRNo
safe360Xcoiome.exeDetected by Kaspersky as Trojan-Dropper.Win32.StartPage.eba and by Malwarebytes as Trojan.StartPageNo
safe360Xcoiome.exeDetected by Sophos as Mal/FtpBot-A and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvxNo
safe360Xcoiome.exeDetected by Dr.Web as Trojan.StartPage.52312 and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvyNo
safe360Xcoiome.exeDetected by Dr.Web as Trojan.StartPage.46605 and by Malwarebytes as Trojan.StartPage. The file is located in %CommonFiles%\sgcscvyNo
UserinitXcologsver.exeDetected by Trend Micro as TROJ_DROPPER.DJO and by Malwarebytes as Trojan.AgentNo
WINLOADERXCOLOR.EXEDetected by Malwarebytes as Trojan.Agent.CL. The file is located in %System%No
siscolorUcolor.exeProbably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-boardNo
colorcplXcolorcpl.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
WCOLOREALUcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
colorealUcoloreal.exeMakes colours sharper and brighter, but will only work with coloreal capable monitorsNo
ColtsScreenServerUColtsScreenServer.exeScreensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
ColtsScreenServerSvcUColtsScreenServer.exeScreensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
Wind0ws Ser7ice AgentXcolwindos.exeAdded by the RBOT-GQO WORM!No
COM SurrogateXCOM SurrogateDetected by Malwarebytes as Backdoor.Agent.IMN. The file is located in %AppData%\SurrogateNo
CLSIDXcom.exeNowOnline - Switch dialer and hijacker variant, see hereNo
Microsoft Security Monitor ProcessXcom.exeDetected by Malwarebytes as Trojan.DownloaderNo
COM_LOADERXCOM7.EXEDetected by Intel Security/McAfee as RDN/Ransom!cd and by Malwarebytes as Ransom.FileLockerNo
ComAgentXComAgent.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Trojan.Agent.CMA. The file is located in %AppData%\IdentitiesNo
ComAgentXComAgent.exeDetected by Malwarebytes as Trojan.Agent.EDAI. The file is located in %AppData%\Macromedia\Flash Player\#SharedObjects\868AM9W9\static.bisrv.com\js\libsNo
ComAgentNComAgent.exeComAgent - MDaemon's instant messaging client - located in %ProgramFiles%\Alt-N Technologies\ComAgentNo
ComAgentXComAgent.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Trojan.Agent.CMA. The file is located in %ProgramFiles%\MSN\MSNCoreFiles\Markets\150No
comandaXcomanda.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!wj and by Malwarebytes as Backdoor.Agent.ENo
comandoXcomando.exeDetected by Malwarebytes as Trojan.Agent.DF. The file is located in %LocalAppData%No
combo.exeXcombo.exeAdded by the CHIMO-C TROJAN!No
MaxtorComboYComboButton.exeRequired to be able to use the Maxtor OneTouch button on your external Maxtor (now Seagate) hard drive. It is used to start up backup software (Dantz Retrospect)No
combop.exeXcombop.exeAdded by the BOWFEED-A TROJAN!No
comcfgXcomcfg.exeDetected by Trend Micro as BKDR_TOADCOM.ANo
comctl32Xcomctl32.exeAdware - detected by Kaspersky as the AGENT.AM TROJAN!No
VB_runXcomctl_32.exeDubious downloader from densmail.comNo
windowsXcomdlg32.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!va and by Malwarebytes as Trojan.Agent.FRKNo
NB Common Dialog EnhancementsNCOMDLGEX.EXEPart of the old McAfee Utilities and Nuts & Bolts utility suites. With Common Dialog Enhancements, you can add MRU (Most Recently Used) list box to open dialogsNo
CC2KUIXcomet.exeComet Cursor adwareNo
SSWPlauncherXcomet.exeComet Cursor adwareNo
comhost.exeXcomhost.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%No
loadXcomhost.exeDetected by Dr.Web as Trojan.Siggen.65314 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "comhost.exe" (which is located in %Root%\GraphicsDriver)No
[random]Xcomhost.exeDetected by Malwarebytes as Trojan.Agent.MNRGen. The file is located in %AppData%\comhost - see an example hereNo
Windows COM HostXcomhost.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Dr.Web as Trojan.Siggen.65314 and by Malwarebytes as Trojan.Agent. The file is located in %Root%\GraphicsDriver. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
comic.exeXcomic.exeDetected by Sophos as Troj/AutoIt-AYP and by Malwarebytes as Trojan.Agent.MDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
comime.exeXcomime.exeDetected by Dr.Web as Trojan.DownLoader11.24286 and by Malwarebytes as Trojan.Tibia. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
MSIME32Xcomime.exeDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %CommonAppData%No
mssysintXcomime.exeDetected by Sophos as Troj/Netsnake-INo
comineXcomine.exeDetected by Dr.Web as BackDoor.Adupe.3 and by Malwarebytes as Trojan.Agent.CMNo
comineXcomine.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!xc and by Malwarebytes as Trojan.Agent.CMNo
cimoneXcomine.exeDetected by Trend Micro as TROJ_VB.FPW and by Malwarebytes as Worm.AutoRunNo
WindowsXcomine.exeDetected by Dr.Web as Trojan.StartPage.45589 and by Malwarebytes as Spyware.PasswordNo
p2snetisXcomippwa.exeDetected by Sophos as Troj/SpamToo-ALNo
TimerXcomm.exeDetected by Sophos as Troj/Bdoor-IPNo
PgzuwhzfnXcomma.exeAdded by the AGENT-QTH TROJAN!No
skypecmdXcommadcom.exeDetected by Intel Security/McAfee as RDN/PWS-Banker!dr and by Malwarebytes as Trojan.Banker.CMDNo
ComManagerXComManager.exeDetected by Malwarebytes as Backdoor.Agent.WS. The file is located in %AppData%\bitcoinMNo
Command & Conquer 3 Kane's Wrath Speed game.exeXCommand & Conquer 3 Kane's Wrath Speed game.exeDetected by Malwarebytes as Trojan.MSIL.UL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ashiyaneXcommand.batDetected by Dr.Web as Trojan.Siggen5.59284 and by Malwarebytes as Trojan.AgentNo
COMMANDXcommand.exeAdded by the QQPASS.E TROJAN!No
WinProfileXCommand.exeDetected by Trend Micro as TROJ_BUDDY.ENo
Messenger6Xcommand.pifAdded by the INZAE.B WORM!No
Win CommandXcommand32.exeDetected by Trend Micro as WORM_AGOBOT.XQNo
command32Xcommand32.exeDetected by Sophos as Troj/LineaDl-ANo
candyXcommand32.exeDetected by Sophos as W32/Rbot-LVNo
IomegaWareNCommander.exePart of IomegaWare by Iomega (now LenovoEMC) for use with their range of external drives. "IomegaWare provides integrated features that will help you find, format, protect, manage and change settings on your Iomega drives"No
System FirewallsXcommandprompt32.exeDetected by Trend Micro as WORM_RBOT.BJTNo
Browser LauncherUCommandr.exeLogitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keysNo
zBrowser LauncherUCommandr.exeFor a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have themNo
CommCtrNcommctr.exe"Net2Phone CommCenter® is software that allows you to make phone calls and send faxes to anywhere in the world"No
Windows Common Files ManagerXCommgr.exeDetected by Kaspersky as Worm.Win32.AutoRun.hfp and by Malwarebytes as Trojan.AgentNo
Comm DriverXcommh32.exeDetected by Malwarebytes as Trojan.Agent.AI. Note - this is not the legitimate older G Data "PC Spion" PC monitoring and surveillance software which is typically located in %System%. This one is located in %ProgramFiles%\Java\jre6\lib\deployNo
Comm DriverXcommh32.exeDetected by Malwarebytes as Trojan.Bitcoin. Note - this is not the legitimate older G Data "PC Spion" PC monitoring and surveillance software which is typically located in %System%. This one is located in %ProgramFiles%\Java\jre6\lib\imNo
Comm DriverUcommh32.exeG Data "PC Spion" PC monitoring and surveillance software - no longer available. Captures all users activity on the PC, see here. Disable/remove it if you didn't install it yourself!No
Windows Hijack Protection SystemXcommngr.exeAdded by a variant of Troj/Agent-FYD. The file is located in %System%\ComNo
printer spoolerXcommonaccess.exeDetected by Sophos as Troj/Delf-LBNo
LogitechCommunicationsManagerYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
Communications_HelperYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
Communications_Helper.exeYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
LogitechYCommunications_Helper.exeEntry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture modeYes
CommunicatorYCommunicator.exeMicrosoft Office Communicator - an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video. Now replaced by Microsoft LyncNo
Windows Hijack ProtectionXcomngr.exeDetected by Sophos as Troj/Agent-FYDNo
HKCUSKPYPEXcomode.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tx and by Malwarebytes as Backdoor.Agent.HKPGenNo
HKLMSKPYEXcomode.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!tx and by Malwarebytes as Backdoor.Agent.HKPGenNo
ComodoXComodo.exeDetected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.Agent.CM. Note - this is not a valid entry for Comodo security productsNo
Team ViewerXComodo.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a valid entry for either the TeamViewer remote support tool or Comodo security products. The file is located in %UserTemp%No
PandaXComodo.exeDetected by Intel Security/McAfee as BackDoor-FAJ and by Malwarebytes as Backdoor.Agent.CM. Note - this is not a valid entry for either Panda Security or Comodo security productsNo
comoBossUcomowin.exeDetected by Malwarebytes as PUP.Optional.Caster. The file is located in %ProgramFiles%\comoBoss. If bundled with another installer or not installed by choice then remove itNo
AutoXComp.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%\GoogleNo
mplaartsXcompager.exeDetected by Malwarebytes as Trojan.Inject.VB. The file is located in %System%No
Companion ModuleUcompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
AOL CompanionUcompanion.exeThe AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"Yes
Compaq ConnectionsNCompaq Connections.exeSee here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"No
Compaq Message ServerNCOMPAQ-RBA.EXEWorks with the CPQBootPerfDB (CPQBootPerfDB.exe) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problems. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
Compaq Service DriversXcompaq.exeDetected by Sophos as W32/Sdbot-AFU and by Malwarebytes as Backdoor.IRCBotNo
IPOT Service DriversXcompaq.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Google CompileXCompile.exeDetected by Dr.Web as Trojan.DownLoader12.46882 and by Malwarebytes as Trojan.Agent.GCNo
Nvt32Xcomplaint_7251.exeDetected by Trend Micro as TROJ_ARTIEF.BNo
IComplementoXComplement.exeDetected by Intel Security/McAfee as Generic.dx!uiz and by Malwarebytes as Trojan.AgentNo
COM+ ManagerXcomplmgr.exeDetected by Intel Security/McAfee as Generic.dx!uem and by Malwarebytes as Trojan.AgentNo
rtoxeoyXcompmgmts.exeDetected by Dr.Web as Trojan.DownLoader9.10874No
componentewindows.exeXcomponentewindows.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %CommonFiles%No
Compaq Service DriversXcompq.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Compaq Service Drivers 32Xcompq32.exeAdded by a variant of W32/Sdbot.wormNo
Compaq Service DriversXcompqs.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Compaqs Service DriversXcompqs.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
ComproRemoteUComproRemote.exeCompro VideoMate TV tuner and capture card - remote control driverNo
ComproSchedulerDTVUComproSchedulerDTV.exeCompro VideoMate TV tuner and capture card - schedulerNo
Comprovante-empresarial_20-11-2013.cplXComprovante-empresarial_20-11-2013.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
Comprovante-empresarial_21-11-2013.cplXComprovante-empresarial_21-11-2013.cplDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%No
Comprovante.exeXComprovante.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
comPrt.vbsXcomPrt.vbsDetected by Microsoft as TrojanDownloader:Win32/Tembatch.A and by Malwarebytes as Banker.Trace. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Service DriversXCompt.exeDetected by Sophos as W32/Rbot-ZJNo
compts.exeXcompts.exeDetected by Intel Security/McAfee as Downloader.gen.aNo
Geography TX 1.0 NTXCompuSpeed.vbsDetected by Sophos as VBS/Newley-ANo
Geography TX 1.0 XPXCompuSpeed.vbsDetected by Sophos as VBS/Newley-ANo
CompuSpyUCompuSpy.exeCompuSpy surveillance software. Uninstall this software unless you put it there yourselfNo
esetXcomputer.exeDetected by Malwarebytes as Trojan.Crypt. The file is located in %AppData%\pdfNo
ComputerXcomputer.exeDetected by Malwarebytes as Trojan.Agent.CP. The file is located in %AppData%\System or %AppData%\System\[folder]No
COMPUTERBILD Vorteil-CenterNCOMPUTERBILD Vorteil-Center.exeTranslation: COMPUTERBILD Vorteil-Center (COMPUTERBILD Advantage-Center) "keeps you informed about offers and voucher promotions for hardware, software, movies and audio books to date. Once interesting bargains arrive, appear on your desktop a notice with additional information"No
Computer UpdaterNComputerUp-dater.ExeComputer Updater by SafeApp Software, LLC - "scans your computer and displays a list of programs that have Available Updates. You can then choose which updates you want to install"No
ComputerZ-TrayUComputerZTray.exeDetected by Malwarebytes as PUP.Optional.Ludashi. The file is located in %ProgramFiles%\LuDaShi. If bundled with another installer or not installed by choice then remove itNo
CompanionWizardXcompwiz.exePart of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see hereNo
Comrade.exeNComrade.exeGameSpy Comrade is a first next-generation community gaming application. It is about an instant messaging program exclusive for gamers where you can know where are your friends playing and join them with a click. It has support for 60 games, automatic updates, and statistics. GameSpy is no longer availableNo
Microsft Corporation Version 2001.12.4414Xcomrel.exeAdded by a variant of the SDBOT BACKDOOR!No
ComReplXcomrepl.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate comrepl.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
comsafeguardXcomsafeguard.exeDetected by Malwarebytes as Rogue.ComSafeGuard. The file is located in %ProgramFiles%\comsafeguardNo
Microsft Corporation Version 2002.12.2414Xcomserv.exeAdded by the BUZUS.CL TROJAN!No
COMSMDEXENcomsmd.exeTray icon for 3Com 3C9xx series of network cards for easy diagnostics of the network cardsNo
COMServerXcomsrvr.exeDetected by Intel Security/McAfee as Generic BackDoor.wi and by Malwarebytes as Trojan.Downloader. The file is located in %AppData%No
COMServerXcomsrvr.exeDetected by Kaspersky as Trojan-Dropper.Win32.Agent.cwsw and by Malwarebytes as Trojan.Downloader. The file is located in %System%\msappsNo
AudiagerXcomsscli.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Meeting ConnectionXcomsutil.exeDetected by Sophos as Troj/PPdoor-ENo
HwpUpdateXComsvc.exeDetected by Symantec as Trojan.NavedriNo
SMSERIALWORKSTARTERXcomsysobj.exeAdded by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see hereNo
comreplXcomuser.exeDetected by Malwarebytes as Trojan.Banker.USR. The file is located in %AppData%\ComNo
comxtXcomxt.exeAdded by the COMXT TROJAN!No
mlibsysmcXcomzcinc.exeDetected by Sophos as W32/Sdbot-CXSNo
conadvancedUconadvanced.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
ConnectionCenterUconcentr.exeCitrix Connection Center - "displays all connections established from Citrix Receiver"No
Concurre?concurre.exeThe file is located in %System%. What does it do and is it required?No
Zekio StartupsXcondll.exeDetected by Sophos as W32/Agobot-AGDNo
Google ChormsXconf.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Banker.ENo
Microsoft Firewall Settings LoaderXconf32.exeAdded by the SDBOT-KM BACKDOOR!No
CUCore Agent?ConfAgent.exePart of Radivision's "Click to Meet" video conferencing client - now part of Avaya and superseded by Scopia XT Video ConferencingNo
confbckpXconfbckp.exeDetected by Dr.Web as Trojan.DownLoader7.22060No
Configuration LoaderXconfgldr.exeDetected by Symantec as W32.Gaobot.gen!poly and by Malwarebytes as Backdoor.BotNo
pop3 ServerUconfig.cfgPart of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"No
AolConXconfig.comDetected by Symantec as W32.HLLW.TaplakNo
Microsoft_WindowsXconfig.exeDetected by Dr.Web as Trojan.Inject1.43389 and by Malwarebytes as Trojan.Agent.ENo
Windows Service LayerXconfig.exeDetected by Trend Micro as WORM_RBOT.DDJNo
MicroMainXConfig.exeDetected by Dr.Web as Trojan.DownLoader11.44437 and by Malwarebytes as Backdoor.Agent.ENo
Configuration UtilityNCONFIG.EXEConfiguration and management utility for Linksys wireless productsNo
WindowsDefenderXconfig.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\system (10/8/7/Vista) or %AllUsersProfile%\Start Menu\systemNo
Windows Config SystemXconfig.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
system32Xconfig.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\system64No
WelcomeXCONFIG.EXEDetected by Trend Micro as TROJ_PSWGIP.BNo
Microsoft Office Data EnergineXconfig.exeDetected by Dr.Web as Trojan.Siggen6.1488 and by Malwarebytes as Backdoor.Agent.ENo
Microsoft Config FileXconfig.exeDetected by Malwarebytes as Trojan.Agent.KL. The file is located in %Root%No
winlogonXconfig.exeDetected by Microsoft as Backdoor:Win32/Lybsus.B and by Malwarebytes as Trojan.Agent.TraceNo
Microsoft WindowsXconfig.exeDetected by Dr.Web as Trojan.Inject1.43389 and by Malwarebytes as Trojan.Agent.ENo
ConfigXCONFIG.EXEDetected by Trend Micro as TROJ_PSWGIP.B. The file is located in %Windir%No
systemsXconfig.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\systemNo
config.exeXconfig.exeDetected by Malwarebytes as Trojan.Agent.WSG. The file is located in %AppData%No
config.exeXconfig.exeDetected by Intel Security/McAfee as RDN/Ransom and by Malwarebytes as Trojan.Zbot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ConfigServicesNConfig.exePart of initial setup on a Compaq PCNo
Media SDKXconfig.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\configurationNo
Config33.exeXConfig33.exeDetected by Trend Micro as BKDR_SDBOT.TNo
SERVICESSXconfigdll.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\tmpsysNo
SystemServiceXconfigdll.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2e and by Malwarebytes as Backdoor.Agent.ADBNo
Configuration LoadingXconfigldr.exeDetected by Sophos as W32/Agobot-ECNo
Configuration LoaderXconfigldr.exeDetected by Sophos as W32/Agobot-PP and by Malwarebytes as Backdoor.BotNo
Update32Xconfigs.exeHijacker, also detected as the QURL-2 TROJAN!No
cmd32Xconfigs.exeHijacker, also detected as the QURL-2 TROJAN!No
configsetupXconfigsetup32.exeDetected by Sophos as W32/Agobot-AFPNo
SYSTEMOSRUNXconfigsys.exeDetected by Malwarebytes as Trojan.Agent.RNS. The file is located in %Root%No
Palm MultiUser Config?Configtool.exeMultiUser configuration for a Palm PDA device? Is it required?No
Skype UpdateXconfigupdate.xeDetected by Dr.Web as Trojan.Siggen.65244No
Skype UpdateXconfigupdate.xeDetected by Dr.Web as Trojan.Siggen.65244 and by Malwarebytes as Malware.Packer.nps. Note - this is not a legitimate entry for the popular Skype VOIP softwareNo
configurationXconfiguration.exeDetected by Kaspersky as Trojan-Clicker.Win32.AutoIt.m and by Malwarebytes as Worm.AutoIt.Gen. The file is located in %Windir%\configurationNo
Windows Services LayerXconfigure.exeAdded by the RBOT-GAK WORM!No
ConfigUtilityUConfigUtility.exeWireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, IncNo
ExplorerXconfig_.comDetected by Sophos as W32/Floppy-D and by Malwarebytes as Trojan.AgentNo
Explorer5Xconfig_.comDetected by Trend Micro as WORM_VB.CBGNo
ConfirmXConfirmed.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger.MSIL. The file is located in %UserProfile%\Desktop - see hereNo
cartaoXconflicted.exeDetected by Sophos as Troj/Dadobra-DVNo
GearboxNconfsvr.exeNTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard. No longer applicable as NTLWorld has long since changed to Virgin MediaNo
Configuration Loader 2Xconfuldr.exeDetected by Sophos as W32/Agobot-FCNo
WINCONHOSTXconhost.exeDetected by Intel Security/McAfee as RDN/Generic.dx!crj and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Windir%\conhosNo
svchostXconhost.exeDetected by Intel Security/McAfee as BackDoor-EXI.gen.e and by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
conHostXconHost.exeDetected by Dr.Web as Trojan.DownLoader7.673 and by Malwarebytes as Backdoor.CycBot.Gen. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
conhostXconhost.exeDetected by Dr.Web as Trojan.KillFiles.11627 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\AcrobatNo
conhostXconhost.exeDetected by Intel Security/McAfee as BackDoor-EXI.gen.e and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
conHostXconHost.exeDetected by Dr.Web as Trojan.Click2.28205. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %LocalAppData%No
conhostXconhost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %ProgramFiles%\conhostNo
SunInteractiveXconhost.exeDetected by Malwarebytes as Backdoor.DarkComet.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\WindowsNo
conhost.exeXconhost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\conhostNo
conhost.exeXconhost.exeDetected by Malwarebytes as Trojan.Agent.CNH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DirectXXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Templates%No
Real Updates DownloaderXconhost.exeDetected by Malwarebytes as Trojan.Inject. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\RealNetworkNo
WindowsUpdateXconhost.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
UpdateXconhost.exeDetected by Trend Micro as TSPY_BAMKRO.C and by Malwarebytes as Trojan.ZBAgent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft\RealNo
UpdateXconhost.exeDetected by Sophos as Troj/MSIL-ADZ and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %UserProfile%No
RealLuncherXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
Console HostXconhost.exeDetected by Malwarebytes as Backdoor.Agent.CH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Mozilla PluginsNo
Console Protect ServiceXconhost.exeDetected by Dr.Web as Trojan.DownLoader11.60034 and by Malwarebytes as Trojan.Agent.CPS. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft\ProtectNo
AppleXconhost.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\MicrosoftNo
Console Window HostXconhost.exeDetected by Kaspersky as Trojan.Win32.Llac.smv and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
Console Window HostXconhost.exeDetected by Dr.Web as Trojan.MulDrop3.53785 and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\ConsoleNo
Console Window HostXconhost.exeDetected by Dr.Web as Trojan.DownLoader4.34032 and by Malwarebytes as Trojan.Agent.CWH. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Console Window HostNo
Windows system processXconhost.exeDetected by Dr.Web as Trojan.DownLoader10.30234 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in a "Windows" sub-folderNo
Console Windows hostXconhost.exeDetected by Malwarebytes as Backdoor.CycBot. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
Indesing MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.CryptoMix. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
Java UpdaterXconhost.exeDetected by Symantec as Trojan.Melongad and by Malwarebytes as Backdoor.CycBot. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
Local Name ServiceXconhost.exeDetected by Malwarebytes as Trojan.Agent.LM. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
WinGat.iniXconhost.exeDetected by Malwarebytes as Trojan.Dropper.E. Note - this entry loads from the Windows Startup folder and the file is located in %MyDocuments% and is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%No
*Indesing MicrosoftXconhost.exeDetected by Malwarebytes as Ransom.CryptoMix. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %CommonAppData%\MicroSoftTMP\system32No
Adobe UpdaterXconhost.exeDetected by Malwarebytes as Trojan.Agent.RND. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Adobe\Flash - see hereNo
csrssbackupXconhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\System32No
Windows HD UpdateXconhost.exeDetected by Dr.Web as Trojan.DownLoader10.30266 and by Malwarebytes as Backdoor.Agent.FL. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%No
AVIXconhost.exeDetected by Intel Security/McAfee as RDN/Generic.dx!crj and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %Windir%\conhosNo
Window ManagerXconhost.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\AdobeNo
Windows Host AppXconhost.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate Microsoft Windows 10/8/7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Windows Host AppNo
DefenderXconhost.exe settings.batDetected by Dr.Web as Trojan.Siggen6.25 and by Malwarebytes as Backdoor.Agent.ENo
conhost.lnkXconhost.lnkDetected by Dr.Web as Trojan.Siggen3.30349 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
conhost.vbsXconhost.vbsDetected by Malwarebytes as Trojan.Agent.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
svchost86x.sysXconhost41.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp% - see hereNo
conhost86Xconhost86.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hu and by Malwarebytes as Backdoor.Agent.ENo
Adobe update managerXconhostf.exeDetected by Dr.Web as Trojan.DownLoader7.27277 and by Malwarebytes as Trojan.AgentNo
SteamXconhosts.exeDetected by Malwarebytes as Trojan.Agent.TPL. The file is located in %Templates%No
Steam ApplicationXconhosts.exeDetected by Malwarebytes as Trojan.Agent.TPL. The file is located in %Templates%No
SteamClientXconhosts.exeDetected by Dr.Web as Trojan.Inject2.27896 and by Malwarebytes as Trojan.Agent.TPLNo
SteamsClientXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %AppData%No
SteamWevXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %Templates%No
SteamxXconhosts.exeDetected by Malwarebytes as Trojan.Agent.STM. The file is located in %Templates%No
Console Window HostXconhosts.exeDetected by Dr.Web as Trojan.DownLoader8.52533No
conhstXconhst.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.CNHNo
Input ManagerXconima.exeAdded by the VB-FIS TROJAN!No
IMEXconime.exeDetected by Sophos as Troj/Dldr-G. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%No
ServiceEXEXconime.exeDetected by Symantec as Backdoor.Vasport and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %AppData%No
conimeUconime.exeMicrosoft Console IME process which is located in %System% and is used when an Asian language is used in Windows. Not required if you don't use Asian languages. Note - if you also have the files "bfghost.exe" and "editmm.exe" present on your system this file can be used by the BFGhost 1.0 Remote Administration Tool trojanNo
conimeXconime.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %UserTemp% and is not the legitimate Console IME process which is located in %System%No
conime.exeXconime.exeDetected by Dr.Web as Trojan.DownLoader9.58726 and by Malwarebytes as Trojan.Agent.SVC. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
taskdayXconime.exeDetected by Sophos as Troj/Comame-E and by Malwarebytes as Trojan.Agent.CN. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%\tasksNo
conime.exeXconime.exeDetected by Symantec as W32.Avendog. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in WindowsNo
hdaudioTreiberXconime.exeDetected by Dr.Web as Trojan.Inject.12640 and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %LocalAppData%No
System32Xconime.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %CommonFiles%No
ExplorerRunXconime.exeDetected by Trend Micro as TROJ_PROXY.ABL and by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %UserTemp%No
LOCALHOSTXconime.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.CNM. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when an Asian language is used in Windows. This one is located in %Windir%No
Connection KeeperUConKeepM.exe"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"No
allkeeperXconlhost.exeDetected by Malwarebytes as Ransom.7ev3n. The file is located in %Root%\Users\PublicNo
ConMgrNConMgr.exeBluetooth Audio Configuration Monitor - part of "Bluetooth Feature Pack 5.0" from CSR (who are now part of Qualcomm Technologies)No
ConMgr.exeUconmgr.exeConnection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcutNo
ChromeUpdateXconmsjt.exeDetected by Dr.Web as Trojan.DownLoader6.32750 and by Malwarebytes as Backdoor.AgentNo
Sistema de CommXconmsyrtl.exeDetected by Sophos as Troj/Agent-LMV and by Malwarebytes as Backdoor.IRCBotNo
Service aresXconmysys.exeDetected by Sophos as W32/VBInj-V and by Malwarebytes as Trojan.AgentNo
Cisco WebEx ConnectUconnect.exeCisco WebEx web conferencing - "combines desktop sharing through a web browser with phone conferencing and video, so everyone sees the same thing while you talk"No
SX Virtual LinkUConnect.exeSX Virtual Link from Silex Technology America, Inc. Utility to connect USB devicesNo
Sametime ConnectUConnect.exeIBM Sametime - instant messaging and Web conferencing software. Formerly by LotusNo
Belkin Home Base Control CenterUConnect.exeControl Center for the Belkin Home Base network USB hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this wayYes
Belkin Network USB Hub Control CenterUConnect.exeControl Center for the Belkin Network USB Hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this wayYes
Connect2PartyXconnect2party.exeAdult content diallerNo
connectaperXconnectaper.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Clicker.GenNo
Sony Auto Update Tray ApplicationNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
CONNECTAUTrayAppNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
ConnectifyUConnectify.exe"Connectify Hotspot is an easy to use software router for Windows computers that utilizes your PC's built in Wi-Fi card to wirelessly share any available Internet connection with friends, co-workers, and mobile devices"No
Connectify HotspotUConnectify.exe"Connectify Hotspot is an easy to use software router for Windows computers that utilizes your PC's built in Wi-Fi card to wirelessly share any available Internet connection with friends, co-workers, and mobile devices"No
SBC Yahoo! Connection ManagerNConnectionManager.exeUsed to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connectionNo
CONNECTAuto UpdateNCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
CONNECTSchedulerNCONNECTScheduler.exeAutomatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
CONNECTAUTrayAppNCONNECTAUTrayApp.exeSystem Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CPYes
NcrfgXconost.exeDetected by Malwarebytes as Backdoor.Agent.NG. The file is located in %System%No
conostXconost.exeDetected by Trend Micro as TROJ_DROPER.RENo
conmswfXconrnbne.exeDetected by Sophos as W32/Sdbot-DEXNo
conscorrXconscorr.exeDetected by Trend Micro as TROJ_DELF.DWNo
AuthdlerXconscsvc.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
ConsXconsol32.exeHijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installedNo
CommonXconsole.exeDetected by Microsoft as Trojan:Win32/Gitwen.ANo
ShellXconsolehost.exe,explorer.exeDetected by Dr.Web as Trojan.Inject1.46212 and by Malwarebytes as Trojan.Agent.CNS. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "consolehost.exe" (which is located in %AppData%\Microsoft\Windows)No
ConsoleLaunchXConsoleLaunch.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.GenNo
systrasxXCONSOLES.EXEAdded by the SDBOT-NW WORM!No
ConsoleWindows.exeXConsoleWindows.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!qg and by Malwarebytes as Backdoor.Agent.ENo
Consumer InputUConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
Consumer Input Rewarded with MyPoints, Consumer InputUConsumerInputRewardedwithMyPoints, ConsumerInput.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
Consumer Input Rewarded with MyPoints, Consumer Input UpdateUConsumerInputRewardedwithMyPoints, ConsumerInputUa.exeConsumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQNo
contactierUcontactier.exe"Working with Contactier provides you with the ability to automatically synchronize all the contacts from all major social networks and to be sure that your contacts are identical and fits other users which has your details inside its address books." Detected by Malwarebytes as PUP.Optional.Contactier. The file is located in %LocalAppData%\contactier.com\contactier\Application\[version]. If bundled with another installer or not installed by choice then remove itNo
ContentExplorerUContentExplorer.exe"Content Explorer is a free, ad-supported utility that makes searching and discovering information easy. Highlight any word or phrase with your mouse and Content Explorer will provide you with immediate access to Wikipedia and other popular sites to give you all the information you need on the word you highlighted." Detected by Malwarebytes as PUP.Optional.ContentExplorer. The file is located in %AppData%\ContentExplorer. If bundled with another installer or not installed by choice then remove itNo
ContentTransferWMDetector.exeUContentTransferWMDetector.exePart of Sony's Content Transfer Software which "provides an easy way to transfer music, video, photos, and podcasts to the Walkman® playerNo
contextfrUcontextfr.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
contextprodUcontextprod.exeDetected by Malwarebytes as PUP.Optional.Context2Pro. The file is located in %LocalAppData%\Context2pro. If bundled with another installer or not installed by choice then remove itNo
ContraviroXContraviro.exeContraviro rogue security software - not recommended, removal instructions hereNo
ContraVirusXContraVirus.exeContraVirus rogue security software - not recommended, removal instructions hereNo
ContraVirusXContraVirusPro.exeContraVirus rogue security software - not recommended, removal instructions hereNo
googleXcontray.exeDetected by Sophos as Troj/Plugx-P and by Malwarebytes as Backdoor.Agent.CTRNo
WinJavaUpdateXcontrol.cplDetected by Intel Security/McAfee as Generic.dx!uanNo
Windows UpdatesXcontrol.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\dataNo
Windows UpdatesXcontrol.exeDetected by Dr.Web as Trojan.DownLoader9.11522 and by Malwarebytes as Trojan.AgentNo
StartControlXcontrol.exeDetected by Malwarebytes as Trojan.Agent.DLK. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%No
Windows ControlXControl.exeAdded by the GREK.A TROJAN! If there is another file with the same file name in the Windows folder, this malware overwrites it with the dropped fileNo
systemXcontrol.exeDetected by Dr.Web as Trojan.DownLoader9.26850 and by Malwarebytes as Trojan.Agent.ENo
SandboxieControlUControl.exeSandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow itNo
Parent ControlXcontrol.exeDetected by Malwarebytes as Trojan.Agent.DLK. The file is located in %AppData%No
j6GgCXwtFMXcontrol.exe [path] j6ggcxwtfm.cplDetected by Microsoft as Trojan:Win32/Sefnit.K. The "j6ggcxwtfm.cpl" file is located in %ProgramFiles%\anouicgfwkkv1vNo
[various names]Xcontrol64.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
ControlCenterXControlCenter.exeDetected by Dr.Web as Trojan.AVKill.29329 and by Malwarebytes as Trojan.MSILNo
WSEP Status+ConfigurationUcontroldGUI.exeUser interface for the WatchGuard Security Event Processor (WSEP) Status/Configuration dialog box associated with the Firebox series of security products from WatchguardNo
controlini700res.exeXcontrolini700res.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%\[32 hex characters]No
controlkidsYcontrolkids.exeControl Kids parental control systemNo
Windows Update ControllerXcontroller.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Controller CompanionYControllerCompanion.exeSteam Controller Companion - "Navigate your PC desktop with a controller! Put mouse, media and keyboard control in the palms of your hands so you'll never have to leave the couch again!"No
ControlUser.exeXControlUser.exeDetected by Malwarebytes as Password.Stealer. The file is located in %AppData%\MDEN - see hereNo
ControlUser.exeXControlUser.exeDetected by Malwarebytes as Password.Stealer. The file is located in %LocalAppData%\JHNTKK - see hereNo
registryXcontrvs.exeDetected by Intel Security/McAfee as RDN/Downloader.a!no and by Malwarebytes as Trojan.AgentNo
conuqdewuvykXconuqdewuvyk.exeDetected by Intel Security/McAfee as Downloader.a!dcl and by Malwarebytes as Trojan.Agent.USNo
conversazione.exeXconversazione.exeDetected by Dr.Web as Trojan.DownLoader10.45403 and by Malwarebytes as Trojan.Downloader.ENo
jCwkyOG/u32AguVkUQ==Xconvert.exeDetected by Malwarebytes as Trojan.Agent.ED. The file is located in %AppData%\MalwarebytesNo
QA6XM3H2LQXConverterdll.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
windowspisXconvertor.exeAdded by the GENOME.AKNH TROJAN!No
converx6Xconverx6.exeDetected by Malwarebytes as Trojan.Korad. The file is located in %AppData%\converx6No
CookieWallUcookie.exeCookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
Cookie Cop 2UCookieCop.exeCookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
CookieJarUCookiejar.exeCookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supportedNo
CookienatorUcookienator.exeCookienator is a tool that will help you remain anonymous from search engines such as Google and other notorious web-usage trackers such as Doubleclick or OmnitureNo
CookiePatrolYCookiePatrol.exeMemory-resident spyware cookie detector - part of the original anti-malware program by PestPatrol, Inc. Acquired by CA where it became eTrust PestPatrol Anti-Spyware and then CA Anti-Spyware - which is now included in CA AntiVirus PlusYes
cookwXcookw.exePart of the ErrClean rogue system error and cleaning utility - not recommended. See hereNo
NT Logging ServiceXcool.exeAdded by the SDBOT-OO BACKDOOR!No
Microsoft System CheckupXCool.exeDetected by Symantec as W32.HLLW.Donk.B and by Malwarebytes as Worm.DonkNo
HELLBOT3Xcoolbot.exeAdded by the MYTOB.AB WORM!No
NortonXcoolbrogameya.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
coolerbootXcoolerboot.exeDetected by Dr.Web as Trojan.DownLoader6.9983 and by Malwarebytes as Adware.KraddareNo
CoolStartUpXCoolGramS.exeDetected by Intel Security/McAfee as Generic.bfr!epNo
CoolMonUCoolMon.exeCoolMon by The CoolMon Project - "will display system information in a small configurable window. Most of the application`s data is retrieved from the Windows performance counters." No longer supportedNo
HP CoolSenseUCoolSense.exeSupports the HP CoolSense Technology feature in some HP notebook PCs "that combines hardware, software, and mechanical design to dynamically manage the temperature of a notebook, and help keep you comfortable while using it"No
SlipStreamYcooptel_acccore.exeAccélérateur CoopTel customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Accélérateur CoopTelYcooptel_accgui.exeAccélérateur CoopTel customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Copernic Desktop Search 4NCopernic.DesktopSearch.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
Copernic Desktop SearchNCopernicDesktopSearch.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
CopernicPerUserTaskMgrUCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine toolNo
(Aqu? el nombre enelXcopiado.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Windir%No
copied.vbsXcopied.vbsDetected by Malwarebytes as Spyware.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
hpilezeleXcoposu.exeAdded by the SDBOT.ASU WORM!No
SlipStreamYcoppercore.exeCopper HiSpeed customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Copper HiSpeedYcoppergui.exeCopper HiSpeed customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Compaq Service DrivrsXcopq.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
coprofitUcoprofit_stb.exe /run config.jsonDetected by Malwarebytes as PUP.Optional.Coupruon. Both files are located in %LocalAppData%\coprofit. If bundled with another installer or not installed by choice then remove itNo
CS UpdateXcopy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dllDetected by Microsoft as Trojan:Win32/Adclicker.AJNo
Copy handlerUCopy Handler.exeCopy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processesNo
WinShowUpdateXcopy winshow.new winshow.dllWinshow parasite related - which is a pop-up opener and homepage/search hijacker implemented as a Browser Helper Object (BHO), related to CoolWebSearch. Uses the HKLM\RunOnce key to replace "winshow.dll" with a new version - both files are located in %AppData%\winshow. Archived version of Andrew Clover's original descriptionNo
LiveUpdateNCopyer.exeUpdater for SAMSUNG PC Studio - a free PC software product that allows you to connect your mobile device to a PC and access mobile content as if the device and the PC were one. This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etcNo
copyexXcopyex.exeDetected by Sophos as Troj/DwnLdr-IUD and by Malwarebytes as Worm.AutoRunNo
Resume CopyUcopyfstq.exePart of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that functionNo
Compaqs Service DriverXcopypad32.exeAdded by the SDBOT.CSO WORM!No
CP?CopyProtectionNotifier.exeRelated to Emuzed advanced multimedia products (now part of Aricent - included with Windows XP Media EditionNo
Movie maquer_appXCopyright.exeDetected by Dr.Web as Trojan.Siggen3.59650 and by Malwarebytes as Backdoor.Agent.ENo
DesktopX WidgetUCore Calendar.exeCore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
Core CalendarUCore Calendar.exeCore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exitsYes
Core ClockUCore Clock.exeCore Clock widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Clock.exe loads a file called "DXWidget.exe" and exitsNo
Core TempUCore Temp.exe"Core Temp is a compact, no fuss, small footprint program to monitor CPU temperatureNo
Core WeatherUCore Weather.exeCore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUCore Weather.exeCore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
System CoreXcore.exeDetected by Malwarebytes as Spyware.PasswordStealer. The file is located in %AppData%\systemNo
EA CoreNCore.exeElectronic Arts "EA Link" software (now superseded by Origin) - which "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"No
core32x86.exeXcore32x86.exeDetected by Malwarebytes as Trojan.Filecoder. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Core CalendarUCORECA~1.EXECore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"Yes
DesktopX WidgetUCORECA~1.EXECore Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"Yes
CoreCenterUCoreCenter.exeMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
CoreCenterUCORECE~1.EXEMSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclockingNo
Coreguard Antivirus 2009XCoreguard 2009.exeCoreguard Antivirus 2009 rogue security software - not recommended, removal instructions hereNo
AVGUARDSHEDULERXcorehelper.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!l and by Malwarebytes as Trojan.Agent.LAVONo
CorelCreatorClientNCorelCreatorClient.exePart of Corel® PDF Fusion™ - "an all-in-one PDF creator that lets you assemble, edit and create PDFs"No
CorelDraw ToolboxXCorelDraw.exeDetected by Sophos as W32/Sdbot-VZNo
corelname.vbsXcorelname.vbsDetected by Malwarebytes as Trojan.Agent.VB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
regloaderXcoreloader.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2q and by Malwarebytes as Trojan.Agent.RNUDNo
CorePadXCorePad.exeDetected by Dr.Web as Trojan.AVKill.29407 and by Malwarebytes as Backdoor.AgentNo
CoresXCores.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
CoreScanMainXCoreScan.exeCoreScan rogue security software - not recommended, removal instructions hereNo
CoreSecureMainXCoreSecure.exeCoreSecure rogue security software - not recommended, removal instructions hereNo
File SanitizerUCoreShredder.exeFile Sanitizer feature of HP ProtectTools which "makes it easy to remove files that could be used to identify, contact or locate users. Choose manual or scheduled sanitizing, multiple levels of security and ensure free space is completely clear"No
CoreSrvXCORESRV.EXEAdded by unidentified malware - see here. The file is located in %ProgramFiles%\ACCESS~1\EXPL32No
CORESYSXCORESRV.EXEAdded by unidentified malware - see here. The file is located in %ProgramFiles%\ACCESS~1\EXPL32No
Core WeatherUCOREWE~1.EXECore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"Yes
DesktopX WidgetUCOREWE~1.EXECore Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"Yes
Core - To-Do ListUCore_ToDoList.exeCore - To-Do List widget for the DesktopX desktop utility from Stardock Corporation. Adds a "to do" task list on the desktop. Once started, Core_ToDoList.exe loads a file called "DXWidget.exe" and exitsNo
PC-Config32Xcorona.exeDetected by Sophos as W32/Coronex-ANo
[various names]Xcorrida.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
CorrMXCorrM1.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vi and by Malwarebytes as Trojan.Downloader.CRNo
SLL2Xcorrupt.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
PoliciesXcortex.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXcortex.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXcortex.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
PoliciesXcosa.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\installNo
HKLMXcosa.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
HKCUXcosa.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
COSUCOSCLIENT.exeSystem Tray access to the Comodo Online Storage backup utility from Comodo Group, Inc - which provides "secure and reliable online storage for home and business users"No
cosineXcosine.exeDetected by Sophos as W32/Rbot-SWNo
Google UpdaterXcouleur.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\Google UpdaterNo
1DECHryGWxXCouplex.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
couponicaXcouponica.exeAdware - see hereNo
Browser ExtensionsUCouponsHelper.exeDetected by Malwarebytes as PUP.Optional.Spigot. The file is located in %AppData%\BrowserExtensions. If bundled with another installer or not installed by choice then remove itNo
cours-socio-2eme-annee.exeXcours-socio-2eme-annee.exeDetected by Dr.Web as Trojan.Siggen5.30319 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
courtsXcourts1.exeDetected by Intel Security/McAfee as PWS-Zbot-FBBE!5623A1E2E3E3 and by Malwarebytes as Trojan.Agent.CRENo
ActiveX UpdateXCouU.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp% - see hereNo
CowboysScreenServerUCowboysScreenServer.exeScreensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
CowboysScreenServerSvcUCowboysScreenServer.exeScreensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
Sistema de CommXcoxdsyrtl.exeDetected by Sophos as Troj/Agent-NDQ and by Malwarebytes as Backdoor.IRCBotNo
(Default)XCoyFilel.exeDetected by Malwarebytes as Trojan.GamesThief. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
QuicktlmeXcp.exeQuickPage - Switch dialer and hijacker variant, see here. Also detected by Sophos as Dial/Switch-ANo
Nu11ers3tXCp1.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.45783 and by Malwarebytes as Worm.AutoRun.ENo
CP32NOTUCP32BTN.EXEFor the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttonsNo
CP888M1NCP888M1.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPA9P2PSERVER?CPA9P2PS.exeFound on a Compaq Presario but what is it?No
Verizon Control PadNcpad.exeControl Pad - installed with Verizon Online ISP accounts. Tool designed to streamline the online experienceNo
Topic cPanrXcPaner.comDetected by Trend Micro as WORM_SDBOT.AJP. The file is located in %System%No
CPATR10UCPATR10.EXEDritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and ConstrastNo
CPBrWtchUCPBrWtch.exeKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
Cookie PalUCPBRWTCH.EXEKookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you returnNo
CPCmscl0ckXCPCmsclock.ExEAdded by the IRCFLOOD.BF TROJAN!No
McAfee FirewallYCPD.EXEFirewall bundled with McAfee VirusScan 6.*No
CPD_EXEYCPD.EXEFirewall bundled with McAfee VirusScan 6.*No
Comodo FirewallUCPF.exeSystem Tray access to, and notifications for an older version of Comodo Firewall by Comodo Group, IncNo
Comodo Personal FirewallYCPF.exeSystem Tray access to, and notifications for an older version of Comodo Firewall by Comodo Group, IncNo
CyberPatrolNewUcphq.exe"CyberPatrol gives you maximum parental control over your kids' online activities. You have the power to filter content, such as adult sites and inappropriate applications, and set limits on when your kids can go online"No
Cpl32verXCpl32ver.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. The file is located in %System%No
LManagerUCPLBCL53.EXESystem Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurationsNo
CplBTQ00NCplBTQ00.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPLDBL10NCPLDBL10.EXERelated to EZbutton quick launcher for the Media player app that comes with certain laptopsNo
CPLDFL10UCPLDFL10.EXEPart of the EzButton feature on some Toshiba (and maybe others) laptops which support additional buttonsNo
CPM2YCPM.exeEntry added after installing Comodo Programs Manager by Comodo Group, Inc - which "helps users to comprehensively remove programs, drivers, services and Windows components. It monitors and records every change that a program makes to your computer so that it can completely undo those changes when it's time to uninstall." Once the system reboots it's replaced by the "COMODO Programs Manager Service (CPMService)" serviceNo
cpuminerUcpm.exeDetected by Malwarebytes as PUP.Optional.BitCoinMiner. The file is located in %AppData%\cpuminer. If bundled with another installer or not installed by choice then remove itNo
cpuminerUcpm.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
CPMonitorNCPMonitor.exeBackground process installed with versions of multimedia suites from Roxio and their CinePlayer BD/DVD player which monitors your optical drive and starts CinePlayer when a BD/DVD movie is inserted. Autoplay is normally enabled by default in Windows anyway (which you can set to use CinePlayer) or you can run CinePlayer manuallyNo
coupondoUcpnds.exe \run config.jsonDetected by Malwarebytes as PUP.Optional.Coupruon. Both files are located in %LocalAppData%\coupondo - see here. If bundled with another installer or not installed by choice then remove itNo
CPortPatch?CPPatch.exeCPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?No
Compaq Print FaxXcpqa1000.exeDetected by Trend Micro as WORM_SDBOT.BCV. Note the difference between the legitimate Compaq Fax Utility name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this wormNo
A1000 Settings UtilityUcpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these featuresNo
CPQAcDcYCPQAcDc.exeCompaq PowerCon power management software for laptopsNo
Compaq AlerterUCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
CPQAlertUCPQAlert.exeCompaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more informationNo
CPQBootPerfDBNCPQBootPerfDB.EXEWorks with the Compaq Message Server (COMPAQ-RBA.EXE) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problemsNo
CPQCalibYCPQCalib.exeCompaq PowerCon power management software for laptopsNo
CPQDFWAGNCpqDfwAg.exeFor Compaq PC's. Runs Compaq diagnostics on every bootNo
System DLFNcpqdiaga.exeCompaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configurationNo
CPQEASYACCUcpqeadm.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CPQEASYACCUCpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CpqeauiUcpqeaui.exeFor Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keysNo
CPQInet Runtime ServiceUCpqInet.exeFor Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providersNo
CPQINKAGENTNcpqinkag.exeThat is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)No
Compaq PK DaemonUcpqkl.exeFor Compaq laptops for programming user configurable keys. Not required unless you use themNo
cpqnsUcpqnpcss.exeRelated to Compaq.Net - not required if you don't use thatNo
CompaqSystrayNcpqpscp.exeCompaq System Tray iconNo
CpqsetNCpqset.exeDefault settings software in Hewlett Packard notebookNo
CPQTEAMUcpqteam.exeBundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration ToolNo
cprXcprAdroar.com adware downloaderNo
CpRmtKey?CpRmtKey.EXEComponent of the Toshiba Controls. The name suggests it might be related to a remote feature? What does it do and is it required?No
cprocsvcXcproc.exeAdded by MSIL.AGENT.C TROJAN!No
control panel software serviceXcprs.exeDetected by Sophos as W32/Rbot-FPINo
Norton Live Update ServerXcpsdv.exeDetected by Trend Micro as WORM_AGOBOT.EWNo
System DriversXcpsq32.exeDetected by Trend Micro as WORM_SDBOT.AXHNo
Microsoft CPU Over Heat ManagerXCPU.exeAdded by the SLENFBOT.ID WORM!No
CPUCooLUCpucool.exeCPUCooL - a program to keep the processor cool when idle in "overclocked" systems. Also available via Start → Settings → Control PanelNo
CPU IdleXcpuidlexp.exeDetected by Sophos as W32/Agobot-BWNo
Cpu Level Up help?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CpuLevelUpHelp?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CpuLevelUpHelp.exe?CpuLevelUpHelp.exeOverclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?Yes
CPU ManagerXcpumgr.exeDetected by Symantec as W32.Pandem.B.WormNo
cpuminerUcpuminer-gw64.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
cpuminerUcpuminer-x86.exeCPU Miner - uses your computer's resources to mine digital currency for the developer. Detected by Malwarebytes as PUP.Optional.CPUMiner. The file is located in %System%. If bundled with another installer or not installed by choice then remove itNo
CPUMonNCPUMon.exeCPUMon by Denis Kozlov - "is a simple little gadget for monitoring CPU performance from your desktop. It displays a real-time graph of CPU performance as well as current usage indicator"No
cpumsensors.exeXcpumsensors.exeDetected by Malwarebytes as Trojan.BitCoinMiner. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
IntelProcNumUtilityUcpunumber.exeIntel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information hereNo
CPU Power MonitorUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpuPowerMonitorUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpuPowerMonitor.exeUCpuPowerMonitor.exePart of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the systemYes
CpusaveXCpusave.exeDetected by Symantec as Trojan.GemaNo
Cpusave32XCpusave32.exeDetected by Symantec as Trojan.GemaNo
GT15J4R49VXcpuserv.exeIdentified as a variant of the Trojan.Win32.Radi.gu malwareNo
CPU Windows StatusXcpustats.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
CPVHOST SettingsXcpvhost.exeAdded by a variant of the SDBOT BACKDOOR!No
cpxUcpx.exeDetected by Malwarebytes as PUP.Optional.CPX. The file is located in %ProgramFiles%\cpx. If bundled with another installer or not installed by choice then remove itNo
Microsoft CPXP ProtocolXcpxp.exeDetected by Trend Micro as WORM_RBOT.ATPNo
My ComputerXcqcags.exeAdded by the SDBOT-TJ WORM!No
CQlhkNZXCQlhkNZ.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %System%No
cqscp2ps.exe?cqscp2ps.exe"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?No
CQSCP2PSERVER?CQSCP2PS.EXE"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?No
Cr**.exe [* = random char]XCr**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Cr**32.exe [* = random char]XCr**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
explirerXcrack Internet Download Manager.exeDetected by Dr.Web as Trojan.Siggen6.25813 and by Malwarebytes as Backdoor.Agent.IXPNo
crack-full.vbsXcrack-full.vbsDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
crackXcrack.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zw and by Malwarebytes as Trojan.Agent.ENo
crack.exeXcrack.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!zw and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CrackedXCrackedDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
crackeddownloadmanger.exeXcrackeddownloadmanger.exeDetected by Dr.Web as Trojan.DownLoader11.26941 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
cracked_windows1Ucracked_windows1.exeCracked Windows popup killerNo
Cracker Crypt.exeXCracker Crypt.exeDetected by Malwarebytes as Trojan.Backdoor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
HKLMXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXCrackReloadedSimcity.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
GoogleCrashHandlerXCrashHandler.exeDetected by Intel Security/McAfee as RDN/Generic.tfr!dz and by Malwarebytes as Trojan.Clicker.GenNo
Salus CrashMonUCrashMon.exeDetected by Malwarebytes as PUP.Optional.Salus.PrxySvrRST. The file is located in %ProgramFiles%\Salus. If bundled with another installer or not installed by choice then remove itNo
CrashMonUCrashMon.exe UniversalUpdaterDetected by Malwarebytes as PUP.Optional.UniversalUpdater. The file is located in %ProgramFiles%\Universal Updater. If bundled with another installer or not installed by choice then remove itNo
CrashPlan TrayUCrashPlanTray.exeSystem Tray access to, and notifications for the CrashPlan online backup software from Code 42 SoftwareNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.1stBrowser. The file is located in %LocalAppData%\1stBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.BoBrowser. The file is located in %LocalAppData%\BoBrowser\Application. If bundled with another installer or not installed by choice then remove itNo
CrashServiceUcrash_service.exeDetected by Malwarebytes as PUP.Optional.Clara. The file is located in %LocalAppData%\Tortuga\Application. If bundled with another installer or not installed by choice then remove itNo
[random]Xcrasos.exeDetected by Sophos as Troj/DropPS-ANo
PoliciesXCrate Bug.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\installNo
crawfx43Xcrawfx43.exeDetected by Intel Security/McAfee as Generic FakeAlert and by Malwarebytes as Backdoor.Messa.ENo
CrawlerToolbarUCrawler.exeCrawler Toolbar by Crawler, LLC - "allows you to get search results from multiple search engines at once" and "also includes many useful features such as popup blocker, form filler, browser skins & cursors, download manager, spellchecker and other useful functions"No
crazybeezXcrazybeez.exeDetected by Dr.Web as Trojan.DownLoad2.26469 and by Malwarebytes as Trojan.Agent.ENo
CRBroadCastingUCRBroadCasting.exeCardReader2 from On Track Inovations Ltd. USB Card ReaderNo
Windows Services windirXcrc32.exeDetected by Kaspersky as Backdoor.Win32.SdBot.gxb and by Malwarebytes as Backdoor.Sdbot. The file is located in %Windir%No
Crc32stats DependenciesXCrc32stats.exeAdded by the MYTOB.GT WORM!No
crccrcs.exeXcrccrcs.exeDetected by Malwarebytes as Trojan.Inject. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PCprotXcrcss.exeAdded by an unidentified WORM!No
Client Server Control ProcessXcrcss.exeAdded by the AGENT-HR TROJAN!No
Configuration LoaderXcrcss.exeDetected by Trend Micro as WORM_AGOBOT.ADG and by Malwarebytes as Backdoor.BotNo
crcssXcrcss.exeDetected by Dr.Web as Trojan.DownLoader11.51311. The file is located in %AppData%\WindowsNo
CRCSSXcrcss.exeDetected by Sophos as W32/IRCBot-TH. The file is located in %System%No
crcssXcrcss.exeDetected by Intel Security/McAfee as W32/Sdbot.bfr. The file is located in %Windir%No
CreanVirusXCreanVirus.exeDetected by Dr.Web as Trojan.DownLoader9.37470 and by Malwarebytes as Trojan.Agent.CRVNo
Windows Media UpdaterXcrease.exeDetected by Sophos as W32/Rbot-ATINo
Create Pain.vbsXCreate Pain.vbsDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Create A MonsterXcreateAMonster.exeKudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware relatedNo
CreateCDNCreatecd.exeAdaptec Easy CD Creator system tray application (pre version 5). Available via Start → ProgramsNo
CreateCD50NCreatecd50.exeAdaptec Easy CD Creator version 5 system tray application. Available via Start → ProgramsNo
setFTPBackXcreatesw.exeDetected by Symantec as Backdoor.FTP_BmailNo
Adobe Creative CloudNCreative Cloud.exeAdobe Creative Cloud - "brings together everything you need to create your greatest work. One simple membership gives you and your team access to the very latest versions of all the Adobe professional creative desktop applications like Photoshop®, Illustrator®, and more - plus new features and upgrades as soon as they're available. Cloud storage and file syncing capabilities allow you to reliably access your files wherever you are, even on your mobile device, and you can share concepts with clients or colleagues more easily than ever"No
CREATIVE SOUND BLASTER for Windows NTXcreative.exeDetected by Kaspersky as Backdoor.Win32.SdBot.bdb. The file is located in %System%No
Creative.exeXCreative.exeDetected by Symantec as W32.Prolin.Worm. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
Creative Audio DriversXcreative.exeDetected by Sophos as W32/Rbot-FKRNo
CredentialsXCredentials.exeDetected by Dr.Web as Trojan.KillProc.20373 and by Malwarebytes as Trojan.Agent.CHNo
CreditCop2XCreditCop2Up.exeCreditCop rogue security software - not recommended, removal instructions hereNo
CreditCopXCreditCopUp.exeCreditCop rogue security software - not recommended, removal instructions hereNo
Credential® Backup® and Restore® Wizard®Xcredwiz.exeDetected by Sophos as Mal/MSIL-HH and by Malwarebytes as Trojan.AgentNo
cress.exeXcress.exeDetected by Malwarebytes as Trojan.FakeMS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AudioXcress.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %AppData%\fsociety\FolderNo
PoliciesXcretible.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\wintNo
HKLMXcretible.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\wintNo
HKCUXcretible.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\wintNo
crfssXcrfss.exeDetected by Dr.Web as Trojan.Packed.23322 and by Malwarebytes as Backdoor.AgentNo
CrhomeXCrhome.exeDetected by Dr.Web as Trojan.DownLoad3.4852 and by Malwarebytes as Trojan.BankerNo
System Updater MachineXcrhwss.exeDetected by Sophos as Troj/Ciadoor-DQNo
crimepXcrimepDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %AppData%No
voucherlmfao123XcrimepDetected by Malwarebytes as Trojan.Agent.CM. The file is located in %AppData%No
Crr1Xcript.batDetected by Symantec as Trojan.Ransomcrypt.AX and by Malwarebytes as Ransom.FileCryptorNo
Crr2Xcript.exeDetected by Symantec as Trojan.Ransomcrypt.AX and by Malwarebytes as Ransom.FileCryptorNo
CriticalUpdateXcritical-update.exeDetected by Malwarebytes as Backdoor.Agent.CU. The file is located in %AppData%\Sec UpdateNo
Tool UpdateXcritical-update.exeDetected by Malwarebytes as Backdoor.Agent.CU. The file is located in %AppData%No
MSUpdateXcriticalUpdate.exeDetected by Symantec as Adware.Affilred and by Malwarebytes as Trojan.AgentNo
critical_fixXcritical_fix.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData% - see hereNo
C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exeUCritProc.exeKeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!No
cmrssXcrmss.exeDetected by Sophos as Troj/Dloader-EKNo
Microsoft USB2 DriverXcrmss.exeAdded by the RBOT-VK WORM!No
ShellXcrohome.exe,explorer.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "crohome.exe" (which is located in %UserProfile%)No
GoogleUpdateXcrome.exeDetected by Dr.Web as Trojan.StartPage.57675 and by Malwarebytes as Trojan.Agent.IGenNo
HKLMXcrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
HKCUXcrome.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
SETPOIXCrome.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!si and by Malwarebytes as Backdoor.Messa.ENo
Windows Firewall UpdaterXcronos.exeDetected by Sophos as W32/Rbot-GBYNo
systemkXcross.exeDetected by Dr.Web as Trojan.Siggen6.32769 and by Malwarebytes as Backdoor.Agent.STNo
CrossbrowseUcrossbrowse.exeDetected by Malwarebytes as PUP.Optional.Crossbrowse. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Crossbrowse\Crossbrowse\Application. If bundled with another installer or not installed by choice then remove itNo
GoogleChromeAutoLaunch_[ID]Ucrossbrowse.exeDetected by Malwarebytes as PUP.Optional.Crossbrowse. The file is located in %ProgramFiles%\Crossbrowse\Crossbrowse\Application. If bundled with another installer or not installed by choice then remove itNo
CrossMenuUCrossMenu.exeToshiba CrossMenu Utility - allows the user to create their own menusNo
CrossRiderPluginUCrossrider.exePlugin for Crossrider - "an easy to use Javascript framework to create cross browser extensions in minutes. Save months of cross browser extensions development, and ride our framework with its unique tools and solutions"No
CRP386 NetworkingXcrp386.exeAdded by a variant of the IRCBOT BACKDOOR!No
remcosXcrrsc.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %System%\sistemaNo
HKLMXcrrsc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sistem32No
HKLMXcrrsc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32No
HKCUXcrrsc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\Sistem32No
HKCUXcrrsc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32No
crrsrl32Xcrrsrl32.exeDetected by Intel Security/McAfee as RDN/Generic.dx!dh3 and by Malwarebytes as Backdoor.Agent.CRNo
crrssXcrrss.exeDetected by Sophos as Troj/Agent-VDJ and by Malwarebytes as Trojan.AgentNo
crsXcrs.exeDetected by Sophos as W32/Agobot-TJNo
win64defenderXcrs.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.DCENo
ASP.NET State ServiceXcrsass.exeDetected by Sophos as Troj/Banload-MNo
hkcmd ModuleXcrsc.exeDetected by Intel Security/McAfee as Generic Downloader.x and by Malwarebytes as Backdoor.AgentNo
Windows System ManagerXcrsl.exeDetected by Trend Micro as WORM_SDBOT.MGNo
crsmcap1Xcrsmcap1.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %Root%\registroNo
crsmcap3Xcrsmcap3.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
Print Driver Helper ServiceXcrsrr.exeDetected by Sophos as Troj/Agent-BCNo
[various names]Xcrsrs.exeAdded by the FORBOT-AK WORM!No
Auto updatXcrsrs.exeAdded by the FORBOT-BP WORM!No
Win32 Information ServiceXcrsrs.exeAdded by the RINBOT.Y WORM!No
crsrss.exeXcrsrss.exeDetected by Dr.Web as Trojan.AVKill.34724 and by Malwarebytes as Trojan.Agent.ENo
Document Explorer2Xcrss.exeDetected by Intel Security/McAfee as Downloader.a!cqj and by Malwarebytes as Trojan.AgentNo
System Config ManagerXcrss.exeDetected by Trend Micro as WORM_AGOBOT.GHNo
Win exe file managrXcrss.exeDetected by Trend Micro as WORM_RBOT.CCINo
Windows UpdateXcrss.exeDetected by Dr.Web as Trojan.Inject1.8151No
Windows UpdateXcrss.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WDWGenNo
Windows UpdateXcrss.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserTemp%\WindowsNo
MAINBOARDXcrss.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%No
svchostXcrss.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %UserTemp%No
CRSSXCRSS.exeDetected by Sophos as W32/Agobot-RM and by Malwarebytes as Backdoor.BotNo
LogonXcrss.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.aru and by Malwarebytes as Backdoor.MessaNo
WindowsXCrss.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %Root%\Users\Public\AppData\Svchost\SvchostNo
WindowsXCrss.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %System%\SvchostNo
PoliciesXcrss.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%No
Windows Registry SecurityXcrss.exeAdded by a variant of W32.IRCBotNo
Download Manager2Xcrss.exeDetected by Intel Security/McAfee as Downloader.a!cqj and by Malwarebytes as Trojan.AgentNo
WinDefenderXcrss.exeDetected by Intel Security/McAfee as RDN/Ransom!a and by Malwarebytes as Trojan.Agent.GenNo
Sygate Personal PortXcrss.exeAdded by the RBOT-PX WORM!No
HKLMXcrss.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
WINDIWS32Xcrss.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ro and by Malwarebytes as Backdoor.Agent.ENo
Controlled Resource System ServiceXcrss.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Profile Manager2Xcrss.exeDetected by Intel Security/McAfee as Downloader.a!cqj and by Malwarebytes as Trojan.AgentNo
WindowsUpdatecrssXcrss.exeDetected by Malwarebytes as Backdoor.IRCBot.Gen. The file is located in %System%No
HKCUXcrss.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%No
Win32 Network DriverXcrss.exeAdded by a variant of the AGOBOT WORM!No
Windows ProcessXcrss.exe.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
2k6 updatzXcrss3.exeAdded by the RBOT-CPD WORM!No
crss32 serviceXcrss32.exeDetected by Dr.Web as Trojan.DownLoader1.23378 and by Malwarebytes as Trojan.ScarNo
crss32 serviceXcrss32.exeDetected by Intel Security/McAfee as Generic.dx!ztv and by Malwarebytes as Trojan.AgentNo
Norton Auto ProtectXcrss32.exeDetected by Trend Micro as WORM_SDBOT.ATFNo
Microsoft Update MachineXcrss32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Microsoft Driver SetupXcrssc.exeDetected by Sophos as Mal/VBCheMan-A and by Malwarebytes as Worm.Palevo. The file is located in %AppData%No
crsscmgrXcrssc.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %AppData%\Adobe\crsscmgr - see hereNo
Windows System ManagerXcrssm.exeDetected by Sophos as W32/Rbot-AFHNo
WindowsServiceUpdateXcrssn.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.hwf and by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
MS taskbarXcrssr.exeDetected by Sophos as W32/Rbot-AGONo
CaptionMgr32Xcrssr.exeAdded by the ZAR.A WORM!No
SP2 Firewall/Internet UpdaterXcrssrs.exeDetected by Trend Micro as WORM_RBOT.BJONo
MSControl28Xcrsss.exeDetected by Trend Micro as WORM_SPYBOT.AJXNo
Windows Service UpdateXcrsss.exeDetected by Trend Micro as WORM_SDBOT.CWX. The file is located in %System%No
crsssXcrsss.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
crsssXcrsss.exeDetected by Trend Micro as WORM_AUTORUN.FM. The file is located in %System%No
start uploadingXcrsss.exeDetected by Sophos as W32/Rbot-SZ and by Malwarebytes as Trojan.PasswordStealerNo
Windows media serviceXcrsss.exeDetected by Trend Micro as WORM_RBOT.ACY and by Malwarebytes as Password.StealerNo
Client Server Runtime ProcessXcrsss.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %CommonAppData%\VpathNo
net32Xcrsss.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Microsoft UpdatesNo
CRC Value VerifierXcrsss.exeDetected by Trend Micro as WORM_SPYBOT.UKNo
Win32 Security ServiceXcrsss.exeDetected by Sophos as W32/Delbot-ONo
Creates R Files SystemsXcrsss.exeAdded by a variant of Backdoor.Sdbot. The file is located in %System%\inetsrvNo
Vital Master-boot DLLXcrsss.exeDetected by Trend Micro as WORM_RBOT.ASENo
CRC Value VerifierXcrsss32.exeAdded by the SPYBOT.GY WORM!No
CRC Value VerifierXCrsss64.exeDetected by Sophos as W32/Rbot-NYNo
CrssssXCrssss.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.LMTNo
CRSSXP SysInfoXcrssxp.exeAdded by a variant of the SDBOT BACKDOOR!No
SyslogXcrsvc.exeDetected by Trend Micro as WORM_VB.FKI and by Malwarebytes as Worm.AutoRunNo
System32Xcrsvvc.exeDetected by Trend Micro as WORM_RBOT.BLY and by Malwarebytes as Trojan.AgentNo
Microsoft Internet ExplorerXcrsys32.exeDetected by Trend Micro as WORM_RBOT.UZNo
AuxivobjXcrtdsjob.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Microsoft Control CenterXcrtl.exeAdded by the RBOT-VX WORM!No
Microsoft CRT Monitor ManagerXcrtmon.exeAdded by the ROBOTON.A WORM!No
Windows (ICS) SpoolerXcrtss.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
USB driversXcrv.exeAdded by the AUTORUN-HS WORM!No
system_memoryXcrvss.exeDetected by Sophos as Troj~Zegost-BZ and by Malwarebytes as Trojan.Agent.CRVNo
Windows media serviceXcrvss.exeDetected by Trend Micro as WORM_SDBOT.VPNo
PlayCenterXcrx.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData% - see hereNo
CryHaxXCRY.batDetected by Dr.Web as Trojan.MulDrop5.4087 and by Malwarebytes as Trojan.Agent.ENo
AuxiscliXcrypcopy.exeDetected by Malwarebytes as Trojan.Trustezeb. The file is located in %System%No
avichlExXcrypcopy.exeDetected by Malwarebytes as Backdoor.Papras. The file is located in %System%No
AuxifdtsXcrypput8.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
SvchostXcrypt.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.26359 and by Malwarebytes as Backdoor.Bot.ENo
AppDataXCrypt.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserTemp%No
FrazXcrypt.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Trojan.MSIL.BVXGenNo
YAHOOXcrypt.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.CRPGenNo
1zTbQvrrqvgZgXcrypt.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.26359No
crypt0-Encrypt.exeXcrypt0-Encrypt.exeDetected by Malwarebytes as Ransom.FileCryptor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Crypt0ed.exeXCrypt0ed.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.WW. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
cryptdlgXcryptdlg.exeDetected by SUPERAntiSpyware as Trojan.CryptDlg.Process. The file is located in %System%No
wacultXcrypted.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
crvyqPeXHorMosHDmzZZBJVxRwUmMmxrKtQzLQNYpEMNWuoSUBXCrypted.exeDetected by Malwarebytes as Trojan.MSIL.Gen. The file is located in %LocalAppData%No
crypted.exeXcrypted.exeDetected by Intel Security/McAfee as Generic PWS.y!dwx. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
crypted.exeXcrypted.exeDetected by Malwarebytes as Trojan.Agent.CRP. The file is located in %UserTemp%No
procman.exeXcrypted.exeDetected by Malwarebytes as Trojan.Backdoor.AI. The file is located in %UserTemp%No
scvhostXcrypted.exeDetected by Dr.Web as Trojan.Siggen2.48002 and by Malwarebytes as Trojan.AgentNo
JavaXCrypted.exeDetected by Intel Security/McAfee as Generic Dropper.mk and by Malwarebytes as Backdoor.Agent.ENo
MSConfigXcrypted.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%\DesktopNo
Crypted.packed.exeXCrypted.packed.exeDetected by Dr.Web as Trojan.Siggen6.5483 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
crypted.vbsXcrypted.vbsDetected by Intel Security/McAfee as RDN/Generic.grp!ft and by Malwarebytes as Trojan.Agent.CRYP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
crypted.vbsEncrypte.vbsXcrypted.vbsEncrypte.vbsDetected by Dr.Web as Trojan.DownLoader10.29962 and by Malwarebytes as Trojan.Agent.CRYP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Crypted0.6.vbsXCrypted0.6.vbsDetected by Dr.Web as Trojan.DownLoader11.30066 and by Malwarebytes as Trojan.Agent.CRYP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
cryptedtemp.vbsXcryptedtemp.vbsDetected by Dr.Web as Trojan.Hworm.1. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
wacultXcryptedwacult.exeDetected by Intel Security/McAfee as