Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 30th November, 2017
52420 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1431 results found for N

Startup Item or Name Status Command or Data Description Tested
UNC5KUXN-More.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MoRe-NNo
CEUSZ9TMXN-More.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\MoRe-NNo
dpzProtectXn.vbeDetected by Symantec as VBS.Runauto.HNo
ScanRegistryXN/ADetected by Symantec as W32.DinoxiNo
nAv AGENTXN/ADetected by Symantec as W97M.Riosys. Note the lower case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processesNo
SchedulingAgentXN/ADetected by Symantec as W32.DinoxiNo
17779Proj2002?N/A??No
Nod3d2 Free antivirusXN0d32krn.exeDetected by Sophos as W32/Rbot-ABQNo
svtcinXn20050308.a.Stub.EXEDetected by SUPERAntiSpyware as Trojan.N20050308.Process. The file is typically located in %System%No
tsvcinXn20050308.exeDelfin Media Viewer adware relatedNo
nsvcinXn20050308.exeDelfin Media Viewer adware relatedNo
ntechinXn20050308.exeDelfin Media Viewer adware relatedNo
ID5370DI34UOXN2CDDV2Y.exeDetected by McAfee as RDN/Generic.dx!ckx and by Malwarebytes as Backdoor.Agent.ENo
SystemSv121Xn2ewma1xxsv234.exeDetected by PC Tools (now Symantec) as Trojan.Tibs.JT. The file is located in %System%No
MONPluginSrIvcsXn3monap23.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
MSNPluginSrIvcsXn3vasap23.exeDetected by Microsoft as Backdoor:Win32/Sdbot.DI and by Malwarebytes as Backdoor.BotNo
nabilahXn4b1l4h_jkt48.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.ENo
anbv32Xnabv32.exeDetected by Symantec as W32.Titog.C.WormNo
nacarXnacar.exeDetected by McAfee as Generic PWS.y!d2u and by Malwarebytes as Adware.KoradNo
nacgascotdinXnacgascotdin.exeDetected by McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Trojan.Agent.USNo
chostXNachVirus.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %UserTemp%No
nacjuijuibegXnacjuijuibeg.exeDetected by McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Trojan.Agent.USNo
Net Activity DiagramUnad.exeNet Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start → ProgramsNo
NADaemonNNADAEMON.EXEProgram by NetActive which appears to be piggybacked onto some NVIDIA graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not requiredNo
iCnNNAG.EXEiChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same nameNo
Razer Naga DriverUNagaEpicSysTray.exeRazer Naga gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Razer Naga DriverUNagaTray.exeRazer Naga gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
NaggerrunkeyNnagger.exePackard Bell Free Internet Signup screenNo
nah_ShellXnah_[random].exeDetected by Symantec as Backdoor.Snifula.E and by Malwarebytes as Trojan.HanamNo
Naimagent_UIYnaimag32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scanNo
Naimagent_serviceYnaimas32.exeWorkstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scanNo
GoOutsideXnakedx.exeDetected by Sophos as W32/Sdbot-AGKNo
bs_stealthXNaked_picture.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.BSGenNo
nakro.exeXnakro.exeDetected by Sophos as Troj/Fareit-AFD and by Malwarebytes as Backdoor.DarkComet. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Application ExplorerUNALDESK.EXEPart of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications." Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
LenovoNal?NalService.exePart of Lenovo Peer Connect. What does it do and is it required?No
Application ExplorerUNalView.exePart of Novell's ZENworks - "a family of IT management products that tracks, manages and protects an organization's client devices and their respective applications." Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applicationsNo
namclean199Xnamclean199.exeDetected by McAfee as Downloader.a!c2a and by Malwarebytes as Trojan.AgentNo
NetWireXname.exeDetected by Malwarebytes as Trojan.Redlonam. The file is located in %Temp%\FolderNNo
Startup KeyXName.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.GenNo
zzzXName.exeDetected by Dr.Web as Trojan.MulDrop5.17442 and by Malwarebytes as Trojan.Agent.ENo
loadXname.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe" (which is located in %AppData%\FolderN)No
loadXname.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe" (which is located in %UserTemp%\FolderN)No
loadXname.exeDetected by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe" (which is located in %UserTemp%\FolderNX)No
loadXname.exeDetected by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe" (which is located in %UserTemp%\nnsnaerN)No
loadXname.exeDetected by Malwarebytes as Trojan.Agent.PFD. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe" (which is located in %UserTemp%\PDF)No
loadXname.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe.lnk" (which is located in %AppData%\FolderN)No
loadXname.exe.lnkDetected by Sophos as Troj/Bladabi-CD and by Malwarebytes as Trojan.Redlonam. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "name.exe.lnk" (which is located in %Temp%\FolderN)No
nana2009Xnana2009.exeDetected by Kaspersky as Backdoor.Win32.Poison.pg. The file is located in %Temp%No
Ya SalamXNancyAjram.exeDetected by Symantec as W32.Jalabed@mmNo
Nano AntivirusXnanoav.exeNano Antivirus rogue security software - not recommended, removal instructions hereNo
NanomaintenanceXNanomaintenance.exeDetected by Sophos as Troj/VB-IFY and by Malwarebytes as Trojan.Agent.RNSNo
Nanomaintenance.exeXNanomaintenance.exeDetected by Sophos as Troj/VB-IFY and by Malwarebytes as Trojan.Agent.RNS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftXnans.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. The file is located in %Root%\folderNo
daf99bc4999394b0beaab61307beb250Xnanse.exeDetected by McAfee as RDN/Generic BackDoor!qz and by Malwarebytes as Trojan.MSILNo
RnaomfltUnaomf.exeNaomi internet filtering softwareNo
Mionix NAOS 5000UNAOS_Monitor.EXESupport software for the Mionix NAOS 5000 laser gaming mouseNo
NAP32XNAP32.exePremium rate Adult content dialerNo
nvpatchXnapatch.exeDetected by Sophos as W32/Sasser-FNo
Windows Logon ServiceXnapi32.exeDetected by Symantec as W32.Spybot.ANDMNo
egikuguXnapolecy.exeDetected by Total Defense as Win32.Lioten.KS. The file is located in %System%No
napstatxt.exeXnapstatxt.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserTemp% - see hereNo
napumdeadyfsXnapumdeadyfs.exeDetected by Sophos as Troj/Cutwail-AI and by Malwarebytes as Trojan.Agent.EDNo
narofixonaXnarofixona.exeDetected by McAfee as RDN/Generic Dropper!vc and by Malwarebytes as Trojan.Agent.USNo
NarratorUNarrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speechNo
RunNarratorUNarrator.exeAssociated with the Narrator accessibility feature on Windows XP. It is used to convert text to speechNo
Windows Audio LayerXnarsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.GONo
Network AdministrationXNAS.exeDetected by Symantec as Backdoor.AntiLam.20.QNo
NasUnas.exeClearx adwareNo
NashWallXnashwall.exeDetected by Dr.Web as Trojan.DownLoader11.24614 and by Malwarebytes as Ransom.ForeignNo
java update.exeXNashy.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%No
Microsoft.exeXNashy.exeDetected by Malwarebytes as Backdoor.Agent.MTGen. The file is located in %UserTemp%No
NAS MonitorXnasmon.exeDetected by McAfee as RDN/Generic.dx!dfl and by Malwarebytes as Trojan.Agent.NSMGenNo
ccAppXNasty.exeDetected by Symantec as Trojan.ObsorbNo
NavScanXNasty.exeDetected by Symantec as Trojan.ObsorbNo
4wd!!!XNatal!.pifDetected by Trend Micro as WORM_OPASERV.AINo
natalXNatal.scrDetected by Symantec as W32.Opaserv.AE.WormNo
atargetXNatarget.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\AtargetNo
NateFinderXNateFinderUpt.exeDetected by McAfee as Generic.dxNo
IpAgentUNatesearch.exeDetected by Malwarebytes as PUP.Optional.KorAd. The file is located in %AppData%\ipagent. If bundled with another installer or not installed by choice then remove itNo
NateXnate_as.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\nate_as - see hereNo
nativelog.txtXnativelog.txtDetected by Malwarebytes as Malware.Trace.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NATDriverXnatsdrv.exeDetected by Dr.Web as Trojan.DownLoader7.22726 and by Malwarebytes as Trojan.RansomNo
NATServ.exeXNATServ.exeDetected by Malwarebytes as Trojan.Banker.NTS. The file is typically located in %AppData%\[digits] - see an example hereNo
Dragon NaturallySpeakingUnatspeak.exeDragon NaturallySpeaking speech recognition software from Nuance (was ScanSoft)No
NAT ServiceXnatsv.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %ProgramFiles%\NAT ServiceNo
NattlyDefenderXNattlyDefender.exeDetected by Dr.Web as Trojan.DownLoader9.60474 and by Malwarebytes as Trojan.Agent.ENo
Natural DesktopUNatural Desktop.exeAnimated desktop gadget included with the Natural Desktop theme for MyColors from Stardock CorporationNo
Naughty.exeXNaughty.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.JVNo
Microsoft UpdateXNAV.exeDetected by Sophos as W32/Rbot-IV and by Malwarebytes as Backdoor.BotNo
NavxXnav.exeDetected by McAfee as Generic Downloader.x and by Malwarebytes as Trojan.Banker.OINo
SystemXnav32.exeDetected by Sophos as W32/Rbot-BHV and by Malwarebytes as Trojan.KeyLoggerNo
Norton Auto ProtectXnava.exeAdded by an unidentified VIRUS, WORM or TROJAN! The file is located in %System%No
Nortan Anti VirusXnava32.exeDetected by Symantec as Backdoor.FTP_Ana.CNo
Windows Print SpoolerXNavAgent32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WinNavap ServiceXnavapdlls32.exeDetected by Trend Micro as WORM_RBOT.BLFNo
navappXnavapp.exeNavExcel adware variantNo
AUTOPROTECTUXnavapq32.exeAdded by an unidentified WORM or TROJAN!No
Compaq Service DriversXnavapqwa.exeDetected by Trend Micro as WORM_SDBOT.BBQ and by Malwarebytes as Backdoor.IRCBotNo
protecseXnavapss32.exeDetected by Trend Micro as WORM_SDBOT.AFENo
Norton Service ProcessXnavapsvc.exeDetected by Sophos as W32/Agobot-GV. Note - this is not the valid Norton Anti-Virus service which has the same file and is located in %ProgramFiles%\Norton AntiVirus. This one is located in %System%No
Video ProcessXNavapsvcc.exeDetected by Sophos as W32/Spybot-CWNo
Norton Service ProcessXnavapvc.exeAdded by the AGOBOT.GV BACKDOOR!No
Norton AntiVirus AutoProtectYnavapw32.exeBackground scanning process for older versions of Norton AntiVirus which continuously detects and repairs viruses and other malwareNo
Norton Auto-ProtectYnavapw32.exeBackground scanning process for older versions of Norton AntiVirus which continuously detects and repairs viruses and other malwareNo
NAV AgentYnavapw32.exeBackground scanning process for older versions of Norton AntiVirus which continuously detects and repairs viruses and other malwareYes
navapw32Ynavapw32.exeBackground scanning process for older versions of Norton AntiVirus which continuously detects and repairs viruses and other malwareYes
NavaShieldXnavashield.exeNava Shield rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.NavaShieldNo
NavRegReminderNNAVBrowser.exeRegistration reminderNo
ScanSoft PaperPort 7 Registration ReminderNNAVBrowser.EXE NavLoad.iniRegistration reminder for PaperPort version 7 from Scansoft (now Nuance)No
Corel ReminderNNAVBrowser.exe NavLoad.iniRegistration reminder for some Corel productsNo
MSOfficeCfgXnavchk.exePremium rate adult content dialerNo
SchedulerMgrXnavchk.exePremium rate adult content dialerNo
NAVCheckXnavchk.exePremium rate adult content dialerNo
QTSvcXnavchk.exePremium rate Adult content dialerNo
SystemServiceXnavchk.exePremium rate Adult content dialerNo
System Information ManagerXNavcpe.exeDetected by Sophos as W32/Sdbot-QBNo
NaverAgentXNaverAgent.exeDetected by Malwarebytes as Adware.K.NaverAgent. The file is located in %ProgramFiles%\naver\NaverAgentNo
navert.exeXnavert.exeDetected by Dr.Web as Trojan.Click2.51385No
Navigation FixXnavfix.exeDetected by Dr.Web as Trojan.Siggen4.13073No
Microsoft UpdatingXnavguard.exeDetected by Trend Micro as WORM_RBOT.HWNo
NaviscopeUnaviscope.exeNaviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much moreNo
Microsoft UpdateXnavmgrd.exeDetected by Trend Micro as BKDR_SDBOT.DP and by Malwarebytes as Backdoor.BotNo
NAVMon32XNAVMon32.exEDetected by Trend Micro as WORM_WINKO.AONo
navp.exeXnavp.exeDetected by Sophos as W32/Agobot-OENo
NavPassXNavPass.exeFree system for gaining access to and downloading from adult content web-sitesNo
Symantec Security Routine AddonXnavpaw.exeDetected by Sophos as W32/Agobot-ESNo
cpntmgcXnavpmc.exeDetected by Trend Micro as TROJ_MAGICON.ANo
mslagentXnavpmc.exeSlagent adwareNo
NAV Auto ProtXnavprot1.exeDetected by Trend Micro as WORM_RBOT.ZACNo
Norton AutoProtectXnavprot32.exeDetected by Sophos as W32/Rbot-UX. Note - this is not a valid Symantec/Norton entryNo
NAV Auto ProtectXnavprotect.exeDetected by Trend Micro as WORM_RBOT.BKW. Note - this is not a valid Norton AntiVirus product from SymantecNo
AVSTRTXnavpsrvc.exeDetected by Sophos as W32/Forbot-EFNo
Symantec Security Routine Addon for Microsoft WindowsXnavpxaw32.exeDetected by Sophos as W32/Agobot-QJNo
NAV Scan ServiceXNAVscan32.exeDetected by Trend Micro as WORM_SDBOT.VGNo
NAVSCAN32.EXEXNAVSCAN32.exeDetected by Sophos as W32/Sdbot-DONo
NAVSCAN64.EXE /sXNAVSCAN64.exeDetected by Sophos as W32/Rbot-TNo
NAVSCANNER32XNAVSCANNER32.EXEDetected by Trend Micro as WORM_RBOT.QCNo
Norton Antiviral ScannerXnavscnr.exeDetected by Sophos as W32/Delbot-KNo
bootsecXNAVSSE.exeDetected by Sophos as W32/Forbot-CYNo
NvCplDmnXNAVSVC.EXEAdded by an unidentified VIRUS, WORM or TROJAN!No
Norton SpySweeper AutoUpdateXnavsw.exeDetected by Sophos as W32/Forbot-ASNo
Norton AntiVirus SysXNAVsys32.exeAdded by a variant of WORM_WOOTBOT.GENNo
NAVtaskXNAVtask.exeDetected by Sophos as W32/Rembot-ANo
MS UniXXnavupdate64.exeDetected by Total Defense as Win32.Rbot.CRZ. The file is located in %System%No
NAV Auto UpdatesXnavupdaters.exeDetected by Sophos as W32/Rbot-UNNo
NAV Auto UpdatesXnavupdaterx.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
RunDll.exeXnavupdt2.exeDetected by Sophos as Troj/Banloa-BJN and by Malwarebytes as Worm.AutoRunNo
Norton UpdaterXnavupdtr.exeDetected by Trend Micro as WORM_SDBOT.AXVNo
NAVWatchXNAVWatcher.exeVX2.Transponder parasite updater/installer relatedNo
NAV Auto UpdatesXnavwindows.exeAdded by a variant of the SDBOT BACKDOOR!No
NAV_UpdateXNAV_Update.exeUnidentified WORM or TROJAN!No
nawadll32Xnawadll32.exeDetected by Sophos as W32/Sdbot-ZINo
nawdll32Xnawdll32.exeDetected by Sophos as W32/Sdbot-ZMNo
nawewijixnaXnawewijixna.exeDetected by McAfee as RDN/Generic Dropper!vf and by Malwarebytes as Trojan.Agent.USNo
xvihkdgoyXnaxjasb.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
SGXnazerke.exeDetected by Malwarebytes as Ransom.Globe. The file is located in %AppData%No
nazimzypwoxiXnazimzypwoxi.exeDetected by McAfee as RDN/Generic.dx!cmh and by Malwarebytes as Trojan.Agent.USNo
na_net_face.exeXna_net_face.exeDetected by Dr.Web as Trojan.Siggen6.17439 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WinDefendXNB.exeDetected by Dr.Web as Trojan.MulDrop2.44757 and by Malwarebytes as Backdoor.MessaNo
HelloworldXnb32ext2.exeDetected by Trend Micro as WORM_BOBAX.ADNo
RPCserv32gXNB32EXT2.EXEDetected by Trend Micro as WORM_BOBAX.ADNo
helloworldXnb32ext3.exeDetected by Trend Micro as WORM_MYTOB.JTNo
helloworld3Xnb32ext4.exeDetected by Trend Micro as WORM_RITDOOR.ANo
Nero BackItUpUNBAgent.exeCore task for versions Nero BackItUp which provides System Tray access and runs all backup jobs (to hard disk, Network, FTP, CD/DVD) for the files and folders that you specify. Required if you have any scheduled backups or use the Autobackup feature. Installed as part of stand-alone backup products such as Nero BackItUp or as part of multimedia suites such as Nero ClassicYes
NBAgentUNBAgent.exeCore task for versions Nero BackItUp which provides System Tray access and runs all backup jobs (to hard disk, Network, FTP, CD/DVD) for the files and folders that you specify. Required if you have any scheduled backups or use the Autobackup feature. Installed as part of stand-alone backup products such as Nero BackItUp or as part of multimedia suites such as Nero ClassicYes
MicrosoftctfmonXnbb.exeDetected by Dr.Web as Trojan.DownLoad3.6216 and by Malwarebytes as Trojan.AgentNo
Nero BackItUpUNBCore.exeAutobackup feature of Nero BackItUp version 4 which runs in the background and backs up the files and folders that you specify. If there are modifications or new files, Autobackup carries out a backup update automatically, replacing the existing backup with the current one. Installed as part of both the stand alone product and Nero 9 digital media suites (CD/DVD burning, authoring, etc)Yes
NBCoreUNBCore.exeAutobackup feature of Nero BackItUp version 4 which runs in the background and backs up the files and folders that you specify. If there are modifications or new files, Autobackup carries out a backup update automatically, replacing the existing backup with the current one. Installed as part of both the stand alone product and Nero 9 digital media suites (CD/DVD burning, authoring, etc)Yes
Nero SecurDisc clientUNBHGui.exeSecurDisc support for the Nero InCD packet writing utility. "SecureDisc includes special protection properties, such as data integrity, rebuilding, encryption and duplication protection." If you don't use InCD or your optical drive doesn't support SecureDisc you can disable thisYes
SecurDiscUNBHGui.exeSecurDisc support for the Nero InCD packet writing utility. "SecureDisc includes special protection properties, such as data integrity, rebuilding, encryption and duplication protection." If you don't use InCD or your optical drive doesn't support SecureDisc you can disable thisYes
NBHGuiUNBHGui.exeSecurDisc support for the Nero InCD packet writing utility. "SecureDisc includes special protection properties, such as data integrity, rebuilding, encryption and duplication protection." If you don't use InCD or your optical drive doesn't support SecureDisc you can disable thisYes
Nero BackItUp SchedulerUNBJ.exeScheduler for backup jobs using Nero BackItUp in earlier versions of Nero digital media suites (CD/DVD burning, authoring, etc). If no backup jobs are scheduled this entry will remain but it will not run at start-up. If you have any scheduled backup jobs and try disabling it by a means other than the program's own option (right-click on tray icon → Settings) it will re-instate itself on the next run of Nero BackItUpYes
NBJUNBJ.exeScheduler for backup jobs using Nero BackItUp in earlier versions of Nero digital media suites (CD/DVD burning, authoring, etc). If no backup jobs are scheduled this entry will remain but it will not run at start-up. If you have any scheduled backup jobs and try disabling it by a means other than the program's own option (right-click on tray icon → Settings) it will re-instate itself on the next run of Nero BackItUpYes
NovaBackup * Tray ControlUNbkCtrl.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version numberNo
NbkCtrlUNbkCtrl.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see hereNo
Nero BackItUpUNBKeyScan.exeNero BackItUp versions 2 thru 4 support the "Push for backup" feature that's implemented on some external hard disks - which enables the user to start a predefined backup by pushing a button on the drive. NBKeyScan is used to scan the peripherals for compatible devices and - if such devices have been found - to communicate between Nero BackItUp and the external hard drive. Installed as part of both stand alone products and Nero digital media suites (CD/DVD burning, authoring, etc)Yes
NBKeyScanUNBKeyScan.exeNero BackItUp versions 2 thru 4 support the "Push for backup" feature that's implemented on some external hard disks - which enables the user to start a predefined backup by pushing a button on the drive. NBKeyScan is used to scan the peripherals for compatible devices and - if such devices have been found - to communicate between Nero BackItUp and the external hard drive. Installed as part of both stand alone products and Nero digital media suites (CD/DVD burning, authoring, etc)Yes
NotebookManagerUnbm.exeSystem Tray access on some Acer Notebooks to give faster access to system settingsNo
nbnvkXnbnvk.exeDetected by Malwarebytes as Spyware.Banker.FI. The file is located in %Windir%No
Timer SettingXNboot.exeDetected by McAfee as RDN/Generic.bfr!k and by Malwarebytes as Backdoor.AgentNo
NB ProbeUNBProbe.exeMonitors the status of notebooks from ASUS - including CPU (speed, temperature and fan), disk and system informationNo
nbsessionXnbsystem.exeDetected by Symantec as Backdoor.DTRNo
Netbios HelperXnbthlp.exeDetected by McAfee as PWS-Banker.yNo
msgsmgrXnbtsdump.exeDetected by Dr.Web as Trojan.MulDrop4.30998No
Windows Update 64Xnbupd64.exeDetected by Trend Micro as WORM_WOOTBOT.JBNo
nbustrce1D?nbustrce1D.exeDevice driver, possibly CD/DVD. What exactly is it and is it required in startup?No
WKSJVZXNBysLI.exeDetected by McAfee as RDN/Generic.dx!ctc and by Malwarebytes as Backdoor.Agent.ENo
NetworkControlXnc.exeNetworkControl ransomware firewall - not recommended, removal instructions hereNo
loadXNcbService.exeDetected by Sophos as Troj/MSIL-DQQ and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "NcbService.exe" (which is located in %AppData%\Microsoft\Windows)No
NeroControlCenterNNCC.exeNero ControlCenter provides easy way to check for new updates for your Nero suiteNo
NCClient?NCClient.exeThe file is located in %ProgramFiles%\[folder]No
NCD?NCD.exeNorton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete pathNo
ncdNncd.exeNetwork Connection Dashboard by EdwardJones. The file is located in %ProgramFiles%\EdwardJones\Network Connection DashboardNo
NetCruiser DialerUNCDialer.exeNetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"No
name_meXnCkmr.exeDetected by Dr.Web as Trojan.DownLoader7.19846 and by Malwarebytes as Trojan.DownloaderNo
NCLaunchNNCLAUNCH.ExePart of SWF Studio from Northcode Inc. - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XPNo
Nokia Connection MonitorNNclConf.exeMonitors the infrared port, the serial ports and Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when neededNo
Srv RPCromXNClienti386.exeDetected by Symantec as Trojan.Watsoon.ANo
NclTrayNNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
Nokia Status MonitorNNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
Nokia Tray ApplicationNNclTray.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as "Nokia Connection Manager"Yes
DeewooXncntnkwd.exeZenoSearch adware variantNo
NuTCSetupEnvironYncoeenv.exeUsed by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left aloneNo
NcpBudget?ncpbudgt.exeRelated to VPN client software from WatchGuard, Lancom, NCP, Astaro, D-Link and maybe others. What does it do and is it required?No
NCPluginUpdaterUNCPluginUpdater.exePart of HP Health Check - which "is a utility that is designed to alert you to potential conditions on your hard drive, and can suggest fixes, performance enhancements, and updates on a variety of issues. It also provides you with notifications of current solutions that are targeted to your specific notebook model"No
NcpMonitor?ncpmon.exeRelated to VPN client software from WatchGuard, Lancom, NCP, Astaro, D-Link and maybe others. What does it do and is it required?No
NcpPopup?ncppopup.exeRelated to VPN client software from WatchGuard, Lancom, NCP, Astaro, D-Link and maybe others. What does it do and is it required?No
Ncqziiwcutbfbwsh.exeXNcqziiwcutbfbwsh.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.54764 and by Malwarebytes as Worm.AutoRun.ENo
Ncr3Uncrcore3.exeNetwork camera recording software for home/office security systems using wired or wireless Panasonic cameras that enables you to locally view, record and adjust the settings for the cameras - see hereNo
DCASS SUBLOADXncrvs.exeDetected by Trend Micro as WORM_RBOT.BHINo
*Intelli Mouse Pro Version 2.0B*Xncsjapi32.exeDetected by Sophos as Troj/Buzus-O and by Malwarebytes as Backdoor.BotNo
Intelli Mouse Pro Version 2.0BXncsjapi32.exeDetected by Sophos as Troj/Buzus-O and by Malwarebytes as Backdoor.BotNo
Nvidia Control PanelXncsvc32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
Nvidia Control PanelXncsvc33.exeDetected by Malwarebytes as Trojan.Sdbot. The file is located in %System%No
NCSW ServerYNcsW.exeLockLink access control management software. "LockLink 7.0 lets users seamlessly manage both offline and online access control solutions available from IR Security & Safety"No
securwXNctrup.exeDetected by Symantec as W32.Nopir.ANo
System ManagerXncvs32.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
EBZFBMXNcxyJS.exeDetected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.LMTNo
HKCUXncxz.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
PoliciesXncxz.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%No
HKLMXncxz.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%No
ndbfj.vbeXndbfj.vbeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Norton Disk DoctorNNDD32.EXENorton Disk Doctor from older versions of Norton Utilities (either as a standalone product or as part of Norton SystemWorks) - which "diagnoses and repairs a variety of disk problems. It performs several tests, checking everything from the disk's partition table to its physical surface. If Norton Disk Doctor finds a problem, it notifies you before making repairs. If you check Automatically Fix Errors, Norton Disk Doctor makes the necessary repairs automatically"Yes
Microsoft PCHealth32XNDDENB.exeDetected by Sophos as Troj/PWSYahoo-ANo
yruiucroXnddxsllf.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.RNDNo
NET DEMONXndemon.exeDetected by Sophos as W32/Agobot-LANo
Mirabilis ICQNNDetect.exeIf connected to the internet, automatically runs up ICQ. Convenience more than anythingNo
Windows Service AgentXndibbeu.exeDetected by Kaspersky as Backdoor.Win32.Rbot.xvd and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
NDIS AdapterXndis.exeDetected by Trend Micro as WORM_SDBOT.VFNo
Win32 NDIS DriverXNdistcp.exeDetected by Trend Micro as WORM_WOOTBOT.EUNo
Win32 NDISXNdiswin.exeDetected by Trend Micro as WORM_RBOT.AMGNo
NDL StartXNDL.exeDetected by Malwarebytes as Trojan.Keylogger. The file is located in %CommonAppData%\HGGGXENo
[key name]Xndrives32.exeDetected by Sophos as W32/Rbot-DKNo
Windows Security UpdateXndsass.exeDetected by Total Defense as Win32.Rbot.ESM. The file is located in %System%No
NDSTrayUNDSTray.exeSystem Tray access to and notifications for the Toshiba ConfigFree connection manager on their range of laptops which permits switching network devices and settings with a click on a tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must haveNo
NDSTray.exeUNDSTray.exeSystem Tray access to and notifications for the Toshiba ConfigFree connection manager on their range of laptops which permits switching network devices and settings with a click on a tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must haveNo
Microsoft Windows UpdateXndsuhyz.exeDetected by Sophos as W32/Rbot-GVG and by Malwarebytes as Trojan.MWF.GenNo
Compaq Services DriversXndt32.exeDetected by Trend Micro as WORM_RBOT.CQZNo
NdtstatXNdtstat.exeAdded by a variant of the BANLOAD family of TROJANS!No
NDW StartXNDW.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.STRGenNo
(Default)Xne.exeDetected by Sophos as Troj/IRCBot-ZL. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
ServskXNEAD.VBSDetected by McAfee as W32/Autorun.bfr and by Malwarebytes as Worm.AutoRunNo
nodeXneas.exeDetected by Dr.Web as Trojan.Siggen5.40281 and by Malwarebytes as Backdoor.Agent.ENo
WINDOWS SYSTEMXnec.exeDetected by Sophos as W32/Mytob-L and by Malwarebytes as Backdoor.AgentNo
NecbarNNecbar.exeNec Assistant; Ark's Navigator, a graphical interface for NEC computersNo
NECMFKYnecmfk.exeNEC wireless keyboard driverNo
necomp.binXnecomp.bin.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData%\uTorrentNo
necsys32.exeXnecsys32.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
NecutrayUNecutray.exeDriver for external USB storage devices (hard drives, flsh disks, etc)No
nedpro0xzXnedpro0xz.exeDetected by McAfee as W32/Hamweq.worm.av and by Malwarebytes as Trojan.DownloaderNo
NetFrameworkXNEFramework.scrDetected by Dr.Web as Trojan.Siggen4.36114 and by Malwarebytes as Backdoor.Agent.NFNo
SystemUpdateXNegdo.exeDetected by Sophos as W32/Culler-C and by Malwarebytes as Backdoor.BifroseNo
nekelzywabegXnekelzywabeg.exeDetected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Trojan.Agent.USNo
RUN32DLL LIBRARYXNeLL.exeDetected by McAfee as Generic.tfr and by Malwarebytes as Backdoor.MessaNo
FobberXnemre.exeDetected by Malwarebytes as Trojan.Tinba. The file is located in %AppData%\FobberNo
nemu.exeXnemu.exeDetected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
MOJNPluginSrIvcsXneomonap23.exeDetected by Trend Micro as WORM_SPYBOT.MJNo
neoprotectXneoprotect.exeNeoProtect rogue security software - not recommended, removal instructions hereNo
neosXneos.exeDetected by Sophos as Troj/BdoorB-FamNo
neoDVDplus5NneoTasks.exeneoDVDplus video editing and DVD authoring utility from MedioStream. Superseded by neoDVDNo
neoTasksNneoTasks.exeneoDVDplus video editing and DVD authoring utility from MedioStream. Superseded by neoDVDNo
nepdro0xzXnepdro0xz.exeDetected by Sophos as Troj/Agent-ABXE and by Malwarebytes as Worm.AutoRun.GenNo
Nepsa0m1PXNepsa0m1P.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
Nero ServiceXnero.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %AppData%\Microsoft\Windows\UpdateNo
WinXPServiceXnero.exeDetected by Sophos as W32/IRCBot-AKV and by Malwarebytes as Backdoor.Bot. Note - this is not the Nero CD/DVD burning software by Ahead Software which is normally located in %ProgramFiles%\Ahead\Nero. This file is located in %System%No
loadXNero.exeDetected by McAfee as RDN/Generic BackDoor. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Nero.exe" (which is located in %Temp%)No
Java (TM) Update CheckersXNero.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.JVNo
editsunjavaXnerO3.exeDetected by McAfee as BackDoor-CEP.gen.aj and by Malwarebytes as Backdoor.AgentNo
Nero 7Xnero32.exeDetected by McAfee as RDN/Generic Dropper!d and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not a valid Nero processNo
Nero 9Xnero99.exeDetected by McAfee as RDN/Generic BackDoor!vv and by Malwarebytes as Backdoor.Agent.DCENo
ShellXnero99.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor!vv and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "nero99.exe" (which is located in %AppData%\Microsoft)No
NeroAutoStartClientXNeroASM.exeDetected by Trend Micro as WORM_AGOBOT.VGNo
Nero AG NeroCheckNNeroCheck.exeIncluded with some Nero digital media suites (CD/DVD burning, authoring, etc). Looks for known driver conflicts with Nero software and lists these in a log file to help the user determine what may be causing a problem. This is therefore not required if the Nero software is working correctlyYes
Nero CheckerXnerocheck.exeDetected by Sophos as Troj/Proxy-X. Note - this is not the legitimate file of the same name from the Nero CD/DVD burning software which is usually located in %System%. This one is located in %Windir%No
NeroCheckNNeroCheck.exeIncluded with some Nero digital media suites (CD/DVD burning, authoring, etc). Looks for known driver conflicts with Nero software and lists these in a log file to help the user determine what may be causing a problem. This is therefore not required if the Nero software is working correctlyYes
NeroFilterCheckNNeroCheck.exeIncluded with some Nero digital media suites (CD/DVD burning, authoring, etc). Looks for known driver conflicts with Nero software and lists these in a log file to help the user determine what may be causing a problem. This is therefore not required if the Nero software is working correctlyYes
Ahead Software Gmbh NeroCheckNNeroCheck.exeIncluded with some Nero digital media suites (CD/DVD burning, authoring, etc). Looks for known driver conflicts with Nero software and lists these in a log file to help the user determine what may be causing a problem. This is therefore not required if the Nero software is working correctlyYes
NeroFiltersXNeroChecks.exeDetected by Dr.Web as Trojan.Inject1.44842 and by Malwarebytes as Trojan.Agent.RNSNo
NEROEXNeroExpress.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.Agent.NRNo
NeroFilXNeroFil.EXEDetected by Total Defense as Win32.Rbot.EAM. The file is located in %System%No
NeroCheckXNeroFilter.EXEDetected by Trend Micro as WORM_RBOT.CUANo
NeroLoaderXNeroLoader.exeDetected by Sophos as Troj/Bancban-EJNo
Nero MediaHomeUNeroMediaHome.exeOlder version of Nero MediaHome, which is a UPnP AV (Audio/Video) Media Server. This allows your computer to link up you other home entertainment electronic devices (ie, televisions, stereos) to create a unified media centre, sharing media files such as MP3's and videosYes
Nero MediaHome 4UNeroMediaHome.exeOlder version of Nero MediaHome, which is a UPnP AV (Audio/Video) Media Server. This allows your computer to link up you other home entertainment electronic devices (ie, televisions, stereos) to create a unified media centre, sharing media files such as MP3's and videosYes
NeroMediaHomeUNeroMediaHome.exeOlder version of Nero MediaHome, which is a UPnP AV (Audio/Video) Media Server. This allows your computer to link up you other home entertainment electronic devices (ie, televisions, stereos) to create a unified media centre, sharing media files such as MP3's and videosYes
NeroMediaHomeXNeroUpgrade.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
SERV PacK2Xnerx.exeDetected by Sophos as W32/Sdbot-ACPNo
HKCUXnesamone.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXnesamone.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXnesamone.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
nEScUi.exeXnEScUi.exeDetected by McAfee as Generic.dx!zvr and by Malwarebytes as Backdoor.Messa. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MSDNXnese.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Microsoft Neser ExperienceXnese.exeDetected by Sophos as W32/Rbot-YHNo
PoliciesXNET Framework.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PGenNo
AvgntXNET Framework.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
AvirntXNET Framework.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
CORESYSTEMXNET Framwork.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
Net**.exe [* = random char]XNet**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Net**32.exe [* = random char]XNet**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
system32XNeT-BoT.exeDetected by Sophos as W32/Agobot-LJ and by Malwarebytes as Trojan.AgentNo
Microsoft_NSXnet.dllDetected by Dr.Web as Trojan.Siggen3.37225 and by Malwarebytes as Backdoor.AgentNo
WindowsXNet.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\MicrosoftNo
winupdaterXnet.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\System (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\System (XP)No
HKCUXnet.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.rcz and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\NetMeetingNo
HKCUXnet.exeDetected by Trend Micro as WORM_AUTORUN.ZBC and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\NetNo
PoliciesXnet.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.rcz and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\NetMeetingNo
PoliciesXnet.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
PoliciesXnet.exeDetected by McAfee as RDN/Generic.grp!f and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\SYSTEM2No
PoliciesXnet.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.PGenNo
PoliciesXnet.exeDetected by Trend Micro as WORM_AUTORUN.ZBC and by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\NetNo
Audio2Xnet.exeDetected by McAfee as RDN/Generic.grp!f and by Malwarebytes as Trojan.BublikNo
AUDIO2Xnet.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
HKLMXnet.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.rcz and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\NetMeetingNo
HKLMXnet.exeDetected by Trend Micro as WORM_AUTORUN.ZBC and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\NetNo
netXnet.netDetected by Sophos as Troj/Mdrop-CIF and by Malwarebytes as Trojan.AgentNo
N2PTrayUNet2fone.exeAn Internet telephony application. Needed only if you have an account at Net2Phone, IncNo
net32Xnet32.exeDetected by Dr.Web as Trojan.Siggen4.26128No
Net4SwitchUNet4Switch.exeASUS Net4Switch utility as provided on their range of notebooks - which "helps users to quickly configure the notebook PC's network settings and easily switch between different network environments. A wizard guides users to create and edit configuration settings as well as diagnose problems in the settings for timely connection"No
netLoaderXnet64.exeDetected by McAfee as RDN/Generic.dx!a and by Malwarebytes as Trojan.Agent.GenNo
Microsoft Update 32Xneta.exeDetected by Sophos as W32/Rbot-AMI and by Malwarebytes as Backdoor.BotNo
NetAcceleratorUNetAccel.exeNetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performanceNo
Net AcceleratorUNetAccelerator.exeRizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performanceNo
NetAdapter WatcherXNetAdapterWatcher.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\NetAdapterNo
NetAdm7XNETADM7.EXEDetected by Symantec as Infostealer.Bancos.FNo
InetapiXNetapi.exeDetected by Trend Micro as BKDR_NETDEVIL.14No
NetapiXNetapi.exeDetected by Trend Micro as BKDR_NETDEVIL.14No
Microsoft System CheckupXnetapi32.exeDetected by Sophos as W32/Donk-E and by Malwarebytes as Backdoor.Agent.MSUGenNo
netapi32Xnetapi32.exeAdded by unidentified malware. The file is located in %System%No
NetAppelNNetAppel.exeNetAppel - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
NetbeansXnetbeans.exeDetected by Sophos as W32/Delbot-RNo
netbiosdXnetbiosd.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
NetBioy ClientXnetbioy.exeDetected by Microsoft as Worm:Win32/Slenfbot.VZNo
netbootXnetboot.exeDetected by Dr.Web as Trojan.Click1.7112 and by Malwarebytes as Trojan.Agent.GenNo
00notify33?NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
NetBrowser?NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
NetBrowser.exe?NetBrowser.exePart of Best Network Security, 1st Network Admin and Corporate Network Security (and maybe others) - network-based password-protected security software that lets you impose access restrictions to all your PC workstations you have in your corporate network to stop users from tampering with them. The exact purpose of this startup entry is unknown at presentYes
bobyXnetburn.scrDetected by Sophos as Troj/Bancban-OX and by Malwarebytes as Trojan.BankerNo
netcfgXnetcfg.EXEDetected by McAfee as RDN/Generic.dx!cpgNo
netcfg.exeXnetcfg.exeDetected by Malwarebytes as Worm.Agent.AutoIt. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Paradyne ADSL Network Driver V2.3Xnetcfgx32.exeDetected by Sophos as Troj/Delf-EYSNo
netCFxXnetCFx.exeDetected by Dr.Web as Trojan.DownLoader8.50146 and by Malwarebytes as Trojan.Agent.NCNo
Netline UserNnetchk.exeNetline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for exampleNo
NetClickXNetClick.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%\Alcine\AlcineNo
Windows NetworksXnetcog.exeDetected by Trend Micro as WORM_MYTOB.FHNo
netconfigXnetconfig.exeDetected by Total Defense as "Netware Trojan v1.0". The file is located in %System%No
Networks ConfiguratorXNetConfs.exeDetected by Sophos as W32/Rbot-OXNo
MS_NETD_WIN32Xnetd32.exeDetected by Symantec as W32.Randex.FNo
Microsoft Network Daemon for Win32Xnetd32.exeDetected by Symantec as Backdoor.Sdbot.RNo
MicrosoftNetwork Daemon for Win32XNETD32.EXEDetected by Symantec as W32.Randex.FNo
load32Xnetda.exeDetected by Symantec as Backdoor.Nibu.ENo
netdaemonXnetdaemon /vMalware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)No
xload32Xnetdd.exeDetected by Total Defense as "NetSpy (DK32)". The file is located in %System%No
netddeXnetdde.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Microsoft\Windows\dllcacheNo
IusageNnetdet.exeInternet Usage Monitor by Gaurav Creations - utility to calculate the cost and time on the internet via dial-upNo
NetWork Device SwitchUNetDevSW.exeToshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessaryNo
DILLXNetdill.exe.lnkDetected by McAfee as PWSZbot-FER!B618C33DA0D4 and by Malwarebytes as Backdoor.Agent.DLNo
4684735485910Xnetdll32.exeDetected by Sophos as W32/Sdbot-DEVNo
Netdll32Xnetdll32.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
NetdllexXnetdllex.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Windows UpdateXnetdrive.exeDetected by Malwarebytes as Ransom.Stampado.Generic. The file is located in %AppData%No
netepi32Xnetepi32.exeDetected by Trend Micro as WORM_SDBOT.AAVNo
netfilt4Xnetfilt4.exeDetected by Trend Micro as TROJ_PROXY.FXNo
MSDRVXNetFilter.exeAdded by the INTERRUPDATE TROJAN!No
netfix.exeXnetfix.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXNetflixCracker.exeDetected by Malwarebytes as Backdoor.Agent.BDB. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "NetflixCracker.exe" (which is located in %AppData%\NetflixCracker)No
NETFP32.EXEXNETFP32.EXEAdded by the AGENT.CD TROJAN!No
ShellXnetframe.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor!yd and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "netframe.exe" (which is located in %AppData%\netframes)No
drivers.descXNetframework.exeDetected by McAfee as Ransom and by Malwarebytes as Backdoor.Agent.IMNNo
NetFrameworkXNetFramework.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
NetFramework UpdaterXNetframework.exeDetected by Dr.Web as Trojan.DownLoader4.61830 and by Malwarebytes as Trojan.DownloaderNo
ShellXNetFramework.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor!zk and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NetFramework.exe" (which is located in %AppData%\NetFramework)No
ShellXNetframeworks.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Netframeworks.exe" (which is located in %AppData%\NetframeF)No
Net FrameworkXNetFrameworkUpdate.exeDetected by McAfee as Generic.dx!zkg and by Malwarebytes as Trojan.ScriptNo
netfxupdateYnetfxupdate.exeUpdater associated with Microsoft .Net framework - see hereNo
NetFxUpdate_v[version]Ynetfxupdate.exeUpdater associated with Microsoft .Net framework - see hereNo
NETGEARGenieNNETGEARGenie.exeNETGEARGenie network management utilityNo
NetGuardUNetGuard.exeFBM Software ZeroSpyware 2004 spyware detector and remover - real time monitorNo
Windows System ConfigurationXnether.exeDetected by Sophos as W32/Opanki-ABNo
HELPERXNetherlands.exeAsdPlug premium rate adult content dialer variantNo
ASDPLUGINXnetherlands.exeAsdPlug premium rate adult content dialerNo
NethostsXNethosts#.exeDetected by Malwarebytes as Backdoor.Agent.Gen - where ~ represents a number and the file is located in %AppData%No
hdlpscomXnetilxgn.exeDetected by Sophos as W32/Rbot-FXDNo
Microsoft WinUpdateXnetip.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
SystemMap32XNetisp32.vbsDetected by Symantec as W32.HLLW.Redist.C@mmNo
NetworkKeyXnetkey.exeDetected by Sophos as Troj/IRCBot-AJNo
Net Functions LibraryXNetlib.exeDetected by Trend Micro as WORM_AGOBOT.AGYNo
NetlibXNetlib.exeAdded by a variant of the TOXBOT WORM!No
NetlimiterUNetlimiter.exeNetlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC"No
netlimiter.vbsXnetlimiter.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NetLinkXnetlink32.exeDetected by Symantec as W32.Gaobot.WONo
policiesXnetlog.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\MicrosoftNo
HKLMCXnetlog.exeDetected by Malwarebytes as Backdoor.Agent.RGen. The file is located in %AppData%\MicrosoftNo
net432Xnetlog.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.ENo
loadXnetlog.exeDetected by McAfee as RDN/Generic.bfr!hx and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "netlog.exe" (which is located in %AppData%\net) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKCDCXnetlog.exeDetected by Malwarebytes as Backdoor.Agent.RGen. The file is located in %AppData%\MicrosoftNo
Microsoft System CheckupXnetlogin32.exeDetected by Sophos as Troj/Sdbot-GN and by Malwarebytes as Backdoor.Agent.MSUGenNo
Netlog Music ToolUNetlogMusicTool.exeMusic tool for Netlog - "an online platform where users can keep in touch with and extend their social network." Automatically publishes your playlist on your profile, allowing your friends to see what your listening too and you to search for others listening to the same music. No longer appears to be available to downloadNo
vtmesysXnetlprto.exeDetected by Sophos as W32/Rbot-GNANo
Netman_Server.exeXNetman_Server.exeDetected by McAfee as RDN/Generic.bfr!cp and by Malwarebytes as Backdoor.AgentNo
{29123221-3AF8-488c-85DE-6B3EC59E8074}Xnetmedia.exeNetMedia adwareNo
Microsoft NetMeeting Associates, Inc.XNetMeeting.exeDetected by Symantec as W32.Lovgate.AB@mmNo
C:\Program Files\NetMeter\NetMeter.exeUNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
NetMeterUNetMeter.exe"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"No
netmgrXnetmgr.exeDetected by Symantec as Trojan.Evilbunny and by Malwarebytes as Backdoor.AgentNo
NetMonXnetmon.exeDetected by Malwarebytes as Trojan.NetMon. The file is located in %AppData%\NetMonNo
NetMonXnetmon.exeDetected by Symantec as W32.Mimail.M@mm. The file is located in %Windir%No
NETMONWXNETMONW.EXEDetected by Sophos as Troj/Bdoor-FXNo
netmsgUnetmsg.exeNet_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as wellNo
OpenHardwareMonitorXnetnvm32.exeDetected by Malwarebytes as Trojan.FakeMS. The file is located in %System%No
Network ODBCXNetODBC.exeDetected by Symantec as W32.SnabanNo
netpc32.exeXnetpc32.exeMalware, probably a CoolWebSearch parasite variantNo
NetPerSecNNetPerSec.exeNetPerSec - measures the real-time speed of your Internet connectionNo
NliaClientUNetpia.exeNetpia NLIA System - "In the existing Internet address system, the Domain Name System (DNS) layer runs on the IP address layer. In the NLIA system, however, the upper layer is implemented on DNS"No
Subsystem MonitorXNetPrint.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\Network PrinterNo
Network List ServiceXnetprofm.exeDetected by McAfee as RDN/Generic BackDoor!yi and by Malwarebytes as Backdoor.Agent.DCE. Note - do not confuse with the legitimate Network List Service (netprofm) service which loads the file "netprofm.dll" via svchost.exe. This one is located in %AppData%\Microsoft\WindowsNo
NetProjXNetProj.exeDetected by Malwarebytes as Backdoor.Bot. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\Microsoft\Windows\dllcacheNo
loadXnetprotocol.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "netprotocol.exe" (which is located in %AppData%\Microsoft\Windows\ScreenToGif)No
NetprotocolXnetprotocol.exeDetected by Kaspersky as Trojan.Win32.Jorik.Buterat.dp and by Malwarebytes as Spyware.Agent. The file is located in %AppData% and %System%No
DominoLoaderXnetpubloader.exeDetected by Malwarebytes as Adware.Eszjuxuan.ClnShrt. The file is located in %AppData%\EasyNote\#######_####### - where # represents a digitNo
NetPumperXNetPumperIEProxy.exeNetPumper download manager - bundles Cydoor and SaveNow adware, see hereNo
PremeterUNetratings.exeNetRatings Premeter spywareNo
Help Temp FilesXnetreg.exeDetected by Sophos as W32/Forbot-EMNo
Netropa Internet ReceiverXNetropa.exeNetropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spywareNo
NetRunUNetRun.exeNetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lostNo
Secured NetUnetsafe.exeDetected by Malwarebytes as PUP.Optional.Privoxy. The file is located in %Windir%\[ComputerName]_020716. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Microsoft Synchronization ManagerXnetscape.exeDetected by Trend Micro as WORM_SDBOT.RJNo
Mozilla Quick LaunchNNETSCP.EXEQuick launch for the old Netscape browser - based upon Mozilla FirefoxNo
Mozilla Quick LaunchNNetscp6.exeQuick launch for the old Netscape 6 internet suite - based upon the Mozilla Application SuiteNo
Netscp6NNetscp6.exeQuick launch for the old Netscape 6 internet suite - based upon the Mozilla Application SuiteNo
NetSecureXNetSecure.exeDetected by Dr.Web as Trojan.PWS.Siggen.39757. Note - this entry loads from the HKCU\Run key and the file is located in %AllUsersStartup%No
NetSecure.exeXNetSecure.exeDetected by Dr.Web as Trojan.PWS.Siggen.39757. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Secured NetUnetsecure.exeDetected by Malwarebytes as PUP.Optional.Privoxy. The file is located in %Windir%\SecuredNet. If bundled with another installer or not installed by choice then remove itNo
Messenger ProtocolXnetsender.exeDetected by Sophos as W32/Sdbot-ACCNo
SystemNetworkXNETSERV.EXEAdded by the NETCONTROL VIRUS!No
NetServiceXNetService.exeDetected by Sophos as W32/Silly-FNo
ctfmonXnetservice.exeDetected by Trend Micro as BKDR_HUPIGON.EVG. The file is located in %CommonFavorites%No
Microsoft Synchronization ManagerXnetservice.exeDetected by Trend Micro as WORM_SDBOT.AKMNo
NetServIE.exeXNetServIE.exeDetected by Malwarebytes as Trojan.Banker.BRK. The file is located in %AppData%\20032015 - see hereNo
Akamai NetSession InterfaceUnetsession_win.exeAkamai download manager as used by companies such as Adobe and Corel to download and install their online products. Required for the download to start and complete but once finished it can be disabled and re-instated at a later date if neededNo
PoliciesXnetsession_winx86.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\winx86No
BsqxXnetsfigx.exeDetected by Sophos as W32/Autorun-BDLNo
LisaXnetsfigx.exeDetected by Sophos as W32/Autorun-BDLNo
Networks ControlerXNetsis.exeDetected by Sophos as W32/Rbot-NGNo
MicrosoftXnetsrv.exeDetected by Sophos as W32/Rbot-GOS and by Malwarebytes as Trojan.Agent.MSGenNo
NET protection systemXnetst.exeDetected by ThreatTrack Security as Backdoor.Rizo.A. The file is located in %System%\ComNo
nstatXnetstat.exeAdult content dialerNo
Win32.Trojan.DownloaderXnetstat2.exeDetected as the Painter trojan. The file is located in %System%No
NvCplScanXnetstat32.exeDetected by Trend Micro as WORM_SDBOT.BRLNo
MSNXnetstats.exeAdded by a variant of W32.IRCBot. The file is located in %Windir%No
Mozilla Firebird v0.8 Internet BrowserXnetstats.exeDetected by Trend Micro as BKDR_IRCBOT.MCNo
IPv6 STUN ServiceXnetstun.exeAdded by a variant of the SDBOT BACKDOOR!No
Optimum OnlineXNetsurf.exeOptimumOnline ISP software related spyware - displays advertising popups and collects information about user activityNo
netsv32Xnetsv32.exeDetected by Sophos as W32/Sdbot-PX and by Malwarebytes as Trojan.AgentNo
Network ServicesXnetsvacs.exeDetected by Symantec as W32.Gaobot.AISNo
Spooler SubSystem ApplicationXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
netsvc.exeXnetsvc.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows .Net ManagerXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Windows Local ServicesXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Windows Web ServicesXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Network Service ManagerXnetsvc.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Google Web ServicesXnetsvc.exeDetected by McAfee as Generic.bfr!cj and by Malwarebytes as Worm.AgentNo
Network ServicesXnetsvc.exeDetected by Trend Micro as WORM_AGOBOT.MLNo
Tcp Application ManagerXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Internet ServicesXNetsvc.exeDetected by Symantec as W32.Mytob.MN@mmNo
Run Services as ApplicationXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Services AdministratorXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Windows Service ManagerXnetsvc.exeDetected by Sophos as Troj/Dloader-NYNo
Video ProcessXnetsvcs.exeDetected by Trend Micro as WORM_AGOBOT.LHNo
Google Web ServicesXnetsvcss.exeDetected by Dr.Web as Trojan.DownLoader2.17374 and by Malwarebytes as Worm.AgentNo
winsock2Xnetsvr.exeDetected by Trend Micro as WORM_AGOBOT.LYNo
NetSwitcher Tray ApplicationUNetSwTray.exe"NetSwitcher is a great tool for mobile computer users. If you've ever had to change your network settings every time you sit down at a client's site or fumble with your IP address configuration every time you plug into your home network, NetSwitcher is the tool for you"No
NetSwitcher Tray ApplicationUNETSWT~1.EXE"NetSwitcher is a great tool for mobile computer users. If you've ever had to change your network settings every time you sit down at a client's site or fumble with your IP address configuration every time you plug into your home network, NetSwitcher is the tool for you"No
RSyncXnetsync.exeDetected by Symantec as Spyware.SafeSurfingNo
Windows Netsystem LayerXNetsystem.exeDetected by Trend Micro as WORM_RBOT.BEINo
Standard Dynamic Printing Port MonitorXNetTcpPortSharing.exeDetected by McAfee as RDN/Generic BackDoor!tt and by Malwarebytes as Backdoor.Messa.ENo
NettGain2000 VerifierYNettGain2000 Verifier.exePart of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or soNo
NetTimeUNETTIME.EXEFrom a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."No
NetTurboUnetturbo.exeNetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabledNo
netupdate32Xnetupdate32.exeDetected by Sophos as W32/Rbot-GQZNo
ChckupXNetverchk.exeCovert Sys Exec malware variantNo
Microsoft Internel CorporatXnetvhost.exeAdded by a variant of W32.IRCBot. Note - there may also be a space at the end of the "Startup Item" fieldNo
ShellRunXnetview.exeDetected by Dr.Web as Trojan.MulDrop3.18306 and by Malwarebytes as Trojan.AgentNo
netviewXnetview.exeAdded by the BIFROSE.L BACKDOOR!No
FASTTRACKNETVISIONXNETVISION.exeDialCar-Z premium rate dialerNo
SecurityCenterXnetw.exeDetected by Symantec as Infostealer.Zanjif and by Malwarebytes as Trojan.Banker.IMNo
ModemOnHoldUnetWaiting.exeNetWaiting/Modem-on-Hold - allows you to place your Internet connection on hold while you take a voice call (if Call Waiting is supported by your phone company)No
NetWatch32Xnetwatch.exeDetected by Symantec as W32.Mimail.C@mmNo
netwin.exeXnetwin.exeDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NetworkXnetwin.exeDetected by Sophos as W32/SillyFDC-CGNo
microsofts#Xnetwire#.exeDetected by Malwarebytes as Backdoor.NetWiredRC.E - where # represents a digit. The file is located in %AppData%\InstallNo
Win Net Wks32Xnetwks32.exeDetected by Trend Micro as WORM_RBOT.AANo
INTERNEXNetwor.exeDetected by McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Backdoor.Agent.ENo
INTARNETXNetwor.exeDetected by McAfee as RDN/Generic.bfr!ez and by Malwarebytes as Backdoor.Agent.ENo
networkXnetworkDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
network.exeXnetworkDetected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.ENo
Network controllerXNetwork controller.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%No
Network*XNetwork*.scrDetected by Malwarebytes as Backdoor.IRCBot.E - where * represents anything. The file is located in %System% - see an example hereNo
Microsoft Update 32Xnetwork.exeDetected by Sophos as Troj/Agent-ARZ and by Malwarebytes as Backdoor.BotNo
05fa7371bb8fb01c16be8325aef482b2Xnetwork.exeDetected by Dr.Web as Trojan.DownLoader8.32564 and by Malwarebytes as Trojan.MSIL.GenXNo
NETWORK.EXEXNETWORK.EXEDetected by Sophos as Troj/Delf-GMNo
Network3Xnetwork.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Windir%\security3\logsNo
newfolderXnetwork.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%No
Network.exe.lnkXNetwork.exe.lnkDetected by Malwarebytes as Trojan.PasswordStealer. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXNetwork.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Network.exe.lnk" (which is located in %UserTemp%\Network Security)No
NetworkClientXNetworkClient.exeDetected by Symantec as W32.HLLW.LemurNo
ShellXnetworkdrive.exe,explorer.exeDetected by McAfee as RDN/Generic.bfg!c and by Malwarebytes as Backdoor.Agent.DCE. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "networkdrive.exe" (which is located in %AppData%\networkdrive)No
Windows ServicesXNetworkDriver32.exeDetected by Sophos as W32/Rbot-ACR and by Malwarebytes as Backdoor.Agent.GenNo
Windows ServicesXNetworkDrivers.exeDetected by Sophos as W32/Sdbot-YO and by Malwarebytes as Backdoor.Agent.GenNo
networkdrv32Xnetworkdrv32.exeDetected by Dr.Web as Trojan.DownLoader11.29396 and by Malwarebytes as Trojan.Agent.NWNo
IP NetworkXnetworker.exeDetected by McAfee as RDN/Generic.bfr!fd and by Malwarebytes as Adware.InstallPediaNo
Common ServiceXNetworkFirewall.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Microsoft Network NeighbourhoodXnetworknbh.exeDetected by Trend Micro as WORM_RBOT.DMNNo
Microsoft xpsp2XNetworksystem.exeAdded by a variant of W32/Sdbot.wormNo
Microsoft NetworkXNetworksystem.exeDetected by Sophos as W32/Sdbot-AAINo
NetworkWidgetXNetworkWidget.exeDetected by Malwarebytes as Adware.K.EBizNetwork. The file is located in %CommonAppData%\NetworkWidget - see hereNo
NetWorxNnetworx.exeNetWorx from SoftPerfect Research - "is a simple and free, yet powerful tool that helps you objectively evaluate your bandwidth situation. You can use it to collect bandwidth usage data and measure the speed of your Internet or any other network connection"No
Network Sharing CenterXnetwrkcnt .exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Temp%No
XpnetXNetXp.exeDetected by Sophos as Troj/Bancban-ATNo
WinSigXNetXP.exeDetected by Sophos as Troj/Banker-FNNo
net[8 hex numbers]security.cplXnet[8 hex numbers]security.cplDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Net_youtube_brasil.exeXNet_youtube_brasil.exeDetected by Dr.Web as Trojan.Siggen6.3510 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
Windows Media UpgradeXNeUpgrade.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
NeuroMedia(IESpeaker)NNeuroMedia.exePart of the now discontinued OESpeaker by NeuroSpeech - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently availableNo
QffqqftXnevat.exeDetected by Trend Micro as TROJ_DROPPER.CRNo
New FolderXNew Folder.exeDetected by McAfee as Generic PWS.y!dkn and by Malwarebytes as Trojan.AgentNo
VitXNew Folder.scrDetected by Dr.Web as Trojan.MulDrop4.55547 and by Malwarebytes as Trojan.Agent.ENo
allow updateXNew order list 11-5-13.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
new updater windows.exeXnew updater windows.exeDetected by Dr.Web as Trojan.DownLoader10.58838 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
windowsXnew.exeDetected by Malwarebytes as Backdoor.Agent.WNDGen. The file is located in %AppData%No
HKCUXnew.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.GenNo
HKCUXnew.exeDetected by McAfee as RDN/Generic.bfr!ch and by Malwarebytes as Backdoor.HMCPol.GenNo
ctmon2Xnew.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.BankerNo
msnmsrXnew.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.BankerNo
vbc.exeXNew.exeDetected by McAfee as Generic.dx!bh3v and by Malwarebytes as Backdoor.Messa.GenNo
SidebrXnew.exeDetected by McAfee as PWS-Banker and by Malwarebytes as Trojan.BankerNo
HKLMXnew.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXnew.exeDetected by McAfee as RDN/Generic.bfr!ch and by Malwarebytes as Backdoor.HMCPol.GenNo
ExplorerUpdateXnew.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
New2CleanXNew2CleanLaunch.exeNew2Clean rogue security software - not recommended, removal instructions hereNo
[various names]Xnew32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Onet.pl AutoUpdate?NewAutoUpdate.exeRelated to the Onet.pl Polish web portalNo
Ci ServsXnewbin.exeDetected by Sophos as Troj/Rimecud-BC and by Malwarebytes as Trojan.AgentNo
[various names]Xnewbreed.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
newcontr8nd7Xnewcont8rnd7.exeDetected by McAfee as W32/Pinkslipbot.gen.be and by Malwarebytes as Trojan.MPGenNo
oaiyhlyvXnewdevi.exeDetected by Sophos as Troj/Agent-QTMNo
Microsoft Windows DLL Services ConfigurationXnewdll.exeDetected by Sophos as W32/Sdbot-ZR and by Malwarebytes as Trojan.MWF.GenNo
Microsoft Windows DLL Services ConfigurationXnewdll2.exeDetected by Sophos as W32/Sdbot-ABD and by Malwarebytes as Trojan.MWF.GenNo
newdotnet.exeXnewdotnet.exeDetected by McAfee as Generic VBNo
Google UpdateXnewegg.exeDetected by McAfee as PWS-Zbot.gen.ko and by Malwarebytes as Trojan.AgentNo
Newer.cplXNewer.cplDetected by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
newfolder.exeXnewfolder.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
newframework.exeXnewframework.exeDetected by McAfee as Generic VBNo
NewFrnX[path to newfrn.exe]Detected by Total Defense as Win32.Actux.A. The file is located in %System%No
newlockUnewlock.exePart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the "00saskda" or "zzsecagent"Yes
newlock.exeUnewlock.exePart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. For more details please see the "00saskda" or "zzsecagent" entriesYes
zzsecagentUnewlock.exe login shutdownPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. This entry is enabled if you select to start the Screen Lock feature when booting via Restrictions → Common Restrictions → Boot → Always Check Password on BootYes
00saskda?newlock.exe saskdaPart of Access Manager, 1st Security Agent, Security Administrator and PC Security Tweaker (and maybe others) - which let you control which users are allowed to access your PC and the level of access each user may have. You can choose to tweak access to lots of Control Panel applet functions, including Display, Network, Passwords, Printers, System, Add/Remove Programs, etc. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Screen Lock" featureYes
DivXCodecXNEWMAIL.exeDetected by Sophos as Troj/Delf-RQNo
SystemSv12Xnewmaxxsv234.exeDetected by Sophos as Troj/Tibs-TSNo
AutoStart PC StudioNNewPCStudio.exeSAMSUNG New PC Studio - "is the application to organize the contents between Samsung mobile and PC. NPS provides you with convenient access to your device, data management via easy backup and sync, and powerful multimedia features". This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
New PC StudioNNewPCStudio.exeSAMSUNG New PC Studio - "is the application to organize the contents between Samsung mobile and PC. NPS provides you with convenient access to your device, data management via easy backup and sync, and powerful multimedia features". This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
NewPCStudioNNewPCStudio.exeSAMSUNG New PC Studio - "is the application to organize the contents between Samsung mobile and PC. NPS provides you with convenient access to your device, data management via easy backup and sync, and powerful multimedia features". This allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Available from the start menuYes
popuppersXnewpop63.exeMedload adwareNo
newprotectXnewprotect_up.exeNewProtect rogue security software - not recommended, removal instructions hereNo
Adobe ReaderXNewru.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.AgentNo
NewsUNews.exeDetected by Malwarebytes as PUP.Optional.News. The file is located in %AppData%\News. If bundled with another installer or not installed by choice then remove itNo
News UpdateXNews.scrDetected by McAfee as RDN/Generic BackDoor!sk and by Malwarebytes as Backdoor.Agent.DCENo
SA-MPXnews0beit.exe.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.SANo
News AlertNNEWSALRT.EXEMSNBC News system tray utility to alert you to new newsNo
newsfeed12Xnewsd.exeDetected by Trend Micro as TROJ_AGENT.MXNo
supernews12Xnewsd32.exeAdware, also detected as the DLOADER-JN TROJAN!No
MySoftware NewsFlashNNewsflsh.exeRuns in your task bar and receives alerts and release information on MySoftware products from AvenquestNo
Newsgroup lptt01Xnewsgroup.exeRapidBlaster variant (in a "newsgroup" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Newsgroup ml097eXnewsgroup.exeRapidBlaster variant (in a "newsgroup" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
FixPCOptimizer.exeUNewShortcut1_[32 hex characters].exeFixPCOptimizer - "Clean & Boost your Computer to its Best Performance." Detected by Malwarebytes as PUP.Optional.AllPCOptimizer. Note - this entry loads from the Windows Startup folder and the file is located in %Windir%\Installer\{GUID}. If bundled with another installer or not installed by choice then remove itNo
AllPCOptimizer.exeUNewShortcut2_[32 hex characters].exeAllPCOptimizer - "Clean & Boost your Computer to its Best Performance." Detected by Malwarebytes as PUP.Optional.AllPCOptimizer. Note - this entry loads from the Windows Startup folder and the file is located in %Windir%\Installer\{GUID}. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
InstallProviderXnewsoftware2007install.exePart of WinAntiVirus Pro 2007 and PrivacyProtector rogue security software (and possibly others) - not recommended. The file is located in %Desktop%\GAMESNo
NewsUpdNNewsUpd.EXEFor Creative Soundblaster Live! series soundcards. System tray application for News updates. Also spyware - see here.No
NewtonKnowsUpdXNewtKnow.exe [path] NewtnUpd.dll,runkeyNewtonKnows spyware. Both files are located in %ProgramFiles%\Newton KnowsNo
Windows Explorer ControlerXNewUpdateFreeVGA.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir% - see hereNo
newupelevmdsXnewupelevmds.exeDetected by Malwarebytes as Adware.Kraddare. The file is located in %ProgramFiles%\newupelevNo
NewWindowActivationXNewWindowActivation.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\Microsoft Games\Windows Games. Removal instructions hereNo
POKEMONEGOGAMESXNewWindowActivation.exeDetected by Malwarebytes as Rogue.TechSupportScam. The file is located in %ProgramFiles%\A POKEMONGO Company\PC Cleaner Pro. Removal instructions hereNo
HELPERXnew_zealand.exeAsdPlug premium rate adult content dialer variantNo
NexXnex.exeDetected by Sophos as Troj/Agent-FPQNo
NexGen Media PlayerNNexGenMediaPlayerApp.exeNexGen Media Player by Jenkat Media, Inc - "Watch your favorite movies and videos, and enjoy your favorite music"No
Nexon LauncherNnexon_launcher.exeThe Nexon Launcher is our new streamlined approach for installing, updating and playing all your favorite Nexon games. In the coming months, we plan on adding more games along with social features as we continue to connect our Nexon community"Yes
Nexus RadioNNexus Radio.exeNexus Radio by Talam Group, LLC - "is a free internet radio service that allows members to listen to music, and create unique personal profiles in order to communicate with other Nexus Radio members"No
NexusUNexus.exeNexus Dock by Winstep - "is a FREE professional dock for Windows. With Nexus, your most frequently used applications are only a mouse click away - and Nexus turns working with your computer into a fun and exciting experience"No
HKCUXneznakomka3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
PoliciesXneznakomka3.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKLMXneznakomka3.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKCUXnfconfig.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
PoliciesXnfconfig.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\installNo
HKLMXnfconfig.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\installNo
NfoXnfomon.exePromulGate adwareNo
NGClientUngctw32.exeSymantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manuallyNo
WindowsMicroXNGen.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%No
Windows Global InitXngpsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.LBNo
ngpw36Xngpw36.exeAdBlaster adwareNo
Norton GProtectXngrfn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
NGServerNngserver.exeSymantec/Norton Ghost Console serviceNo
ngvmxkamXngvmxkam.datDetected by Malwarebytes as Trojan.Ransom.Gend. The file is located in %CommonAppData%No
nHancerUnHancer.exeSystem Tray access to nHancer which is an advanced control panel and profile editor for NVIDIA graphic cards - offering enhanced features above those available via the standard NVIDIA control panel such as additional Anti-Aliasing and Anisotropic Filtering modesYes
NotebookHardwareControlUnhc.exe"With Notebook Hardware Control you can easily control the hardware components of your Notebook"No
nhrijXnhrij.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserProfile% - see hereNo
lMKuOKzbgaiwaEB_RwVlzLCjHAXNIamMWNHdGknyQ.exeDetected by Sophos as Troj/Ranbyus-I and by Malwarebytes as Trojan.AgentNo
WDNS SYSTEMXnibie.exeDetected by Sophos as W32/Mytob-BYNo
WINDOWS SYSTEMXnibie.exeDetected by Sophos as W32/Mytob-BY and by Malwarebytes as Backdoor.AgentNo
nibnofxaqegeXnibnofxaqege.exeDetected by McAfee as RDN/Generic BackDoor!td and by Malwarebytes as Backdoor.Agent.PDNo
WinXP CentOS DriverXnicloader.exeDetected by Trend Micro as WORM_AGOBOT.ALFNo
nidleXnidle.exeDetected by Malwarebytes as Virus.Virut. The file is located in %AppData%\nidle - see hereNo
nieguideplusXnieguideup.exeDetected by Malwarebytes as Adware.K.IEGuide. The file is located in %ProgramFiles%\nieguideplusNo
NielsenOnlineUNielsenOnline.exeNeilsen/NetRatings NetSight market research software - provides "the industry's global standard for Internet and digital media measurement and analysis, offering technology-driven Internet information solutions for media, advertising, ecommerce and financial companies"No
NetMeterUNielsenOnline.exeNeilsen/NetRatings NetMeter market research software - provides "the industry's global standard for Internet and digital media measurement and analysis, offering technology-driven Internet information solutions for media, advertising, ecommerce and financial companies"No
nightXnight.exeDetected by Sophos as Mal/VB-PMNo
nighulvuxytfXnighulvuxytf.exeDetected by McAfee as RDN/Generic.tfr!dm and by Malwarebytes as Trojan.Agent.USNo
CostAwareUniIPCApp.exeNetInternals CostAware - download quota measuring toolNo
WindowsXnijEs.exeDetected by Malwarebytes as Backdoor.Bot.AI. The file is located in %UserProfile%\WindowsNo
Nike+ ConnectNNike+ Connect daemon.exeRelated to the Nike+ range of running accessories such as the Nike+ SportBandNo
Nike+ UtilityNNike+ Utility.exeRelated to the Nike+ range of running accessories such as the Nike+ SportBandNo
nikLausXnikLaus.exeDetected by Symantec as W32.HLLW.NiklasNo
Net-It LauncherNNILaunch.exeNet-It - web publishing softwareNo
NimbuzzNNimbuzz.exe"Nimbuzz is a free call and messaging app for the connected generation. Nimbuzz combines the powers of the Internet and mobile communications into one, and lets you make calls, send messages and share files, on any mobile device, for free"No
Windows Service AgentXnimcoo.exeDetected by Trend Micro as WORM_RBOT.EWV and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
ninfackatfuvXninfackatfuv.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
WINDOWS SYSTEMXninfoie.exeDetected by Sophos as W32/Mytob-EP and by Malwarebytes as Backdoor.AgentNo
NInitNNInit.exeNorton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start → Programs for manual logging - not requiredNo
Ninja TuneUpUNinja TuneUp.exeNinja Tuneup - "Free registry clean-up software that also does disk defragmentation, disk clean-up, registry backup, restoration and scans registry logs instantly." Detected by Malwarebytes as PUP.Optional.NinjaTuneUp. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Ninja TuneUp. If bundled with another installer or not installed by choice then remove itNo
ninja2015Xninja.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.19271 and by Malwarebytes as Worm.AutoRun.NJNo
NinjaTuneUp Alert SystemUNinjaTuneUp Alert System.exeNinja Tuneup - "Free registry clean-up software that also does disk defragmentation, disk clean-up, registry backup, restoration and scans registry logs instantly." Detected by Malwarebytes as PUP.Optional.NinjaTuneUp. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Ninja TuneUp. If bundled with another installer or not installed by choice then remove itNo
ninja VODUninjavod.exeDetected by Malwarebytes as PUP.Optional.NinjaVod. The file is located in %AppData%\ninjaVOD\[folder]. If bundled with another installer or not installed by choice then remove itNo
Microsoft Winedows UpdateingXNinKey.exeDetected by McAfee as W32/Sdbot.worm!mk and by Malwarebytes as Backdoor.AgentNo
Run Nintendo Wi-Fi USB Connector Registration ToolUNintendoWFCReg.exeRelated to Wi-Fi USB Connector from NintendoNo
niorutXniorut.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %UserProfile%No
nipoXnipo.exeDetected by McAfee as RDN/Spybot.bfr!h and by Malwarebytes as Trojan.Agent.HWINo
iPrint LPT Redirector?nipplpte.exeRelated to Novell® iPrint - a "best-of-breed printing solution for businesses running as traditional enterprises, for those operating entirely on the Net, and for those anywhere on the large spectrum in between." Is it required?No
minerXnircmd.exe start.batDetected by Dr.Web as Trojan.Siggen5.63785 and by Malwarebytes as Trojan.Agent.MNR. Both files are located in %AppData%\minerNo
NiRiCXniric.vbsDetected by Dr.Web as Trojan.Siggen5.39119 and by Malwarebytes as Backdoor.Agent.ENo
NiroFile UpdatedXNiroFile.exeDetected by McAfee as RDN/Sdbot.worm!bz and by Malwarebytes as Backdoor.IRCBot.ENo
nisdisaXnisdisa.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
TaskmanXnissan.exeDetected by Symantec as W32.Pilleuz.B and by Malwarebytes as Worm.Rimecud. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "nissan.exe" (which is located in %Recycled%\{SID})No
nisservYNISSERV.EXEPart of Symantec's now discontinued Norton Personal Firewall and also included in older versions of Norton Internet Security. Also part of their now discontinued Symantec Client Firewall (part of Symantec Client Security for business customers). Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
NisumYNISUM.EXEPart of Symantec's now discontinued Norton Personal Firewall and also included in older versions of Norton Internet Security. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
niSvcLocUniSvcLoc.exeRelated to National Instruments Corp. LabViewNo
nisyrlanfifaXnisyrlanfifa.exeDetected by McAfee as RDN/Generic.grp!fk and by Malwarebytes as Trojan.Agent.USNo
WinNiteXniteaim.exeDetected by Symantec as W32.Opanki.BNo
Wkyo86XNitip.exeDetected by Sophos as W32/Pitin-ANo
nitropdfXnitropdf32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
Nitro PDF Printer MonitorUNitroPDFPrinterMonitor.exePrinter monitor for Nitro PDF Professional from Nitro PDF, Inc. - "complete, affordable and easy-to-use set of tools to work with PDF documents"No
NitrouswindXNitrouswind.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
Microsoft Security Monitor ProcessXnitty.exeDetected by Kaspersky as Backdoor.Win32.Rbot.aeu and by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
niuXniu.exeAdded by the SILLYFDC.BCS WORM!No
Video ProcessXNivopsvc.exeDetected by Sophos as W32/Agobot-GTNo
iPPH30r2JpXnj-crypted.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %LocalAppData%No
nj-rdsd.exeXnj-rdsd.exeDetected by Malwarebytes as Trojan.MSIL.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
winXnj.exeDetected by Malwarebytes as Backdoor.Agent.WN. The file is located in %Root%\ExtractedNo
njdhjsjsj.exeXnjdhjsjsj.exeDetected by Dr.Web as Trojan.DownLoader10.41581 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Boot ManagerXNjgal.exeDetected by Symantec as Backdoor.KiloNo
NJILXnjil.exeDetected by Sophos as Troj/Delf-ELFNo
TaskmanXnjjxsu.exeDetected by Sophos as Troj/Agent-QCQ and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "njjxsu.exe" (which is located in %AppData%)No
NJG40XNJN4.EXEDetected by Symantec as Infostealer.Bancos.DNo
njq8ishere.exeXnjq8ishere.exeDetected by Sophos as Troj/Malit-FO and by Malwarebytes as Worm.Agent.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
njq8ishere.exeXnjq8ishere.exeDetected by Sophos as Troj/Malit-FO and by Malwarebytes as Worm.Agent.AI. Note - this entry loads from HKLM\Run and HKCU\RunNo
NJServer.exeXNJServer.exeDetected by Malwarebytes as Backdoor.Bot.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ArVzWJrYXnjUOghDD.exeDetected by Kaspersky as Trojan.Win32.Genome.zlzy and by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\ArVzWJrYNo
BArVzWJrYXnjUOghDDY.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
njw0rm.exeXnjw0rm.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
njw0rm.exeXnjw0rm.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
njw0rm.exeXnjw0rm.exeDetected by Dr.Web as Trojan.DownLoader9.13289 and by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
njw0rm.exeXnjw0rm.exeDetected by Dr.Web as Trojan.DownLoader9.13289 and by Malwarebytes as Worm.Startup. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Msn MessengerXnkbf.exeDetected by Sophos as W32/Rbot-GMQNo
NkbMonitor.exeNNkbMonitor.exePart of Nikon PictureProject - image management for Nikon digital camerasNo
ZDDROIXnkHdCI.exeDetected by McAfee as RDN/Generic PWS.y!vs and by Malwarebytes as Backdoor.Agent.ENo
Windows KernelXnkkxqllff.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %CommonFiles%\Windows Kernel0No
Team Viewer 8Xnkkxqllff.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not a valid entry for the TeamViewer remote support tool and the file is located in %CommonFiles%\Team Viewer 8No
Nikon Message Center 2NNkMC2.exeApplication for Nikon digital camera products that informs users of the latest information regarding updates to Nikon software and firmware upgrades. Currently supports the Camera Control Pro and ViewNX applicationsNo
Nikon MonitorNnkmonitor.exeMonitors for a Nikon digital camera being connected via USB port. As soon as it detects the camera it executes the Nikon View software to enable the user to transfer images from the camera to the PCNo
Nikon Transfer MonitorNNkMonitor.exeMonitors for a Nikon digital camera being connected via USB port. As soon as it detects the camera it executes the Nikon View software to enable the user to transfer images from the camera to the PCNo
MSN Service UtilitiesXnkn.exeDetected by Sophos as W32/Kelvir-BCNo
Nvidia Control DaemonXnksvc32.exeAdded by an unidentified WORM or TROJAN!No
NkvMon.exeNNkvMon.exeNikon View - for transferring pictures from Nikon digital camerasNo
NkVwMon.exeNNkVwMon.exeNikon View - for transferring pictures from Nikon digital camerasNo
NkwkwxXNkwkwx.scrDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
sysnltray2Xnl##.exeDetected by Malwarebytes as Trojan.Downloader - where # represents a digit. The file is located in %Windir% - see examples here and hereNo
##nXnl#.exeDetected by Malwarebytes as Trojan.Banker - where # represents a digit. The file is located in %Root%\drivers - see an example hereNo
krn#Xnl#.exeDetected by Malwarebytes as Trojan.Banker - where # represents a digit. The file is located in %Root%\drivers - see examples here and hereNo
krn##Xnl#.exeDetected by Malwarebytes as Trojan.Banker - where # represents a digit. The file is located in %Root%\drivers - see examples here and hereNo
krnXnl.exeDetected by McAfee as PWS-Banker.gen.b and by Malwarebytes as Trojan.BankerNo
Microsoft (R) Windows Network Latency ControllerXnlc.exeAdded by unidentified malware. The file is located in %System%No
Microsoft Update MachineXnlczty.exeDetected by Sophos as W32/Rbot-GUR and by Malwarebytes as Backdoor.BotNo
sv18h5jckqdfo6zgc2i0nlzh0uwz2q93waXnlkptmqe.exeDetected by Malwarebytes as Trojan.VBAgent. The file is located in %System%No
NLOGXNLOG.exeDetected by Dr.Web as Trojan.DownLoader11.13766 and by Malwarebytes as Trojan.Agent.ENo
NaviSearchXnls.exeNaviSearch adwareNo
NLS MonitorXnlsmon.exeDetected by Sophos as W32/Rbot-AXJNo
nltestXnltest.exeDetected by Dr.Web as Trojan.DownLoader11.11508 and by Malwarebytes as Trojan.Downloader.ENo
fofficeXnm.exeDetected by Sophos as Troj/Delf-CBNo
ujmUnm32.exeStranget keystroke logger/monitoring program - remove unless you installed it yourself! Found in %Windir%\fytNo
nmappUnmapp.exePure Networks "Network Magic eliminates common frustrations and saves time by simplifying and automating set up, management and repair of home networks, and makes printer and file sharing effortless"No
Microsof ValueXnmatt.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Nero HomeUNMBgMonitor.exeLooks for new files which can be included in Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 7 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}UNMBgMonitor.exeLooks for new files which can be included in Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 7 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
NMBgMonitorUNMBgMonitor.exeLooks for new files which can be included in Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 7 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
NMBgMonitor.exeXNMBgMonitor.exeDetected by Sophos as Troj/Bravo-G. Note - this is not the legitimate Nero Scout entry, which is normally located in %CommonFiles%\Nero\Lib. This one is located in %System%No
NetManageImport?nmcpdata.exeNetManage business software related (now part of Micro Focus)No
nmctxthUnmctxth.exeRelated to Pure Networks comprehensive home and small business networking software that simplifies network configurationNo
[various names]Xnmdllw.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Nero HomeYNMFirstStart.exeAppears to be related to the first run of Nero Home, which "combines television and the recording of television programs with playback of DVD-Videos and audio/video files in an easy-to-use interface" and "can also catalog them and organize them into individual libraries." Included in versions 7 and 8 of Nero digital media suites (CD/DVD burning, authoring, etc). Loads only on the first reboot after installation via the HKCU\RunOnce keyYes
NeroHomeFirstStartYNMFirstStart.exeAppears to be related to the first run of Nero Home, which "combines television and the recording of television programs with playback of DVD-Videos and audio/video files in an easy-to-use interface" and "can also catalog them and organize them into individual libraries." Included in versions 7 and 8 of Nero digital media suites (CD/DVD burning, authoring, etc). Loads only on the first reboot after installation via the HKCU\RunOnce keyYes
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}UNMIndexStoreSvr.exeIndexing and storage service for Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 8 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
Nero HomeUNMIndexStoreSvr.exeIndexing and storage service for Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 8 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
NMIndexStoreSvrUNMIndexStoreSvr.exeIndexing and storage service for Nero Scout, which is "a database program which indexes and catalogs all media files on your computer and makes the database available to all programs in the Nero product package." Included in version 8 of the Nero digital media suites (CD/DVD burning, authoring, etc). Integrated into a number of Nero applications and is of particular significance for the Nero Home media center. If you have trouble disabling Nero Scout try here or hereYes
_Cat1Xnmmst.exeDetected by Trend Micro as TROJ_SMALL.SDNo
System Document ApplicationXnmod.exeDetected by Sophos as W32/Sdbot-ABBNo
Microsoft Software UpdateXnmon.exeDetected by Trend Micro as WORM_RBOT.HZNo
NMPSystrayUNMPSystray.exeSystem Tray access to NotesMedic from Cassetica Software Inc. - which "contains a suite of Tools that make life easier when using Lotus Notes"No
Windows driver updateXnmsmtp32.exeDetected by Sophos as W32/Sdbot-JTNo
NMSSvcUNMSSVC.EXENIC Management Service - diagnostics program for Intel Pro family network cards. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
_Cat2Xnmstt.exeDetected by Kaspersky as Trojan-Downloader.Win32.Small.ahg. The file is located in %Windir%No
NMSVCYnmSvc.exeCovenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until re-enabled - therefore required if you use itNo
nMTaskBarService?nMtsk.exeTaskbar control for an Intracom Telecom NetMod ISDN modemNo
Windows Zero SpoolerXnmvcs.exeDetected by Microsoft as Worm:Win32/Slenfbot.JQNo
Windows Audio ComponentsXnncsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
Windows Audio StartupXnndsvc.exeDetected by Sophos as W32/IRCBot-AAENo
Windows Audio SystemXnndsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
NNLLUnnll.exeNet Nanny internet filterNo
Norton Navigator LoaderNnnloader.exeAn older Norton utility for file management under Windows 95No
nmgrXnnmgr.exeFFToolBar adware toolbarNo
nnn2.vbsXnnn2.vbsDetected by McAfee as RDN/Autorun.worm!dk and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
nnqcouuXnnqcouu.exeThe Abi Network adwareNo
NeroNETTrayIconNNNServiceCtrl.exeSystem tray access to NeroNET - Ahead Software's network-capable extension of their Nero CD/DVD burning program. NeroNET allows a burner to be shared across a networkNo
ShellXnnso.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "nnso.exe" (which is located in %AppData%)No
NNTrayUnnstart.exeNet Nanny internet filterNo
NNSvcUnnsvc.exeNet Nanny internet filterNo
IBM Lotus Notes Preloader?nntspreld.exePreloader for IBM Lotus Notes. Is it required on modern, faster systems?No
nnvsvcXnnvsvc.exeDetected by Malwarebytes as Trojan.Agent.LNK. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%\[folder]No
Microsoft UpdateXnnwyaupdtDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
PopUp StopperXNO POPUP.EXEDetected by Sophos as W32/Spybot-DCNo
System Information ManagerXno.exeDetected by Trend Micro as WORM_SPYBOT.NONo
NoAdsUNoAds.exeBlocks advertisement banners in Internet ExplorerNo
NoAdwareXNoAdware.exeNoAdware - spyware remover. This version is not recommended - see see hereNo
NoAdware3UNoAdware3.exeNoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see hereNo
NoAdware4UNoAdware4.exeNoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see hereNo
NoAdware5UNoAdware5.exeNoAdware - spyware remover. Initially not recommended due to false positives and aggressive advertising but the later versions have since improved - see hereNo
nobfudycomalXnobfudycomal.exeDetected by Sophos as Troj/Bckdr-RPP and by Malwarebytes as Trojan.Agent.USNo
NortonOnlineBackupReminderNNobuActivation.exeActivation reminder for Norton Online BackupNo
Norton Online BackupUNOBuClient.exeSystem Tray access to, and notifications for Symantec's Norton Online Backup online storage utilityYes
NortonOnlineBackupUNOBuClient.exeSystem Tray access to, and notifications for Symantec's Norton Online Backup online storage utilityYes
Dell DataSafe OnlineUNOBuClient.exeSystem Tray access to, and notifications for the Dell DataSafe Online (now discontinued) storage utilityYes
NOBuClientUNOBuClient.exeSystem Tray access to, and notifications for Symantec's Norton Online Backup and Dell DataSafe Online (now discontinued) storage utilitiesYes
ActiveScript32Xnod.exeDetected by Sophos as W32/Sohana-AJNo
Nod23 ServiceXnod23.exeDetected by Sophos as W32/Rbot-GMKNo
AVG InternetXnod32.exeDetected by Sophos as and by Malwarebytes as Trojan.BankerNo
ExplorerXNod32.exeDetected by McAfee as Generic Downloader.x!gbd and by Malwarebytes as Trojan.AgentNo
Windows Service AgentXnod32.exeDetected by Kaspersky as Backdoor.Win32.Rbot.bn and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
nod32 antivirusXnod32.exeDetected by Sophos as Troj/VB-FFT. Note - this is not Eset's NOD32 antivirusNo
NOD321XNOD321.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
Nod32CCUnod32cc.exeControl Center part of Eset's NOD32 antivirus. Leave this enabled if you want to update your virus data files via the click of a buttonNo
Nod32 Free antivirusXnod32krn.exeDetected by Sophos as W32/Rbot-AAO. Note - this is not Eset's NOD32 antivirus which has the same filename and is normally found in %ProgramFiles%\Eset. This one is located in %System%No
NOD32kernelYNod32krn.exeEset's NOD32 antivirus. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
nod32kuiYnod32kui.exeEset's NOD32 antivirusNo
avast ! SystemXnod32kut.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %ProgramFiles%\Internet ExplorerNo
nod32kut.exeXnod32kut.exeDetected by Malwarebytes as Trojan.Banker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Nod32 ServiceXnod6.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Nod32 ServiceXnod64.exeDetected by Trend Micro as WORM_RBOT.ESJ and by Malwarebytes as Backdoor.BotNo
nodsosXnodabc.exeDetected by Sophos as Troj/PWS-BLENo
Microsoft Svchost local servicesXnodkrm.exeDetected by Kaspersky as Backdoor.Win32.Poison.bjqn and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
Microsoft Svchost local servicesXnodkrn23.exeDetected by Kaspersky as Backdoor.Win32.Rbot.ajxx and by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%No
NoDNSXNoDNS.exeDetected by Trend Micro as TROJ_CLICKER.WI. The file is located in %ProgramFiles%\NoDNSNo
nod32Xnodqq.exeDetected by Sophos as W32/Autorun-BBV and by Malwarebytes as Spyware.OnlineGamesNo
Nod29 ServiceXnodwr.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
NOELauncherUNOELauncher.exeAntispam for Outlook Express from older versions of Norman (now part of AVG Technologies) security productsNo
NTsocketXNoeWinnt.exeDetected by Sophos as Troj/Ataka-ENo
NOFIIN.EXEXNOFIIN.EXEDetected by Sophos as Troj/Haxdoor-DPNo
WINDOWS-SHELLXnofud.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
nokia.comXnokia.comDetected by Dr.Web as Trojan.Click2.63320 and by Malwarebytes as Trojan.Agent.E, Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Nokia CheckXnokiacheck.exeDetected by Trend Micro as WORM_RBOT.CDCNo
RDSoundXNokiaDriveUpdate.exeDetected by Sophos as Troj/Agent-UOU and by Malwarebytes as Trojan.AgentNo
Nokia M PlatformUNokiaMServerPart of Nokia Ovi Player (and the older Nokia Music) music manager, Nokia Photos photo and video manager or Nokia Ovi Suite (now Nokia Suite) mobile device manager. Used to watch for any new file types that have been associated with these utilitiesYes
NokiaMServerUNokiaMServerPart of Nokia Ovi Player (and the older Nokia Music) music manager, Nokia Photos photo and video manager or Nokia Ovi Suite (now Nokia Suite) mobile device manager. Used to watch for any new file types that have been associated with these utilitiesYes
Nokia FastStartNNokiaMusic.exePart of the Nokia Music music manager - which was replaced by Nokia Ovi Player. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
Nokia MusicNNokiaMusic.exePart of the Nokia Music music manager - which was replaced by Nokia Ovi Player. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
NokiaMusicNNokiaMusic.exePart of the Nokia Music music manager - which was replaced by Nokia Ovi Player. "With Nokia Music, you can play music, discover and buy new music, transfer music between your compatible PC and your compatible Nokia mobile devices, and rip and burn audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
Nokia Ovi PlayerNNokiaOviPlayer.exePart of the Nokia Ovi Player - which is "a free PC application for playing and organising your music, discovering and downloading new music on Ovi, transferring songs and playlists between your compatible PC and compatible Nokia mobile devices, and ripping and burning your audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
NokiaMusic FastStartNNokiaOviPlayer.exePart of the Nokia Ovi Player - which is "a free PC application for playing and organising your music, discovering and downloading new music on Ovi, transferring songs and playlists between your compatible PC and compatible Nokia mobile devices, and ripping and burning your audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
NokiaOviPlayerNNokiaOviPlayer.exePart of the Nokia Ovi Player - which is "a free PC application for playing and organising your music, discovering and downloading new music on Ovi, transferring songs and playlists between your compatible PC and compatible Nokia mobile devices, and ripping and burning your audio CDs". If enabled, this entry will reduce the time taken for Nokia Music to run by a few seconds for the first time after Windows has loadedYes
Nokia Ovi SuiteNNokiaOviSuite.exeFirst generation of Nokia Ovi Suite (now Nokia Suite) for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
Nokia Ovi Suite 2NNokiaOviSuite.exeSecond generation of Nokia Ovi Suite (now Nokia Suite) for managing Nokia mobile devices - which "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NokiaOviSuiteNNokiaOviSuite.exeNokia Ovi Suite (now Nokia Suite) for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NokiaOviSuite.exeNNokiaOviSuite.exeFirst generation of Nokia Ovi Suite (now Nokia Suite) for managing Nokia mobile devices - "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NokiaOviSuite2NNokiaOviSuite.exeSecond generation of Nokia Ovi Suite (now Nokia Suite) for managing Nokia mobile devices - which "gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer, and experience a new way of browsing your photos, videos and music. Furthermore, you can share photos quickly and safely through the Share on Ovi service"Yes
NokKernel installUNok_install.exeInstaller for the NokNet Workstation Monitor surveillance software. Uninstall this software unless you put it there yourselfNo
NomdCheckNnomdchek.exePart of Intel's Native AudioNo
Microsoft Explorer2Xnome.exeDetected by Trend Micro as WORM_RANDEX.AANo
AvastXnome.exe.exeDetected by Dr.Web as Trojan.PWS.Spy.17611 and by Malwarebytes as Trojan.Agent.ENo
nomtrayUnomtray.exeSystem Tray access to NetMotion wireless options - including connectivity statusNo
NonohNNonoh.exeNonoh - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular SkypeYes
Microsoft Nod32 ServiceXnood32.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
nooooooooo.vbsXnooooooooo.vbsDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NoorXNoor.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
EptrXnopdb.exeAdded by an unidentified WORM or TROJAN!No
NOPDBSXNOPDBS.exeDetected by Sophos as Troj/Bancban-ASNo
[various names]XNopeZ.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
NoPopUpUnopopup.exeNoPopUp 2003 by NEXT-Soft - popup blockerNo
SPXnopted.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %UserTemp%No
Bron-SpizaetusXnorBtok.exeDetected by Trend Micro as WORM_RONTOKBRO.B and by Malwarebytes as Worm.BrontokNo
NordXnordsys.exeDetected by Sophos as W32/Dref-SNo
normally.exeXnormally.exeDetected by Dr.Web as Trojan.DownLoader8.24079 and by Malwarebytes as Trojan.BankerNo
NortE AntivirusXnorte.exeDetected by Trend Micro as WORM_RBOT.BQQNo
NortE AntivirusXnorten.exeDetected by Sophos as W32/Rbot-AFFNo
norten Software IntrenetXnorten.pifDetected by Sophos as W32/Rbot-AWANo
ProtectionXNorton Internet Security.exeDetected by Symantec as W32.Elitper.E@mmNo
Wxp4XNorton Update.exeDetected by Symantec as W32.Erkez.D@mmNo
Windows System Service Configuration LoaderXnorton.exeDetected by Trend Micro as WORM_AGOBOT.GNNo
norton.exeXnorton.exeDetected by Symantec as W32.Ahker.D@mm. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft Norton AntivirusXnorton.exeAdded by a variant of the IRCBOT BACKDOOR!No
System Service ManagerXnorton.exeDetected by Symantec as W32.Gaobot.AJENo
MS Unix BinaryXNorton2005Update.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
norton32Xnorton32.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
norton32.exeXnorton32.exeDetected by Malwarebytes as Trojan.Banker. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
Norton AntiBotYNortonAntiBot.exeControl Center for Norton Antibot from Symantec - which "provides advanced, real-time protection against emerging threats, including bots that are used to perpetrate identity theft and other online crimes" and "protects your PC from unauthorized access and tampering, detects and stops attempts by hackers to take remote control of your computer, and delivers extra protection against emerging 'zero-day' threats." Designed to work with existing antivirus software but now discontinuedYes
NortonAntiBotYNortonAntiBot.exeControl Center for Norton Antibot from Symantec - which "provides advanced, real-time protection against emerging threats, including bots that are used to perpetrate identity theft and other online crimes" and "protects your PC from unauthorized access and tampering, detects and stops attempts by hackers to take remote control of your computer, and delivers extra protection against emerging 'zero-day' threats." Designed to work with existing antivirus software but now discontinuedYes
Norton AntivirusXnortonav.exeDetected by Sophos as W32/Rbot-AYE. Note - this is not the real Norton AV!No
Norton Antivirus UpdaterXnortonav.exeDetected by Sophos as W32/Delbot-T. Note - this is not the real Norton AV!No
Windows XpXnortonguard.exeDetected by Sophos as W32/Mytob-DZNo
nortonpXnortonp.exeDetected by Sophos as Troj/JD-ANo
Mcafee Anti ScanXNortonScn.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
mike4hermioneXnortonsgay.exeDetected by Dr.Web as Trojan.StartPage.60532 and by Malwarebytes as Trojan.Agent.ENo
Norton UpdaterXNortonUpdate.exeAdded by an unidentified WORM or TROJAN!No
NortonAVXnorton_antivirus.exeDetected by Symantec as Backdoor.Netjoe. Note - this is not a legitimate Symantec AV processNo
noskrnlXnoskrnl.exeDetected by Symantec as Trojan.Peacomm.D and by Malwarebytes as Trojan.PeedNo
nostdXnostd.exeDetected by Trend Micro as TSPY_BANKER-2.001No
Loadout ManagerUnost_LM.exeManager for the Belkin Nostromo n50 SpeedPad game controller - see hereNo
runXnotapad.exeDetected by Dr.Web as Trojan.AVKill.33252 and by Malwarebytes as Trojan.Agent.NTPNo
CamfrogXNotbad.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.STNo
EnjoyThisStuffXNotBlackVM.exeDetected by Dr.Web as Trojan.MulDrop4.62001 and by Malwarebytes as Trojan.Agent.CDXNo
Note-upUnote-up.exeDetected by Malwarebytes as PUP.Optional.NoteUp. The file is located in %ProgramFiles%\Note-up. If bundled with another installer or not installed by choice then remove itNo
notep.exeXnotep.exeDetected by McAfee as RDN/Generic Downloader.x!il and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
notepaXnotepa.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %ProgramFiles%No
NotepadXnotepa.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\System32No
notesXnotepaad.exeDetected by Trend Micro as WORM_RBOT.BMENo
Text optimazerXnotepab.exeDetected by Dr.Web as Trojan.Click3.5065 and by Malwarebytes as Trojan.Agent.ENo
Windows UpdateXnotepad cryptinfo.txtDetected by Microsoft as Ransom:Win32/DMALocker.A and by Malwarebytes as Ransom.DMALocker.Trace. Note - do not delete the legitimate "notepad.exe" text editor which is located in %Windir%. The "cryptinfo.txt" file is located in %CommonAppData%No
tnotifyXnotepad [path] VAULT.txtDetected by Symantec as Trojan.Ransomcrypt.R and by Malwarebytes as Trojan.Agent.VLT. Note - do no detele the legitimate "notepad.exe" text editor which is located in %Windir%. The "VAULT.txt" file is located in %Temp%No
MicrosoftXnotepad.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\FlashPlayerNo
MicrosoftXnotepad.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\FlashPlayerNo
MicrosoftXnotepad.exeDetected by Malwarebytes as Trojan.Agent.E.Generic. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %Windir%\FlashPlayerNo
JAVA UPDAATXnotepad.exeDetected by McAfee as RDN/Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in a "config" sub-folderNo
(Default)Xnotepad.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%. This malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
NETVOIPXnotepad.exeDetected by McAfee as RDN/Generic PWS.y!bbw and by Malwarebytes as Backdoor.Agent.INS. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\InstallNo
(Default)XNOTEPAD.exeDetected by Symantec as W32.Rusty@m. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%. This malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
HKCUXNotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\System32No
HKCUXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %ProgramFiles%\installNo
HKCUXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\install - see hereNo
HKCUXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\System32 - see hereNo
HKCUXnotepad.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in a "googlechromme" sub-folderNo
PoliciesXNotepad.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\System32No
PoliciesXnotepad.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %ProgramFiles%\installNo
PoliciesXnotepad.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %Root%\installNo
PoliciesXnotepad.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\install - see hereNo
PoliciesXnotepad.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in a "googlechromme" sub-folderNo
Microsoft® Windows® Operating SystemXnotepad.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %UserTemp%No
[3-4 random letters]Xnotepad.exeDetected by Symantec as Adware.PurityScan - also see the archived version of Andrew Clover's page. Note - this is not the legitimate text editor of the same filenameNo
CSOXnotepad.exeDetected by Malwarebytes as Backdoor.NetWiredRC. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\CSO - see hereNo
dskchkXnotepad.exeDetected by Malwarebytes as Worm.AutoRun.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\Default FolderNo
Lao AntivirusXNOTEPAD.EXEDetected by Dr.Web as Win32.HLLW.Autoruner1.2826 and by Malwarebytes as Worm.AutoRunNo
ShellXnotepad.exeDetected by Malwarebytes as Hijack.Shell.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "notepad.exe" (which is located in %UserTemp% and is not the legitimate text editor of the same filename which is located in %Windir%)No
StartupXnotepad.exeDetected by Dr.Web as Trojan.DownLoader6.9646. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\MicrosoftNo
WinHelperXnotepad.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %UserStartup%No
window.exeXnotepad.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %UserTemp%No
MicroUpdateXnotepad.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\MSDCSCNo
Microsoft NotePadXnotepad.exeAdded by a variant of Backdoor:Win32/Rbot. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%No
svchost.exeXnotepad.exeDetected by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\SYSTEM32No
notepadXnotepad.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%No
NotepadXNotepad.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\Install - see hereNo
notepadXnotepad.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.LMT. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %Temp%\notepadNo
Notepad lptt01Xnotepad.exeRapidBlaster variant (in a "windows" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
Notepad ml097eXnotepad.exeRapidBlaster variant (in a "windows" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %ProgramFiles%\windowsNo
notepad.exeXnotepad.exeDetected by Malwarebytes as Trojan.Proxy.NTP. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%No
HKLMXNotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\System32No
notepad.exeXnotepad.exeDetected by Malwarebytes as Trojan.Proxy.NTP. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\[folder] - see an example hereNo
HKLMXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %ProgramFiles%\installNo
notepad.exeXnotepad.exeDetected by Malwarebytes as Trojan.Agent.NTP.Generic. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %LocalAppData%No
HKLMXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\install - see hereNo
HKLMXnotepad.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %System%\System32 - see hereNo
HKLMXnotepad.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in a "googlechromme" sub-folderNo
Geo8Xnotepad.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %UserStartup%No
startupkeyXnotepad.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%No
VoipXnotepad.exeDetected by Dr.Web as Trojan.DownLoader12.17834 and by Malwarebytes as Backdoor.Agent.INS. Note - this is not the legitimate text editor of the same filename which is located in %Windir%. This one is located in %AppData%\InstallNo
notepadXnotepad.exe.exeDetected by Malwarebytes as Backdoor.SpyNet. The file is located in %CommonAppData%\AppDataNo
EYOREXNotepad.scrDetected by Sophos as W32/Gimlet-ANo
NotepadXnotepad.scrDetected by Dr.Web as Trojan.DownLoader13.12649 and by Malwarebytes as Trojan.Agent.SBFGenNo
Windows Autostart LoaderXnotepad32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
notepad32Xnotepad32.exeDetected by Dr.Web as Trojan.Siggen4.4932 and by Malwarebytes as Trojan.AgentNo
notepadd.exeXnotepadd.exeDetected by Malwarebytes as Trojan.Banker.NTP. The file is located in %AppData%\30032015 - see hereNo
notepadd.exeXnotepadd.exeDetected by McAfee as RDN/Generic.dx!cpw and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows Notepad UpdateXnotepads.exeDetected by McAfee as W32/Spybot.worm.gen and by Malwarebytes as Backdoor.IRCBot.ENo
notepadsXnotepads.exeDetected by Malwarebytes as Trojan.Agent.RV. The file is located in %AppData%No
msdtccXnotepod.exeDetected by Trend Micro as TROJ_VB.FPWNo
NoterSaveUNoterSave.exeNoterSave is trusted by millions of businesses and consumers to boost productivity, simplify file sharing and keep information private. The world's number one note keeper software, NoterSave offers apps for all of today's most popular platforms and devices, giving users a better way to exchange notes in the cloud, email and social media. Detected by Malwarebytes as PUP.Optional.NoterSave. The file is located in %ProgramFiles%\NoterSave. If bundled with another installer or not installed by choice then remove itNo
notesXnotes.exeAdded by the SYKIPOT BACKDOOR!No
NoticeP.exeUNoticeP.exePart of iSync which allows "you to transfer songs from any music downloading software to your iTunes® library". The trial version displays advertisements which disappear if you purchase the softwareNo
Feed NotifierUnotifier.exeDetected by Malwarebytes as PUP.Optional.FeedNotifier. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Feed Notifier. If bundled with another installer or not installed by choice then remove itNo
V-batesUnotifier.exeDetected by Malwarebytes as PUP.Optional.VBates. The file is located in %ProgramFiles%\V-bates. If bundled with another installer or not installed by choice then remove itNo
PlayzyUnotifier.exeDetected by Malwarebytes as PUP.Optional.Playzy. The file is located in %ProgramFiles%\Playzy. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Notify MailNNOTIFY.EXEE-mail notification utilityNo
\notify_x64.exeXnotify_x64.exeDetected by Dr.Web as Trojan.Siggen6.16661 and by Malwarebytes as Backdoor.Agent.NTNo
netshareXnotilv.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserTemp%No
Notmad ManagerNnotmgr.exeNotmad Explorer by Red Chair Software - "is the most complete software companion for your Creative Nomad MP3 Player. It includes full shell integration as a Windows Namespace Extension, browser access to your Jukebox through a built-in web server, and powerful search and reporting capabilities using a built-in SQL database." No longer supportedNo
pagofileXnotoped.exeDetected by Trend Micro as TROJ_VB.FPW and by Malwarebytes as Email.Worm.NTONo
MicrosoftXnotpad.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\system.dir - see hereNo
Media serviceXnotpad.exeDetected by Trend Micro as WORM_SDBOT.CHU and by Malwarebytes as Backdoor.SDBotNo
system23XnotPad.exeDetected by Symantec as Trojan.Esteems.DNo
MicrosotXnotpad.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\system.dir - see hereNo
EssancialXnotpad.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%\system.dir - see hereNo
ShellXnotpod.exeDetected by Dr.Web as Trojan.Nanocore.4 and by Malwarebytes as Hijack.Shell.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "notpod.exe" (which is located in %Temp%)No
gabougoolXnounina.exeDetected by Sophos as Troj/Agent-JVXNo
Vista&SenvenXNourinfo.exeDetected by Sophos as Troj/Agent-QXP and by Malwarebytes as Trojan.AgentNo
Disable EHCI?nousb20.exePossibly related to disabling the "Enhanced Host Controller Interface". The file is located in %Windir%No
Novalx - Update ServiceXnovalex-update.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
Joint Operations Typhoon Rising RegistrationNNOVG.EXERegistration reminder for the Joint Operations: Typhoon Rising game by NovalogicNo
Delta Force-Black Hawk Down Team Sabre RegistrationNNOVG.EXERegistration reminder for the Delta Force - Black Hawk Down: Team Sabre expansion pack for the Delta Force - Black Hawk Down game by NovalogicNo
WdefenderXnovo.exeDetected by McAfee as Generic.dx!b2zf and by Malwarebytes as Trojan.AgentNo
SKYPE MESSENGERXNOVO.exeDetected by McAfee as RDN/Generic Downloader.x!jr and by Malwarebytes as Trojan.Banker.ENo
novsvida.exeXnovsvida.exeGlobalAccess dialerNo
Microsoft Update 2.5XNow.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Root%\ProgramDataNo
Microsoft Update 2.5XNow5.exeDetected by Dr.Web as Trojan.DownLoader10.6074 and by Malwarebytes as Backdoor.BotNo
nowayz270414Xnowayz270414.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.NWNo
NowUSeeIt PlayerXNowUSeeItPlayer.exeDetected by Malwarebytes as Adware.NowUSeeIt. The file is located in %ProgramFiles%\NowUSeeItPlayerNo
Windows serverXnoxxic.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %AppData%\nox - see hereNo
NaverPCGreenUNPCGreenUpgrader.exeRelated to Naver_Anti-virus Realtime Monitor From NHNCorpNo
Disk Panel SetupXnpcsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.JVNo
NPCTrayUnpc_tray.exeSystem Tray access to, and notifications for Parental Control from older versions of Norman (now part of AVG Technologies) security productsNo
HtiUnpdor.exeAppears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not requiredNo
NFM ServiceUNPDOR9x.exeAppears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not requiredNo
NPDTrayUNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
ThinkPad Presentation DirectorUNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
IBM ThinkPad UtilityUNPDTray.exeSystem Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and multiple display options. Scheme selection and settings are also available via Fn+F7 key combination on some modelsYes
Windows Network LogonXnpesvc.exeDetected by Trend Micro as TROJ_AGENT.ERZ. The file is located in %System%No
NPFMonitorYNPFMntor.exeFirewall install monitor for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Helps detect immediately after boot-up whether the firewall part is currently installed and working properly, whether it is currently enabled or disabled, and what features of the firewall are turned on. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
GLF Network Lan MonitorXNPFMNTOR.exeDetected by Sophos as W32/Rbot-AGYNo
NPF ValueXNPFMONTR.exeDetected by Sophos as W32/Rbot-AWDNo
Norton Personal FirewallXnpfw.exeDetected by Sophos as W32/Rbot-UINo
Norton Personal FirewallXnpfw32.exeDetected by Sophos as W32/Rbot-UQNo
userinitXnpgkij.exeDetected by McAfee as Generic BackDoor.acx and by Malwarebytes as Trojan.AgentNo
npkmncXnpkmnc.exeWebVia adwareNo
Norton Personal FirewallXnpmsys.exeDetected by Sophos as W32/Rbot-ALONo
Netzip Smart DownloaderXnpnzdad.exeAdvertising spywareNo
RealDownload ExpressXnpnzdad.exeAdvertising spywareNo
Norton ProtectXNPPROTECT.exeDetected by Sophos as W32/Rbot-WWNo
Windows Audio PanelXnppsvc.exeAdded by a variant of the IRCBOT TROJAN! See hereNo
nprXnpr.exeDetected by Malwarebytes as Trojan.SpamBot.E. The file is located in %AppData%\nprNo
NPROTECTUnprotect.exeSupports the Norton Protected Recycled Bin feature of older versions of Norton Utilities (either as a standalone product or as part of Norton SystemWorks). Adds an extra layer of safety to the deletion of information from the standard Windows Recycled Bin. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP)No
NPROTECTXNPROTECT.exeDetected by Symantec as Trojan.Syginre. Note - this is not the legitimate file used by the Norton Protected Recycled Bin feature from older versions of Norton Utilities and is located in %Root%No
ProtectionXnprotects.exeDetected by McAfee as RDN/PWS-Banker!cy and by Malwarebytes as Trojan.Banker.ENo
NPSAgentNNPSAgent.exeInstalled with the SAMSUNG New PC Studio mobile device management utility. Detects when a supported mobile device is connection and optionally automatically loads the main programYes
AutoStartNPSAgentNNPSAgent.exeInstalled with the SAMSUNG New PC Studio mobile device management utility. Detects when a supported mobile device is connection and optionally automatically loads the main programYes
Samsung PC StudioNNPSAgent.exeInstalled with the SAMSUNG New PC Studio mobile device management utility. Detects when a supported mobile device is connection and optionally automatically loads the main programYes
NPS Event Checker?npscheck.exePart of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event CheckerNo
Norton Program Scheduler Event Checker?npscheck.exePart of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event CheckerNo
oomvosrxXnpsjknok.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%No
Norton Program SchedulerUNPSsvc.exeInstalled on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scansNo
Windows Protected StorageXnpssvc.exeAdded by a variant of W32.IRCBot. The file is located in %System%No
NovaPortal Single User ServiceXNPSU.exeAdware displaying pop-up/pop-under windows. Runs as a service on an NT based OS (such as Windows 10/8/7/Vista/XP). The file is located in %ProgramFiles%\NovaPortal.com\NovaPortal Single UserNo
LOGDRIVERSXNptmscrf.batDetected by McAfee as RDN/Ransom!dm and by Malwarebytes as Trojan.Agent.RNSENo
NQaKwkjGRxPmQog.exeXNQaKwkjGRxPmQog.exeDetected by Malwarebytes as Trojan.Foury. The file is located in %CommonAppData%No
WinLoaderXnqvrcni.exeDetected by Dr.Web as Trojan.MulDrop4.14194No
NR7XNR7.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
NetReachXnrcheck.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
ScheduIeXnrchk.exePremium rate Adult content dialerNo
QTimeXnrchk.exePremium rate Adult content dialerNo
SlipStreamYnrcore.exeNetRocket Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
Microsoft (R) Windows Vista/NT Runtime Compatibility ServiceXnrcs.exeDetected by Symantec as Backdoor.Ranky.XNo
NetRocket AcceleratorYnrgui.exeNetRocket Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
nrktcvy.exeXnrktcvy.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
nRPiQfzA.exeXnRPiQfzA.exeDetected by Malwarebytes as Trojan.Ransom.Dirty. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PremeterXnrpr.exeNetRatings Premeter spywareNo
nrtwcfXnrtwcf.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %ProgramFiles%\WinRARNo
Adobe Reader Speed LauncherXnrzzyrw.exeDetected by Dr.Web as BackDoor.IRC.Bot.2003No
NSXns.exeDetected by Sophos as W32/Agobot-HSNo
Run32Xns.exeDetected by Sophos as Troj/DwnLdr-KNN and by Malwarebytes as Trojan.AgentNo
nsoudioXnsaudio.exeDetected by Dr.Web as Trojan.Siggen3.13154 and by Malwarebytes as Backdoor.Agent.ENo
NLS MonBoardXNSBARD.EXEDetected by Trend Micro as BKDR_SPYBOT.TNo
NSBlockUNSBlockTray.exeDetected by Malwarebytes as PUP.Optional.DnsBlock. The file is located in %ProgramFiles%\NSBlock. If bundled with another installer or not installed by choice then remove itNo
Win32loadXnscagent.exeDetected by McAfee as Downloader-BONNo
Scanner File UtilityYNsCatCom.exeKYOCERA network copier/printer/scanner process to dump scanned documents onto a workstationNo
NSCheckXnscheck.exeMarketScore/Netsetter/Relevant Knowledge parasite. Detected by Malwarebytes as PUP.Spyware.MarketScoreNo
Norton Program SchedulerUnsched32.exeInstalled on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scansNo
nscntrlXnscntrl.exeAdded by the DLOAD-DC TROJAN!No
[various names]XNsCplTray.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
NSCSysTrayUIUNSCSysTrayUI.exeSystem Tray access to the NetworkScan utility for some Samsung AIO devices which allows scanning and printing over a networkNo
NSCSysTrayUI_XEROXUNSCSysUI_XEROX.exeSystem Tray access to the NetworkScan utility for some Xerox AIO devices which allows scanning and printing over a networkNo
nsdcmd servicesXnsdcmdav.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
nsdcmd vid processXnsdcmdwin.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
nsdluaXnsdlua.exeAll-In-One Telcom - Adult content dialerNo
nseXnse.exeDetected by Sophos as W32/Agobot-MLNo
Network SecurityXNSecurity.exeDetected by Trend Micro as WORM_IRCBOT.AAVNo
NsengineUNsengine.exeScheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see hereNo
NService.exeXNService.exeDetected by McAfee as RDN/Generic.dx!dgq and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
nservice32Xnservice32.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
nservice5.exeXnservice5.exeDetected by Dr.Web as Trojan.Siggen5.57015 and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SDFGSDGSDGSDGSXNSIF6DNIIP.exeDetected by McAfee as RDN/Generic.bfr!ev and by Malwarebytes as Backdoor.Messa.ENo
signupXnsignup.exeDetected by Dr.Web as Trojan.DownLoader7.12599 and by Malwarebytes as Adware.KorAdNo
Instant AccessXnsinet.exeDialer.InstantAccess premium rate adult content dialer variant. Detected by Malwarebytes as Adware.EGDAccess. The file is located in %System%No
NSKUNSK.exeArdakey keystroke logger/monitoring program - remove unless you installed it yourself!No
NetStat LiveNNsl.exeAnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing dataNo
PI_NsLookup.exeXNsLookup.exeDetected by Sophos as Troj/Agent-ZBG and by Malwarebytes as Trojan.AgentNo
Microsoft (R) Windows Network Security Management ServiceXnsms.exeDetected by Trend Micro as TROJ_RANKY.LCNo
Microsoft CSRSS ServiceXnsmscrs.exeDetected by Sophos as W32/Rbot-BPTNo
nsnlq.exeXnsnlq.exeDetected by Malwarebytes as Misused.Legit. The file is located in %Windir%No
Windows Media Powerpoint HelperNnsppthlp.exeGerman software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) filesNo
NetShow Powerpoint HelperUNSPPTHLP.EXEIf disabled, user created fonts can no longer be seen by other programsNo
NSProXNSPro.exeDetected by Malwarebytes as Keylogger.Netspy. The file is located in %ProgramFiles%\NSProNo
Windows Network SessionXnspsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.QTNo
nsr32.exeXnsr32.exeDetected by Malwarebytes as Trojan.Agent.TMGen. The file is located in %Temp%No
HKCUXnsrss.exeDetected by McAfee as Generic.bfr!cb and by Malwarebytes as Backdoor.HMCPol.GenNo
PoliciesXnsrss.exeDetected by McAfee as Generic.bfr!cb and by Malwarebytes as Backdoor.Agent.PGenNo
HKLMXnsrss.exeDetected by McAfee as Generic.bfr!cb and by Malwarebytes as Backdoor.HMCPol.GenNo
NSRKeyUNSRTray.exeSystem Tray access to, and notifications for Symantec's Norton Save and Restore 1.0 backup software (either as a standalone product or as part of Norton SystemWorks Premier) - which is a renamed version of Norton GhostYes
NSRTrayUNSRTray.exeSystem Tray access to, and notifications for Symantec's Norton Save and Restore 1.0 backup software (either as a standalone product or as part of Norton SystemWorks Premier) - which is a renamed version of Norton GhostYes
Norton Save and RestoreUNSRTray.exeSystem Tray access to, and notifications for Symantec's Norton Save and Restore 1.0 backup software (either as a standalone product or as part of Norton SystemWorks Premier) - which is a renamed version of Norton GhostYes
ScanRegistryXnsrvnt.exeDetected by Symantec as Backdoor.NerteNo
SystemServiceUnsserver.exeNiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
NetworkShareSessionManagerXnssm.exeDetected by Dr.Web as Trojan.DownLoader4.32067 and by Malwarebytes as Backdoor.IRCBotNo
nsdriverXnssys32.exeNetShagg adwareNo
NDplDeamonXnstask32.exeDetected by Symantec as W32.Randex.ENo
PofatchXnstrue.exeDetected by Symantec as W32.Randex.ZNo
J4MPA2B6HRLGXNSTZGX0M.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
J4MPA2B6HRLGXNSTZGX0M.exeDetected by McAfee as RDN/Generic.dx!cnp and by Malwarebytes as Backdoor.Agent.ENo
NSupdateXNSupdate.exeDetected by Sophos as Dial/Laet-BNo
NokiaXnsu_ui_client.exeDetected by Sophos as Troj/Banker-FAQ. Note - this is not the legitimate Nokia Software Updater which has the same filename and is located in %ProgramFiles%\Nokia\Nokia Software Updater. This one is located in %Windir%No
Nokia Software UpdaterYnsu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
nsu_ui_clientYnsu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
nsu_ui_client.exeYnsu_ui_client.exeUtility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devicesYes
NsvdrXnsvdr.exeAdult content dialerNo
NsvXnsvsvc.exeDelfin PromulGate adwareNo
NSWCfg.exeUNSWCfg.exeInformation wizard for older versions of Symantec's now discontinued Norton SystemWorks system utility suite. On the first run after installation this entry looks after registration, subscription and confirms the default configuration settingsYes
NswUiTrayNNswUiTray.exeSystem Tray access to Symantec's now discontinued Norton SystemWorks 2009 security and utility suiteYes
Norton SystemWorksNNswUiTray.exeSystem Tray access to Symantec's now discontinued Norton SystemWorks 2009 security and utility suiteYes
nsysUnsys.exeNetSpy keystroke logger/monitoring program - remove unless you installed it yourself!No
nsys32Xnsys32.exeDetected by Sophos as W32/Agobot-SUNo
[various names]XNSYSCPLSTR.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Nt**.exe [* = random char]XNt**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Nt**32.exe [* = random char]XNt**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Windows Services nt09tAgentsXnt09.exeDetected by Kaspersky as Net-Worm.Win32.Kolab.fvo and by Malwarebytes as Backdoor.Agent. The file is located in %System%No
Reg ServiceXNT32.exeDetected by Trend Micro as BKDR_AGOBOT.GNo
loadXnt32.exeDetected by Dr.Web as Trojan.DownLoader9.15462 and by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "nt32.exe" (which is located in %Root%\NTKernel)No
NT Kernel ServiceXnt32.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Dr.Web as Trojan.DownLoader9.15462 and by Malwarebytes as Trojan.Agent. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
JavaPluginTrayManagerXnt32helper.exeDetected by Dr.Web as Trojan.FakeAV.13072 and by Malwarebytes as Backdoor.AgentNo
NTAds Expert BrowserUntaeb_restart.exePart of Ad Expert Browser - which "is a new program used to analyze the online advertising market to obtain detailed statistics about websites advertising on different pay-per-click advertising systems." Detected by Malwarebytes as PUP.Optional.AdExpertBrowser. The file is located in %AppData%\AEB. If bundled with another installer or not installed by choice then remove itNo
NT Video API32XNTAPI32.exeDetected by Sophos as W32/Rbot-FWNo
ntasvrXntasvr.exeDetected by Emsisoft as Adware.Win32.NateSrch!A2. The file is located in %ProgramFiles%\Nate\AddressSearchNo
NET Bios StatsXntbstats.exeDetected by Sophos as W32/Sdbot-ZXNo
Microsoft Update MachineXntce.exeDetected by Sophos as W32/Rbot-FA and by Malwarebytes as Backdoor.BotNo
directxXNTCmd.exeDetected by Symantec as Backdoor.Sdbot.DNo
ShellXntcmd.exe.batDetected by Malwarebytes as Hijack.Shell. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "ntcmd.exe.bat" (which is located in %UserTemp%\NetTheme)No
NvCplDXntcpl.exeEnterOne - Switch dialer and hijacker variant, see hereNo
Windows Disk DefragmenterXntcsrss.exeDetected by Malwarebytes as Trojan.Agent.NT.Generic. The file is located in %LocalAppData%\DGZNo
ntddetectXntddetect.exeDetected by Sophos as Troj/Agent-CUNo
rundll32Xntdevice.exeDetected by Sophos as Troj/Agent-OUM and by Malwarebytes as Trojan.AgentNo
NTdhcpXNTdhcp.exeDetected by Sophos as Troj/QQRob-C and by Malwarebytes as Trojan.KillAVNo
MSN serviceXNTDKRN.EXEDetected by Trend Micro as WORM_RBOT.UJNo
ntdllXntdll.exeDetected by ESET as Win32/Spy.Bizzana.A and by Malwarebytes as Trojan.Agent. The file is located in %AppData% and/or %CommonAppData%No
ntdllXntdll.exeDetected by Symantec as Backdoor.Bionet.404. The file is located in %System%No
Windows InstallerXntdll.exeAdded by an unidentified WORM or TROJAN!No
Ntdll3_2.exeXNtdll3_2.exeDetected by Dr.Web as Trojan.DownLoader9.13342 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NTDLLPROTECT.DLL MICROSOFTXNTDLLPROTECTEX.exeDetected by McAfee as RDN/Generic Downloader.x!ja and by Malwarebytes as Trojan.Banker.ENo
Configuration LoaderXntdm.exeDetected by Trend Micro as WORM_AGOBOT.RV and by Malwarebytes as Backdoor.BotNo
Ntdrivers.exeXNtdrivers.exeDetected by Malwarebytes as Trojan.Downloader. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft NT DriversXntdrv.exeAdded by the SDBOT.AJN TROJAN!No
InternetXnteusodp.exeDetected by Sophos as W32~Rbot-GFJNo
Windows File System FrameXntframe.exeAdded by an unidentified WORM or TROJAN!No
systemStartXNtfs.exeDetected by Sophos as W32/Autorun-JMNo
NTFS16Xntfs16.exeDetected by Sophos as W32/Rbot-LYNo
ntfsmonitorproXntfs64.exeDetected by Sophos as W32/Forbot-EBNo
NTFSCLUPYNTFSCLUP.EXEPart of ConfigSafe - "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"No
ConfigSafeYNTFSCLUP.EXEPart of ConfigSafe - "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting"No
*ntfsqueuedns.exeXntfsqueuedns.exeDetected by Sophos as Troj/FakeAV-EMNNo
ntfyappXntfyapp.exeDetected by McAfee as Tibs-PackedNo
GinaDllXntgina.dllDetected by Trend Micro as WORM_ANIG.ANo
WSAConfigurationXntguard32.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Norton Guard 32Xntguard32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
WinSocketComponentXnthost.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
settingsXnthost32.exeDetected by McAfee as Generic.mfrNo
kayXntibcpsaq.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %CommonAppData%\kayNo
ntiMUIUntiMUI.exePart of NTI CD & DVD Maker from NTI Corporation - now superseded by NTI Media MakerNo
ewrohpbvXntiwpeal.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %LocalAppData%No
NT Kernel ServiceXNTKernel.exe -rundll32 /SYSTEM32 taskmgr.exeDetected by Dr.Web as Trojan.DownLoader10.14467. Note - do not delete the legitimate taskmgr.exe process which is always located in %System%No
AdobeReaderProXntkernell32.exeDetected by Sophos as W32/Rbot-ATY and by Malwarebytes as Backdoor.BotNo
Compaq Service DriversXNtKernelSystem.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %System%No
Kernel LoaderXntkrnl.exeDetected by Symantec as W32.Cervivec.A@mmNo
NT Kernel and SystemXntkrnl64.exeDetected by Dr.Web as Trojan.DownLoader7.10083 and by Malwarebytes as Trojan.AgentNo
NT Kernel PatchNntkrnlpt.exePart of Bitware from 2Point Communications, Inc - "a Windows based solution that allows users to integrate your voice messaging and faxing to an individual PC." Now known as Simply Messenger PRONo
gdihareXntkrunas.exeDetected by Sophos as Troj/Ursnif-AH and by Malwarebytes as Trojan.Agent.OSKNo
sys32exXNTLDR.exeDetected by Malwarebytes as Trojan.Agent.SX. The file is located in %System%No
ntldrXntldr.exeBrowser hijacker - redirecting to search-control.com. The file is located in %System%. In addition to the registry changes, it also creates the following files: C:\m.exe, %Windir%\Search-For-You.url, C:\n.bat, C:\q.exe and C:\r.batNo
Win PatchXntldr.exeDetected by Sophos as W32/SdBot-GS and by Malwarebytes as Trojan.AgentNo
win32bootloaderXntldr32.exeDetected by Dr.Web as Trojan.DownLoader4.12819 and by Malwarebytes as Backdoor.IRCBotNo
shell32Xntldrt.exeDetected by Sophos as W32/Jlok-ANo
sysclxXntldrt.exeDetected by Sophos as W32/Jlok-ANo
Windows NT 32Xntlogin32.exeDetected by Symantec as W32.Randex.BRDNo
Windows NT LoginXntlogin32.exeDetected by Trend Micro as WORM_SDBOT.WGNo
csrssXntmdi.exeDetected by Malwarebytes as Trojan.FakeAdobe. The file is located in %UserProfile%No
ntmsevtXntmsevt.exeDetected by Sophos as Troj/Stoped-BNo
FastStartXntnut32.exeDetected by Symantec as Trojan.StartPage.LNo
NotepadXntoepad.exeDetected by Sophos as W32/Delbot-AKNo
ntokrnlXntokrnl.exeDetected by Trend Micro as TSPY_BANKER-2.001No
NT ServiceXNTOKSRNL.EXEDetected by Sophos as W32/Rbot-AAGNo
NvCplDXntopengl.exeEnterOne - Switch dialer and hijacker variant, see hereNo
userinitXntos.exeDetected by Malwarebytes as Trojan.Proxy. The file is located in %AppData%No
userinitXntos.exeDetected by Symantec as Trojan.Gpcoder.E and by Malwarebytes as Trojan.Agent. The file is located in %System%No
Osa32XNTOSA32.exeDetected by Symantec as W32.HLLW.AnigNo
RealActiveXntoscore.exeAdded by the VIRUT.VQ VIRUS!No
Kernal Fault CheckXntosrkl.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
NTProviderXNTProvider.exeDetected by Malwarebytes as Backdoor.Alina. The file is located in %AppData%\[9 digits] - see an example hereNo
NTProviderXNTProvider.exeDetected by Malwarebytes as Trojan.Agent.MNT. The file is located in %AppData%\Microsoft CorpNo
NVIDIA ActiveArmorYntrayfw.exeSystem Tray access to the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsetsNo
nTrayFwYntrayfw.exeSystem Tray access to the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsetsNo
NTrtcNntrtc.exeDell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this supportNo
MS taskbarXnts.exeDetected by Sophos as W32/Rbot-AGBNo
EasySync Pro - LtNts4UNtsAgent.exeLotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - "a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"No
XTNDConnect PC - LtNts4UNtsAgnt.exe(IBM) Lotus Notes 4 specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"No
Laplink PDASync 3.0 - LtNts4UNtsAgnt.exeLaplink PDASync for (IBM) Lotus Notes 4 - PDA synchronisation utilityNo
cssysXntserver.exeDetected by Symantec as Trojan.Ransomcrypt.AA and by Malwarebytes as Ransom.FileCryptor.ENo
Intec Service DriversXntservice.exeDetected by Kaspersky as Backdoor.Win32.Rbot.fgw and by Malwarebytes as Backdoor.Agent. The file is located in %Windir%No
Microsoft UpdateXntservice.exeDetected by Sophos as Troj/Agent-DIS and by Malwarebytes as Backdoor.BotNo
Microsoft VersionXntservice.exeDetected by Dr.Web as Trojan.Siggen6.23973 and by Malwarebytes as Trojan.Agent.VRSGenNo
Microsoft COM+ System ApplicationXntservices.exeDetected by Malwarebytes as Trojan.Agent.MCS. The file is located in %LocalAppData%\[folder]No
NTSF MICROSOFT SYSTEMXntsf.exeDetected by Trend Micro as WORM_RBOT.ARQ and by Malwarebytes as Backdoor.BotNo
NTSF MICROSOFT SYSTEMXntsfd.exeDetected by Sophos as W32/Rbot-BAP and by Malwarebytes as Backdoor.BotNo
ntsmodXntsmod.exeAdware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN!No
Microsoft Windows AdvAPI ServiceXntsmss.exeDetected by Trend Micro as TROJ_COINMINE.AAX and by Malwarebytes as Trojan.MWF.Gen. The file is located in %AppData%\AdvAPINo
Microsoft Windows Deadbeef ServiceXntsmss.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %AppData%\DeadbeefNo
Microsoft .NET Framework NGEN v4.0.30319_X86 PatcherXntsmss.exeDetected by Malwarebytes as Trojan.Agent.FRNS. The file is located in %LocalAppData%\CJKF - see hereNo
Generic Host Process for Win32 ServicesXntspcv.exeDetected by Symantec as Backdoor.Sdbot.S and by Malwarebytes as Backdoor.BotNo
NTSpoolXNTSpool.exeDetected by Sophos as Troj/Agent-GPYNo
NTsrv.exeXNTsrv.exeAdded by a variant of the SERVU-O TROJAN!No
System Server ManagerXNtsrvc.exeDetected by Symantec as Backdoor.DarkSky.BNo
Network Translation System ServiceXntss.exeAdded by the UNPDOOR TROJAN!No
NetManagerServiceXntss.exeDetected by Trend Micro as BESTPICS.A BACKDOOR!No
NTSF MICROSOFT SYSTEMXntssf.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
MessengerXntsubsys.exeDetected by Trend Micro as WORM_SDBOT.BGENo
Windows Explorer ControlerXNTSUpdaterS3.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.AgentNo
NetServiceXntsvc.exeDetected by Sophos as Troj/QQPass-DUNo
NT ServicesXntsvc.exeDetected by Trend Micro as WORM_AGOBOT.VJNo
Windows NT Net Service MonitorXntsvc.exeDetected by Sophos as W32/SdBot-DKYNo
winipcservicesXntsvc32.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %AppData%\mscftmonNo
MicrosoftXntsvr.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %System%No
VxD Driver InitializationXntsvxd.exeDetected by Sophos as W32/Sdbot-LWNo
Compaq Service DriversXntsys32.exeDetected by Trend Micro as WORM_RBOT.CIW and by Malwarebytes as Backdoor.IRCBotNo
Winsock2 driverXntsys32.exeDetected by Sophos as W32/Spybot-DD and by Malwarebytes as Backdoor.BotNo
ConfigurationXntsys32.exeDetected by Sophos as W32/Sdbot-LNNo
Nt System KernelXntsyskrnl.exeDetected by Trend Micro as WORM_AGOBOT.IKNo
Microsoft System CheckupXntsysman.exeDetected by Sophos as W32/Sdbot-QW and by Malwarebytes as Backdoor.Agent.MSUGenNo
Microsoft System CheckupXntsysmgr.exeDetected by Symantec as W32.Donk.S and by Malwarebytes as Backdoor.Agent.MSUGenNo
ConfigurationXntsyst32.exeDetected by Sophos as W32/Sdbot-LTNo
Microsoft Update MachineXntsystem.exeDetected by Trend Micro as WORM_RBOT.GF and by Malwarebytes as Backdoor.BotNo
Nt System ProtocolXntsystem.exeDetected by Total Defense as Win32.Rbot.DSB. The file is located in %System%No
gwizXntsystem.exeDetected by Total Defense as Win32/Nitwiz.A. The file is located in %System%No
Video ProcessXntsystm.exeDetected by Symantec as W32.Gaobot.ZXNo
NtsysvXntsysv.exeDetected by Sophos as Troj/Mifeng-ENo
NVIDIA nTuneUnTune.exeOlder version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
nTuneUnTune.exeOlder version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
NVIDIA nTuneUnTuneCmd.exeNow part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe)Yes
nTuneCmdUnTuneCmd.exeNow part of NVIDIA System Tools under the "Peformance" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Until version 6.01 (when System Tools was released) graphics settings weren't retained in a profile but now they are. From version 6.05, nTuneCmd is no longer loaded via the registry "Run" keys but instead runs via the Performance Service (nTuneService.exe)Yes
ntupd32Xntupd32.exeAdded by unidentified malware - see here. The file is located in %System%No
Windows Explorer ControlerXNTUSER.exeDetected by McAfee as Generic.dx!twl and by Malwarebytes as Trojan.AgentNo
ntuserXntuser.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserProfile%No
Fast startXNtut.exeAdware - detected by Kaspersky as the FAVADD.I TROJAN!No
Kernel Fault CheckXntvbm.exeDetected by Sophos as W32/Rbot-CKPNo
NtVdmSrvXntvdm.vbeDetected by Malwarebytes as Malware.Trace. The file is located in %Windir%\infNo
Graphic LoaderXntvdm32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
ntvdmdXntvdmd.exeAdware downloader - also detected as the DLOADER-YP TROJAN!No
NT-Virtual Device ManagerXntvdmn.exeDetected by Sophos as W32/Sdbot-AAANo
ntvdscmXntvdscm.exeDetected by Sophos as Troj/ScKeyLog-INo
ntViaRegXntViaFile.exeDetected by Malwarebytes as Spyware.LokiBot. The file is located in %AppData%\ntViaFolderNo
Windows NTV Host MonitorUntvmon32.exeDetected by Malwarebytes as PUP.Optional.RetroPCCalculator. The file is located in %ProgramFiles%\Retro PC Calculator. If bundled with another installer or not installed by choice then remove itNo
Windows DLL Host MonitorUntvmon32.exeDetected by Malwarebytes as PUP.Optional.UpdateSoftware. The file is located in %ProgramFiles%\Update Software. If bundled with another installer or not installed by choice then remove itNo
NT MICROSOFT SVCDXntvsvcd.exeAdded by a variant of Backdoor:Win32/RbotNo
[various names]Xntwininit.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%\[3 or 4 characters] - see an example hereNo
ntwk.exeXntwk.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %AppData%No
STREAM-CONTROLXntwyswork.exeDetected by Malwarebytes as Trojan.Agent.NTW. The file is located in %AppData%\[folder] - see examples here and hereNo
ntx32Xntx32.exeAdded by an unidentified WORM or TROJAN!No
dxdll32Xntxdll.exeDetected by Symantec as W32.Gaobot.CPXNo
ntxp2Xntxp2.exeDetected by Sophos as Troj/VB-APINo
[various names]Xnt[system process].exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%\[3 or 4 characters]No
NT_KernalXNT_Kernal.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
Norton UtilitiesNnu.exePart of version 14.* of Symantec's Norton Utilities PC tune up suite. This entry will be present if you optionally select any of the following startup options (via Administer → Settings): "Custom Scan", "Privacy Clean & Full Scan" or "Send to tray"Yes
NortonUtilitiesNnu.exePart of version 14.* of Symantec's Norton Utilities PC tune up suite. This entry will be present if you optionally select any of the following startup options (via Administer → Settings): "Custom Scan", "Privacy Clean & Full Scan" or "Send to tray"Yes
nuNnu.exePart of version 14.* of Symantec's Norton Utilities PC tune up suite. This entry will be present if you optionally select any of the following startup options (via Administer → Settings): "Custom Scan", "Privacy Clean & Full Scan" or "Send to tray"Yes
uptolateXnucle.exeAdded by a variant of the BIFROSE TROJAN!No
NuclearDOS.exeXNuclearDOS.exeDetected by Malwarebytes as Backdoor.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
nudylvataxnoXnudylvataxno.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
HKCUXNUEALC.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32 - see hereNo
HKLMXNUEALC.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32 - see hereNo
Windows Explorer FolderXNueva Carpeta.exeDetected by Dr.Web as Trojan.DownLoader11.49185 and by Malwarebytes as Trojan.Downloader.EXPNo
Audio SPP Solutions Engine PnP-X BuilderXnuikcmdeioi.exeDetected by McAfee as Downloader.a!dch and by Malwarebytes as Trojan.AgentNo
UpdateUNUIns.exeDetected by Malwarebytes as PUP.Optional.ConvertAd. The file is located in %AppData%\NUIns. If bundled with another installer or not installed by choice then remove itNo
DC-STARTXNuke Binder.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCGenNo
[various names]XNukeSpan.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
Microsoft InstallshieldXnundll32.exeDetected by Sophos as W32/Agobot-AHZNo
nuogualezbenXnuogualezben.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
nuopefosenuoXnuopefosenuo.exeDetected by McAfee as RDN/Generic PWS.y!b2s and by Malwarebytes as Trojan.Agent.USNo
ASSWINDOWWWXNUpdate.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.ENo
USB 3.0 MonitorUnusb3mon.exeSupports USB 3.0 ports based upon the Renesas (was NEC) range of controllers on both system motherboards and external disk drives. Disabling it didn't seem to have any ill effects on USB 3.0 transfer speeds but it may be required to support power management featuresYes
AhnLab V3Lite Update ProcessXnusb3mon.exeDetected by Microsoft as TrojanDownloader:Win32/Navattle.A and by Malwarebytes as Trojan.Downloader. Note - this is neither a legitimate AhnLab V3 entry or the Renesas (was NEC) USB 3.0 monitor which has the same filename and is normally located in %ProgramFiles%\[vendor]\USB 3.0 Host Controller Driver\Application - this one is located in %System%No
NUSB3MONUnusb3mon.exeSupports USB 3.0 ports based upon the Renesas (was NEC) range of controllers on both system motherboards and external disk drives. Disabling it didn't seem to have any ill effects on USB 3.0 transfer speeds but it may be required to support power management featuresYes
NuvaTimeUNuvaTime.exeNuvaTime - reminder for women using NuvaRingNo
NUAgentInstallPathUNU_Install.exeInstaller associated with Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourselfNo
nvagNTXnvagNT.exeDetected by Sophos as W32/Agobot-RVNo
Microsoft System CheckupXnvapi32.exeDetected by Symantec as W32.HLLW.Donk.B and by Malwarebytes as Backdoor.Agent.MSUGenNo
SystemProcessXnvappx.exeDetected by McAfee as W32/Sdbot.bfrNo
loadXnvappx.exeDetected by McAfee as W32/Sdbot.bfr. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "nvappx.exe" (which is located in %Windir%\inf)No
NVIDIA nForce APU1 UtilitiesNNVATray.exeNVIDIA's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"No
NVIDIA GeForce ExperienceNNvBackend.exeDriver update manager for the NVIDIA GeForce range of graphics cards. Part of the NVIDIA GeForce Experience companion applicationYes
NVIDIA GeForce Experience BackendNNvBackend.exeDriver update manager for the NVIDIA GeForce range of graphics cards. Part of the NVIDIA GeForce Experience companion applicationYes
NvBackendNNvBackend.exeDriver update manager for the NVIDIA GeForce range of graphics cards. Part of the NVIDIA GeForce Experience companion applicationYes
NvBackend NVIDIAXNvBackend.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate NVIDIA GeForce Experience driver update maanger and companion application which is normally located in %ProgramFiles%\NVIDIA Corporation\Update Core. This one is located in %CommonAppData%\WinverNo
smSsoSXnvc.exeDetected by Malwarebytes as Backdoor.Agent.MLT. The file is located in %AppData%No
AntivirusltcUpddatesXnvc.exeDetected by McAfee as RDN/Generic PUP.x!qt and by Malwarebytes as Trojan.Agent.MNRNo
NvCCCplXNvCCCpl.exeDetected by Sophos as Troj/Nogata-ANo
NvCCplXNvCCpl.exeDetected by Sophos as W32/Chilin-ANo
nVidia Chip4XNVCHIP4.EXEDetected by Sophos as W32/Lamecada-DNo
winlogonXnvchost.exeDetected by McAfee as Generic Dropper.nf and by Malwarebytes as Trojan.Agent.TraceNo
nvcoiXnvcoi.exeDetected by Trend Micro as TROJ_DLOADER.TYONo
NVCOMXNVCOM.exeDetected by Sophos as W32/Agobot-SBNo
nvcontrolXnvcontrol.cplDetected by Malwarebytes as Trojan.Agent.CPL. The file is located in %UserTemp%\nvcontrolNo
NvCplXNvCpl.EXEDetected by Symantec as W32.Yanz.B@mmNo
NvCpl32DeamonXnvcpl.exeDetected by Trend Micro as WORM_SPYBOT.SNo
NvCPL32Xnvcpl32.exeDetected by Trend Micro as WORM_AGOBOT.DAANo
nvcpllXnvcpll.exeDetected by Sophos as Troj/Bancban-PFNo
FireWire ServicesXnvcsv32.exeDetected by Trend Micro as WORM_RBOT.AUMNo
HD MediaXnvcsvc.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %Windir%No
NaverVaccineXNVCUpgrader.exeDetected by Kaspersky as Trojan.Win32.Scar.rfw and by Malwarebytes as Adware.K.NaverVaccine. The file is located in %ProgramFiles%\Naver\NaverVaccineNo
Win32 nvcXnvcva.exeDetected by Sophos as W32/Rbot-ABFNo
nvc Win32Xnvcvc.exeDetected by Sophos as W32/Rbot-ADDNo
nvd32 lptt01Xnvd32.exeRapidBlaster variant (in a "NvidStar" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
nvd32 ml097eXnvd32.exeRapidBlaster variant (in a "NvidStar" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
PostdavatchXnvdas.exeDetected by Symantec as W32.Randex.TNo
PovdavatchXnvdas.exeDetected by McAfee as RDN/Sdbot.bfr!d and by Malwarebytes as Backdoor.IRCBot.ENo
PostpatchXnvdes.exeDetected by Symantec as W32.Randex.TNo
nvdesk.exeXnvdesk.exeDetected by Malwarebytes as Trojan.BitCoinMiner. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NvCplDeamonXnvdisp.exeDetected by Sophos as Troj/PeepVie-INo
NvidiaXnvdisp.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp% - see hereNo
Nvidia DriverXnvdisp.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.BankerNo
Kernel DriversXnvdisp.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.aflg and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
NVDispDrvXNVDispDRV.EXEDetected by Trend Micro as WORM_WINKO.AONo
ShellXNVDisplay.Container.exe,explorer.exeDetected by Malwarebytes as Hijack.ShellA.Gen. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "NVDisplay.Container.exe" (which is located in %AppData% and is not the legitimate NVIDIA file of the same name which is normally located in %ProgramFiles%\NVIDIA Corporation\Display.NvContainer)No
Nvidia Display DriverXnvdisplay.exeDetected by Dr.Web as Trojan.Siggen6.5968 and by Malwarebytes as Trojan.AgentNo
NVIDIA PANELXnvdpnl.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
NvUpdSrvXNvdUpd.exeDetected by Dr.Web as Trojan.MulDrop5.40301 and by Malwarebytes as Trojan.Agent.CRNVGenNo
Adobe Flash Player Update - nVflzaOln3XnVflzaOln3.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %Temp%\WindowsNo
NVidiaDrvXnvfsvm.comDetected by Sophos as Troj/Delf-ANo
Messenger ServiceXnvhost.exeDetected by Trend Micro as WORM_MYTOB.IF and by Malwarebytes as Backdoor.BotNo
Nvid32XNvid32.exeDetected by Symantec as Trojan.GemaNo
NVIDEAXNVIDEA.exeDetected by Dr.Web as Trojan.PWS.Siggen1.15839 and by Malwarebytes as Backdoor.Agent.rNo
nvideoXnvideo.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
*nvideoXnvideo.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
nvideo.vbsXnvideo.vbsDetected by Malwarebytes as Trojan.Script.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Nvidex32XNvidex32.exeDetected by Symantec as Trojan.GemaNo
DRIVERSSXnvidia.exeDetected by Malwarebytes as Backdoor.Agent.DCGen. The file is located in %AppData%\driversNo
NvidiaXNvidia.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
NVIDIA CorporationXnvidia.exeDetected by Malwarebytes as Trojan.Agent.NV. The file is located in %AppData%\Microsoft\Network - see hereNo
Nvidia.exeXNvidia.exeDetected by Dr.Web as Trojan.DownLoader11.31836 and by Malwarebytes as Trojan.Script.DRP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
nvidia:Xnvidia.exeDetected by Symantec as W32.KueightNo
TxXNvidia.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
AppcoolXnvidia.exeDetected by Malwarebytes as Trojan.Downloader.ACNV. The file is located in %LocalAppData% - see hereNo
Microsoft Nvidia VideoXnvidia.exeAdded by a variant of W32/Sdbot.wormNo
nvidia.vbsXnvidia.vbsDetected by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
NVIDIA DriverXnvidia32.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
Nvidia32Xnvidia32.exeCoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN!No
NVIDIA DriversXNVIDIADrivers.exeDetected by Dr.Web as Trojan.KillFiles.10692 and by Malwarebytes as Backdoor.AgentNo
nVidia DriversXnVidiaDrvers.exeDetected by Sophos as W32/Sdbot-AFXNo
NvidiaGraphics_ModuleXNvidiaGraphics_Module.exeDetected by McAfee as RDN/Generic Dropper!sk and by Malwarebytes as Backdoor.IRCBot.ENo
Nvidiastl.exe.vbsXNvidiastl.exe.vbsDetected by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
nVidia Application DriversXnvidiav32.exeAdded by a variant of the IRCBOT BACKDOOR!No
Nvidia Coorp. UPDateXNvidia_UPdate.batDetected by Dr.Web as Trojan.MulDrop5.2186 and by Malwarebytes as Trojan.Agent.ENo
nvidll32Xnvidll32.exeDetected by Sophos as W32/Rbot-XKNo
UpdAdbreaderXnvidrv.exeDetected by Symantec as Trojan.Expilan and by Malwarebytes as Trojan.Agent.ADBNo
loadXnvidupdt.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "nvidupdt.exe.lnk" (which is located in %UserTemp%\nvidupdt)No
NvUpdSrvXnvid_upd.exeDetected by Dr.Web as Trojan.MulDrop5.40310 and by Malwarebytes as Trojan.Agent.CRNVGenNo
nviload32Xnviload32.exeDetected by Sophos as W32/Sdbot-VTNo
InstallShield Update ServiceXnvinst.exeDetected by McAfee as Generic BackDoor!dfl and by Malwarebytes as Backdoor.AgentNo
nvirundllXnvirundll.exeDetected by Symantec as W32.Spybot.NPSNo
Nvidias SoundiesXNviSound.exeDetected by McAfee as RDN/Generic.bfr!fb and by Malwarebytes as Backdoor.Agent.ENo
Nvidia (TM) Physical Drivers GLXnvitmruu.exeDetected by McAfee as RDN/Generic FakeAlert!ex and by Malwarebytes as Backdoor.Messa.ENo
Nvidia (TM) Physics DriversXnvitmruu.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Backdoor.Messa.ENo
nvjxueXnvjxue.exeDetected by Sophos as W32/Eyeveg-JNo
nvm-tray.exeXnvm-tray.exeDetected by Dr.Web as Trojan.DownLoader11.22019 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NVmaxYNVmax.exeNVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their cardNo
NVMixerTrayNNVMixerTray.exeSystem Tray access to audio controls from NVIDIA's motherboard ForceWare softwareNo
NVIDIA System MonitorUNVMonitor.exeNVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cardsYes
NVMonitorUNVMonitor.exeNVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cardsYes
nvmsgdwnXNVMSGDWN.EXEDetected by Sophos as Troj/Graber-DNo
PCMCIA Resource Monitor?nvp2pmon.exeNVIDIA nForce peer-to-peer (P2P) related. What does it do and is it required?No
NvPvrNetMonUNvPvrNetMon.exeNetwork monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - "makes sure you don't miss your favorite show. If you won't be home to watch the show, just use the PVR to set future recordings"No
NVIDIA® NVRAIDUnvraidservice.exePart of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errorsYes
NVRaidServiceUnvraidservice.exePart of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errorsYes
NVRTNnvrt.exeNVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supportsNo
NVRTClk?NVRTClk.exeRelated to a Gigabyte video card. What does it do, and is it required?No
NvCplScanXnvsc32.exeDetected by Symantec as W32.Bropia.NNo
win-xpXnvsc32.exeDetected by Symantec as W32.Bropia.NNo
32.exeXnvscv32.exeDetected by Sophos as Troj/Agent-LOLNo
FireWire ServiceXnvscv32.exeDetected by Trend Micro as WORM_SDBOT.AXTNo
svcshareXnvscv32.exeDetected by Sophos as W32/Fujacks-Z and by Malwarebytes as Worm.PassmaNo
Winsock DriverXnvscv32.exeDetected by Sophos as W32/Agobot-FDNo
nvscv32Xnvscv32.exeDetected by McAfee as W32/Fujacks.sNo
NVSystem32Xnvscv32.exeDetected by Sophos as W32/Agobot-NONo
Net Command SenterXnvscvse.exeDetected by McAfee as W32/IRCbot.gen!df6280e5No
nvideaXnvsdx.exeDetected by Dr.Web as Trojan.PWS.Siggen1.15839 and by Malwarebytes as Trojan.Agent.NVNo
nvsmudfmXnvsmudfm.exeDetected by Malwarebytes as Adware.PinSearch. The file is located in %System%No
StereoLinksInstall?nvstlink.exePart of the 3D Vision feature included with NVIDIA Geforce graphics cardsNo
ctfmonXnvsv32.exeDetected by McAfee as Generic Dropper!fhr and by Malwarebytes as Trojan.DelfNo
Norton updatedXnvsv32.exeDetected by Trend Micro as WORM_SDBOT.ABHNo
nvsv32.exeXnvsv32.exeDetected by Sophos as W32/Forbot-DINo
nvsv32.exeXnvsv33.exeDetected by Trend Micro as WORM_WOOTBOT.FPNo
Symantec Security AddonXnvsvc.exeDetected by Sophos as W32/Agobot-EN. Note - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same nameNo
Norton protectXnvsvc.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
nvsvcXnvsvc.exeDetected by Dr.Web as Trojan.DownLoader5.9626. The file is located in %AppData%No
NVSVCXnvsvc.exeDetected by Trend Micro as WORM_AGOBOT.ALX. Note - this is not the valid "NVIDIA Driver Helper Service" and is located in %System%No
Generic Service ProcessXnvsvc.exeDetected by Trend Micro as WORM_AGOBOT.BY and by Malwarebytes as Backdoor.IRCBot.Gen. Note - this is not the valid "NVIDIA Driver Helper Service" and is located in %System%No
nvsvc16Unvsvc16.exeMySuperSPy surveillance software. Uninstall this software unless you put it there yourselfNo
Windows System ControlerXnvsvc32.exeDetected by Dr.Web as Trojan.StartPage.46998 and by Malwarebytes as Trojan.AgentNo
NVIDIA driver monitorXnvsvc32.exeDetected by Sophos as Troj~Agent-OZH and by Malwarebytes as Trojan.CryptNo
Mqtw+Xnvsvc32.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
MKdw+Xnvsvc32.exeDetected by McAfee as W32/Ramnit.a and by Malwarebytes as Trojan.DownloaderNo
nVidia Display DriverXnvsvc64.exeDetected by Sophos as W32/IRCBot-YK. Note - this is not related to any NVIDIA based graphics cardNo
Office MonitorXnvsvc86.exeDetected by Dr.Web as BackDoor.IRC.Sdbot.12461No
Network Security XPXnvsvc86.exeDetected by Sophos as W32/Rbot-GUINo
clfmonXnvsvca32.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
nvsvca32Xnvsvca32.exeDetected by Total Defense as Win32.Tactslay.E. The file is located in %Windir%No
nVidia System DriversXnvsys32.exeAdded by an unidentified WORM or TROJAN! See hereNo
nVidia Display Drivers (x86)Xnvsys86.exeDetected by McAfee as Generic.dx!elbNo
NVidia System UtilityUNVSystemUtility.exeNVidia System Utility - older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures, voltages, clocks and fan speeds) of NVIDIA based motherboards and graphics cards from within Windows. Now part of NVIDIA System ToolsNo
System File DriversXnvsysvc32.exeDetected by Trend Micro as WORM_AGOBOT.WJNo
Nvidia Control Center4XNvTaskbarIne.exeDetected by Trend Micro as TROJ_BREDOLAB.KO and by Malwarebytes as Worm.ProlacoNo
Nvidia Control Center3XNvTaskbarInh.exeDetected by Sophos as Troj/DelfInj-Y and by Malwarebytes as Trojan.AgentNo
Nvidia Control Center2XNvTaskbarIni.exeDetected by Trend Micro as WORM_PROLACO.CU and by Malwarebytes as Worm.ProlacoNo
Nvidia Control CenterXNvTaskbarInit.exeDetected by Sophos as Troj/Hiloti-AY and by Malwarebytes as Trojan.AgentNo
nvdtrmXnvtmru.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
nVidia Driver ServiceXNvTmru.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
NVIDIA GeForce ExperienceXnvtmru.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\nvidia - see hereNo
NVIDIA GeForce ExperienceXnvtmru.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Backdoor.Agent.BSGenNo
NVIDIAS GeForceS ExperienceSXnvtmru.exeDetected by Sophos as Troj/Mdrop-FST and by Malwarebytes as Trojan.BackdoorNo
NvtmruNnvtmru.exeNVIDIA Update driver update manager for their GeForce range of graphics cards. Optionally installed with Release 270 or later driversNo
ShellXnvtmru.exe,explorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "nvtmru.exe" (which is located in %LocalAppData%\nvidia), see hereNo
ShellXnvtmru.exe,explorer.exeDetected by McAfee as RDN/Ransom!ec and by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "nvtmru.exe" (which is located in %LocalAppData%\nvidia)No
ShellXnvtmru.exe,explorer.exeDetected by Sophos as Troj/Mdrop-FST and by Malwarebytes as Trojan.Backdoor. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "nvtmru.exe" (which is located in %LocalAppData%\nvidias)No
nvtrayXnvtray.exeDetected by Dr.Web as Trojan.DownLoader11.20143 and by Malwarebytes as Trojan.Agent.NV. Note - this is not the legitimate NVTray utility which is normally located in %ProgramFiles%\NVTray. This one is located in %AppData%\GoogleNo
nvtrayXnvtray.exeDetected by Dr.Web as Trojan.DownLoader7.7475. Note - this is not the legitimate NVTray utility which is normally located in %ProgramFiles%\NVTray. This one is located in %AppData%\nvtrayNo
nvtrayXnvtray.exeDetected by Kaspersky as Trojan-Spy.MSIL.KeyLogger.imb. Note - this is not the legitimate NVTray utility which is normally located in %ProgramFiles%\NVTray. This one is located in %AppData%\System - see hereNo
NVTrayUNVTray.exeNVTray (NVIDIA Tray Tools) provides some extra quality tweaks that both the default NVIDIA tray icon and control panel are lacking. Especially more Antialiasing modes, as well as OpenGL and Direct3D options right from the tray icon"No
PointBlankXnvtray.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.NV. Note - this is not the legitimate NVTray utility which is normally located in %ProgramFiles%\NVTray. This one is located in %System%\MicrosoftNo
nVidia TrayXnvtrey.exeDetected by Dr.Web as Trojan.KillProc.30426 and by Malwarebytes as Trojan.Agent.MNRNo
IE Per-User Initialization utilityXNvtrmru.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.GenNo
loadXNvtrmru.exeDetected by McAfee as RDN/Ransom. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Nvtrmru.exe" (which is located in %LocalAppData%)No
Windows ARP DetectioncXnvudlsp.exeDetected by Kaspersky as Backdoor.Win32.Agent.lmw. The file is located in %Windir%No
zvb0dl2X8ttXNVUKZ.exeDetected by Sophos as Troj/Agent-LBS and by Malwarebytes as Worm.AutoRunNo
9UmxQPSiTJMbAXNVUKZ.exeDetected by Sophos as Troj/Agent-LMNNo
Microsoft UpdateXnvvc.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %Windir%\MicrosoftNo
nvvdir.exeXnvvdir.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
nvvdir.exeXnvvdir.exeDetected by Malwarebytes as Trojan.Dropper. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NvVideoCenterXNvVid.exeDetected by Sophos as Troj/Haxdoor-DONo
nvvscv.exeXnvvscv.exeDetected by Dr.Web as Trojan.DownLoader10.59211 and by Malwarebytes as Spyware.Password. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
NVIDIA_SUPPORTXnvvsv.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ANDNo
CLCKRXnvvsvc.exeDetected by Sophos as Troj/Agent-TQKNo
GraphicAdapterNvXnvvsvc.exeDetected by McAfee as RDN/Ransom!el and by Malwarebytes as Trojan.Agent.NVNo
winupXnvvsvc32.exeDetected by McAfee as Generic.bfrNo
nvvsvcXnvvsvc32.exeDetected by McAfee as Generic.bfrNo
nvvsvc64.exeXnvvsvc64.exeDetected by McAfee as RDN/Generic PWS.y!ux and by Malwarebytes as PasswordStealer.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
loadXnvvswc.exeDetected by Malwarebytes as Backdoor.Agent.PDL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "nvvswc.exe" (which is located in %AppData%\Microsoft\Blend\14.0\FeedCache)No
loadXnvvswc.exeDetected by Malwarebytes as Trojan.AutoRun. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "nvvswc.exe" (which is located in %AppData%\WinRAR)No
Microsoft® Windows® Operating SystemXnvxdsinc.exeDetected by Dr.Web as Trojan.DownLoader5.40693 and by Malwarebytes as Backdoor.AgentNo
kernel32Xnvxdsync.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
nvxdsyncUnvxdsync.exeDetected by Malwarebytes as PUP.Optional.SurfVox. The file is located in %LocalAppData%\nvxdsync. If bundled with another installer or not installed by choice then remove itNo
nvmainAppXnvxdvr.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\NvxdvrNo
myNetWatchmanUnwclient.exeSends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is runningNo
Norman Worl System AbilityXnwcss32.exeDetected by Trend Micro as TROJ_DELF.IO. The file is located in %System%No
HKCUXNWD GAMESDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXNWD GAMESDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
Windows Services TsXnwdpqqoiwm.exeDetected by Sophos as W32/Rbot-GRVNo
ZenoXnwinrqez.exeAdded by unidentified malware. The file is located in %System%No
csrssXnwiz.exeDetected by Sophos as W32/Chode-JNo
Norton WizzardXnwiz.exeDetected by Symantec as W32.Gaobot.ADV. Note - this is not the valid NVIDIA application that shares the same nameNo
nwizUnwiz.exePart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memoryYes
nwiz.exeUnwiz.exePart of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the "NVIDIA Display Setup Wizard" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the "nView Desktop Manager" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memoryYes
NvUpdaterXnwiz32.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
nwiz32Xnwiz32.exeDetected by Sophos as Troj/Sinbank-ANo
Microsoft Autorun1Xnwizdh.exeDetected by Symantec as W32.Ogleon.ANo
Microsoft Autorun20Xnwizfy.exeDetected by Symantec as W32.Ogleon.ANo
Microsoft Autorun3Xnwizhx2.exeDetected by Symantec as W32.Ogleon.ANo
nwizsXnwizs.exeDetected by Symantec as W32.Queshare. Note - the file is located in %ProgramFiles%\NVIDIA Corporation\PhysX\Common but is not a valid NVIDA PhysX fileNo
Microsoft Autorun7Xnwiztlbu.exeDetected by Symantec as W32.Ogleon.ANo
Microsoft Autorun11Xnwizwlwzs.exeDetected by Symantec as W32.Ogleon.ANo
Microsoft Autorun10Xnwizwmgjs.exeDetected by Symantec as W32.Ogleon.ANo
Microsoft Autorun12Xnwizzhuxians.exeDetected by Symantec as W32.Ogleon.ANo
loadYnwpopup.exeBroadcast message handler part of Novell (now part of Micro Focus) Netware that displays server, printer and other messages. This entry loads from the "load=" section of WIN.INI (in %Windir%) on Win9x/Me and the file is located in %Root%\NOVELL\CLIENT32No
SCHTASKSXnwscript.exe.lnkDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
NWTRAYYNWTRAY.EXEPart of Novell (now part of Micro Focus) Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the clientNo
NVIDIA_SettingsXnwtray32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Templates%No
Microsoft WindowsXnwxdse.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %Windir%\SetNo
Microsoft OfficeXNxcao.exeDetected by Sophos as W32/Rbot-ZE and by Malwarebytes as Backdoor.Agent.MONo
Microsoft OfficeXnxcxtpr.exeDetected by Sophos as W32/Rbot-YG and by Malwarebytes as Backdoor.Agent.MONo
Dialog TrackerUNxdlghlp.exeExplorerPlus advanced file management alternative to Windows Explorer from Novatix. No longer availableNo
KPeerNexonEUNnxEULauncher.exeLauncher for the EU version of the Korean Nexon on-line game/content service providerNo
nxfballaq.exeXnxfballaq.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Trojan.Banker.IDF. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
JDOSKDCCSXnxgdspsaaaf.exeDetected by McAfee as RDN/Generic.bfr!gj and by Malwarebytes as Backdoor.Agent.ENo
NYXNY.exeDetected by Malwarebytes as Trojan.Agent.Generic. The file is located in %CommonAppData%\InstallShield Installation InformationNo
nybriqkildokXnybriqkildok.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
nycris.exeXnycris.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ENo
Nyet.exeXNyet.exeDetected by Microsoft as TrojanDownloader:Win32/Delf.MP and by Malwarebytes as Trojan.BankerNo
nyllelcerybfXnyllelcerybf.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
nylycwamkosuXnylycwamkosu.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
WindowS32Xnynimiqo.exeDetected by Malwarebytes as Trojan.Agent.IMN. The file is located in %AppData%\WindowDriverSysNo
nyqvemedjeawXnyqvemedjeaw.exeDetected by McAfee as RDN/Downloader.gen.a and by Malwarebytes as Trojan.PWS.ZbotNo
nyzamufdelygXnyzamufdelyg.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Ransom.RRENo
nyzxarrozaguXnyzxarrozagu.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent.USNo
NZ01XNZ01.exeDetected by Sophos as Troj/Scar-KNo
NetZIPFoldersNnzfprop.exeNetzip Classic zip file manager, No longer supportedNo
WindowsUpdateXNzil.exeDetected by Sophos as W32/Culler-C and by Malwarebytes as Backdoor.Agent.E.GenericNo
SystemXXnzm.exeAdded by a variant of Backdoor:Win32/RbotNo
McAfee Online Virus ScannerXnzm.exeDetected by Trend Micro as WORM_IRCBOT.XV. The file is located in %System%No
Microsoft Svchost local servicesXnzm23.exeDetected by Sophos as W32/Rbot-GMC and by Malwarebytes as Backdoor.IRCBotNo
spc_wNnzspc.exeNetZero Search Enhancements related by United Online, IncNo
nzwnt.exeXnzwnt.exeDetected by Malwarebytes as Trojan.Agent.NT. The file is located in %Windir% - see hereNo
mikrosoft.exeXN_K.exeDetected by Dr.Web as Trojan.Siggen5.11268 and by Malwarebytes as Backdoor.AgentNo
mikrosoft_servises.exeXN_K.exeDetected by Dr.Web as Trojan.Siggen5.11268 and by Malwarebytes as Backdoor.AgentNo
servises_mikrosoft.exeXN_K.exeDetected by Dr.Web as Trojan.Siggen5.11268 and by Malwarebytes as Backdoor.AgentNo
N_K.exeXN_K.exeDetected by Dr.Web as Trojan.Siggen5.11268 and by Malwarebytes as Backdoor.AgentNo
sirvises.exeXN_K.exeDetected by Dr.Web as Trojan.Siggen5.11268 and by Malwarebytes as Backdoor.AgentNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home