Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st October, 2017
52257 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1785 results found for D

Startup Item or Name Status Command or Data Description Tested
d-faceXd-face.exeDetected by Dr.Web as Trojan.DownLoader11.24371 and by Malwarebytes as Trojan.Downloader.ENo
d-fgzsddXd-gxdidszag10bc.exeDetected by Dr.Web as Trojan.DownLoader9.53434 and by Malwarebytes as Trojan.Agent.RNDNo
UpdateXD-search.exeDetected by Malwarebytes as Trojan.MSIL.Bladabindi. The file is located in %UserProfile%No
drocherXd.exeAdult content dialerNo
SYSTEMXd.exeDetected by Trend Micro as WORM_MYTOB.LPNo
D066UUtilityND066UUTY.EXETWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management softwareNo
8B1A4WX552RTXD07KARNL.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.ENo
StudyHQ EPM SupportUd0medint.exeStudyHQ toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\StudyHQ_d0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
StudyHQ Search Scope MonitorUd0srchmn.exeStudyHQ toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\StudyHQ_d0\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
SysteZXd1.exeDetected by Panda as MSNDiablo.ANo
JufualtXd11host.exeDetected by Trend Micro as WORM_SDBOT.ARA and by Malwarebytes as Backdoor.BotNo
systemrXd11host.exeDetected by Sophos as Troj/VB-GXNo
dnamXd140113.a.Stub.EXEDetected by ThreatTrack Security as Trojan.Downloader.Stub.A. The file is located in %Root%, %System% or %UserProfile%No
D1CE.exeXD1CE.exeDetected by McAfee as RDN/Spybot.worm!g and by Malwarebytes as Backdoor.Bot.ENo
MySocialShortcut EPM SupportUd1medint.exeMySocialShortcut toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MySocialShortcut_d1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
MySocialShortcut Search Scope MonitorUd1srchmn.exeMySocialShortcut toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\MySocialShortcut_d1\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
dfgsdgfdsXd236523523.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\YahooNo
MobileAppSyncUD2MClient.exe"Adknowledge's mobile and tablet solutions can elevate your app - and its profit! You're keystrokes away from tapping into a premium, high quality network and superior customer service." Detected by McAfee as Generic PUP.z. The file is located in %ProgramFiles%\Mobile App Sync. If bundled with another installer or not installed by choice then remove itNo
D3**.exe [* = random char]XD3**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
D3**32.exe [* = random char]XD3**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this logNo
Microsoft® Windows® Operating SystemXD3D10Ref.exeDetected by Sophos as Mal/Agent-AIP and by Malwarebytes as Trojan.AgentNo
D3DOverriderUD3DOverrider.exeUtility that comes bundled with the RivaTuner graphics tweaking utility which allows you to override the control panel settings and force Triple Buffering to be enabled for Direct3D games. This can improve graphics performance, especially when you have VSync enabled - see hereNo
D3DOverriderUD3DOverriderWrapper.exeUtility that comes bundled with the RivaTuner graphics tweaking utility which allows you to override the control panel settings and force Triple Buffering to be enabled for Direct3D games. This can improve graphics performance, especially when you have VSync enabled - see here. This is the Windows 7/Vista version which loads the main application (D3DOverrider.exe)No
IPSUOMPXd3drmi.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
behpyoupXd3drml.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Temp%No
MSGMGRAGENTXd3dx.exeDetected by Dr.Web as Trojan.Siggen5.29508 and by Malwarebytes as Trojan.Banker.ENo
d3vi1Xd3vi1.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %LocalAppData%No
Dimension4UD4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
D4UD4.exeDimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts downNo
WinMineXD4NG3.vbsDetected by Symantec as VBS.Biscuit.A@mmNo
toastpopXd57BJSail5.exeDetected by Dr.Web as Trojan.KillProc.19830 and by Malwarebytes as Adware.KorAd.GenNo
toastpop003Xd57BJSail555.exeDetected by Malwarebytes as Adware.KorAd.Gen. The file is located in %Windir%No
RunningFanatic EPM SupportUd6medint.exeRunningFanatic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RunningFanatic_d6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
RunningFanatic Search Scope MonitorUd6srchmn.exeRunningFanatic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\RunningFanatic_d6\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
GHWAUC6NNZXD7AB19ECEDE2D[private subnet]FD66CBEF20E0A0911F.exeDetected by McAfee as Downloader-CEW.ap and by Malwarebytes as Trojan.FakeAlert.SANo
d9fw5i91pXd9fw5i91p.exeDetected by Sophos as Troj/Agent-GIWNo
EverydayLookup EPM SupportUd9medint.exeEverydayLookup toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EverydayLookup_d9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
EverydayLookup Search Scope MonitorUd9srchmn.exeEverydayLookup toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EverydayLookup_d9\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
Windows UpdateXDA2900B2669.exeDetected by Malwarebytes as Trojan.Inject.shld. The file is located in %AppData%No
DabayoXDabayoLaunch.exeDetected by Malwarebytes as Adware.K.Dabayo. The file is located in %ProgramFiles%\DabayoNo
DACONFIGEXENdaconfig.exe3Com NIC DiagnosticsNo
Corel Desktop Application Director #Ndad#.exeThe Desktop Application Director (DAD) gives you easy access to all Corel applications - # represents the version numberNo
dada.exeXdada.exeDetected by Dr.Web as Trojan.PWS.Tibia.2657 and by Malwarebytes as Trojan.Tibia. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DadAppYdadapp.exe"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from DellNo
dae.exeXdae.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
DAEMON Tools-1033Ndaemon.exeOlder version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature setYes
TrackpointSrvUdaemon.exeSupports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to workNo
daemonNDaemon.exeOlder version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
DAEMON ToolsNdaemon.exeOlder version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature setYes
DAEMON Tools LiteNdaemon.exeOlder version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
DaemonXdaemon.exe c daemon2.exeDetected by Symantec as W32.Selotima.ANo
DaemonNDAEMON32.EXEPre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommended upgradeNo
mobilegeni daemonNDaemonProcess.exeMobogenie is a manager for your Android Smartphone. And just like a smart manager, Mobogenie helps manage, back up and restore the all-important data in your phone."No
Daemon Tools ATAPI driverXdaemontools.exeDetected by Sophos as Troj/Agent-OTXNo
DaemonUINDaemonUI.exeDaemonUI - graphical user interface for older versions of the DAEMON Tools CD/DVD emulation utilityNo
NvUpdServiceXdaemonupd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %LocalAppData%\NVIDIA Corporation\Update - see examples here and hereNo
daf99bc4999394b0beaab61307beb250.exeXdaf99bc4999394b0beaab61307beb250.exeDetected by McAfee as RDN/Generic BackDoor!qz and by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DafuXDafu.exeDetected by Ikarus as Backdoor.Win32.FlyAgent and by Malwarebytes as Trojan.Agent.WDR. The file is located in %Windir%No
CueX44XDago.exeAdded by the PUNYA-B WORM!No
Administrator di DagoXDago.exeAdded by the PUNYA-B WORM!No
[name]Xdailin.exeDetected by Sophos as W32/Rbot-ERNo
DailyBeeUDailyBee.exeDetected by Malwarebytes as PUP.Optional.DailyBee. The file is located in %AppData%\DailyBee. If bundled with another installer or not installed by choice then remove itNo
dailyconXdailycon.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\dailycon - see hereNo
DailyWikiUDailyWiki.exeDetected by Malwarebytes as PUP.Optional.DailyWiki. The file is located in %AppData%\DailyWiki. If bundled with another installer or not installed by choice then remove itNo
userinitXdaipnwf.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
dakrsysXdakrsys.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.IRCBot.ENo
ZaCkerXDaLaL.vbsDetected by McAfee as W32/Vote.b@MMNo
Download Accelerator Manager Free EditionNdam.exeDownload Accelerator Manager Free Edition from Tensons CorpNo
Dell|AlertNDAMon.exe"Dell Alert" utility, that's supposed to make interaction with Support easierNo
damqysmufaduXdamqysmufadu.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
DanBtR270414XDanBtR270414.exeDetected by Sophos as W32/VB-NIBNo
WMsgrXdance.exeDetected by Trend Micro as TROJ_DELF.PEE and by Malwarebytes as Trojan.AgentNo
DANEFXICYXZUXdanefxicyxzu.exeDetected by McAfee as Downloader.a!dbf and by Malwarebytes as Trojan.Agent.USNo
dansukqelezdXdansukqelezd.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Trojan.Agent.USNo
Download Accelerator Plus (DAP)NDAP.exeDownload Accelerator Plus from Speedbit - download manager for resuming downloads, amongst other features. Note that the free version is adware basedNo
DownloadAcceleratorNDAP.EXEDownload Accelerator Plus from Speedbit - download manager for resuming downloads, amongst other features. Note that the free version is adware basedNo
DAPNDAP.EXEDownload Accelerator Plus from Speedbit - download manager for resuming downloads, amongst other features. Note that the free version is adware basedNo
DRan posessorXDAP.exeAdded by a variant of W32/Sdbot.wormNo
Speed BitXDAP.exe.exeDetected by Malwarebytes as Trojan.Agent.SP. The file is located in %UserTemp%No
loadXdapdll.exeDetected by Symantec as W32.Atak.E@mmNo
Windows Monitor Xdark.exeDetected by Dr.Web as Trojan.Inject1.43902 and by Malwarebytes as Trojan.Agent.E. Note that there is a space at the end of the "Startup Item" fieldNo
(Default)XDarkComet.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Temp%No
ShellXDarkComet.exe,explorer.exeDetected by McAfee as RDN/Generic BackDoor!wo and by Malwarebytes as Backdoor.Agent.SH. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "DarkComet.exe" (which is located in %AppData%\rU1XbfwW)No
OFFICE RUNTIMEXDarkCR.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
DarkGoldXDarkGold.exeDetected by Sophos as Troj/Bckdr-RNA and by Malwarebytes as Backdoor.BotNo
DSADFDFXdarki.exeDetected by McAfee as RDN/Generic.grp!d and by Malwarebytes as Backdoor.Agent.DCNo
DPXDarkPlus.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %UserProfile%\DesktopNo
MICROUPDATEDARKXdarkregistry.exeDetected by McAfee as RDN/Generic PWS.y!b2i and by Malwarebytes as Backdoor.Agent.DCENo
DarkScape.jarXDarkScape.jarDetected by Dr.Web as Trojan.MulDrop5.40045 and by Malwarebytes as Trojan.Agent.ENo
winupXdart.exeDetected by Dr.Web as Trojan.MulDrop3.10980No
DasDNFXDasDNF.exeDetected by Kaspersky as Trojan-Dropper.Win32.Crypter.dx and by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
daskgfkkcx15Xdasdsaads15.exeDetected by Sophos as Troj/OnLineG-QNo
AllSearch_mainXDaSearchU.exeDaSearch rogue security software - not recommended. One of the OneScan family of rogue scanner programs. Detected by Malwarebytes as Adware.K.AllSearchNo
Codename DashboardUdashboard.exeCodename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time." No longer availableNo
DashBarState?dashIE??No
DashIE?dashIE??No
dasHostXdasHost.exeDetected by Dr.Web as Trojan.FakeAV.15693 and by Malwarebytes as Backdoor.Agent.DSNo
dasHostXdasHost.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DSNo
asdsaxcxz13Xdasxcsx13.exeDetected by Sophos as Troj/LegMir-ARFNo
DataXData.exeDetected by McAfee as RDN/Generic.bfr!hy and by Malwarebytes as Backdoor.Agent.TRJENo
data.exeXdata.exeDetected by McAfee as RDN/Generic Downloader.x!me and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Intel134Xdata.exeDetected by McAfee as RDN/Generic Downloader.x!me and by Malwarebytes as Backdoor.Agent.ENo
Intel435Xdata.exeDetected by McAfee as RDN/Generic Downloader.x!me and by Malwarebytes as Backdoor.Agent.ENo
System Data UpdaterXdata.exeDetected by McAfee as RDN/Generic.dx!d2c and by Malwarebytes as Backdoor.Agent.ENo
Windows DefenderXdata.exeDetected by Malwarebytes as Trojan.Backdoor. The file is located in %AppData%\run32No
NeLi ModuleXData.exeDetected by Malwarebytes as Spyware.HawkEyeKeyLogger. The file is located in %AppData%\MicrosoftNo
[40 hex numbers]Xdata.pifDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile% - see examples here and hereNo
data.pifXdata.pifDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.AgentNo
SYSTEM UPDATER ZIPXdata2.exeDetected by McAfee as RDN/Generic Dropper!ug and by Malwarebytes as Trojan.Agent.MNRNo
data32Xdata32.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DTANo
JusWfUEBsoPCtdxXdatabase.exeDetected by Malwarebytes as Ransom.Scarab. The file is located in %AppData%No
DataCardMonitorUDataCardMonitor.exeMobile (USB) internet management tool by Huawei Technologies Co., Ltd as used by a number of providers including T-Mobile, Virgin Media, tele.ring and blueconnectNo
DisplayUDataCollectionLauncher.exePart of APC PowerChute Personal Edition - "Easy-to-use, safe system shutdown software with power and energy management features for home computers and battery backups"Yes
datafiles.exeXdatafiles.exeDetected by Dr.Web as Trojan.MulDrop5.640 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DataHealerXDataHealer.exeDataHealer rogue security software - not recommended, removal instructions hereNo
DataKeeperUDataKeeper.exePowerQuest DataKeeper (now owned by Symantec) backup softwareNo
Data Layer 2Xdatalayer.exeDetected by Sophos as W32/Rbot-BNF Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System%No
DataLayerYDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
Nokia PC SuiteYDataLayer.exePart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)Yes
DataLayerYDATALA~1.EXEPart of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe)No
DataMngrUDataMngrUI.exeMediabar included with a number of toolbars (such as the Searchqu Community Toolbar) and versions of freeware utilities such as iMesh and BearShare. The file is located in %ProgramFiles%\[varies]\Datamngr. Detected by Malwarebytes as PUP.Optional.Datamngr. If bundled with another installer or not installed by choice then remove itNo
DataMngrUDATAMN~1.EXEMediabar included with a number of toolbars (such as the Searchqu Community Toolbar) and versions of freeware utilities such as iMesh and BearShare. The file is located in %ProgramFiles%\[varies]\Datamngr. Detected by Malwarebytes as PUP.Optional.Datamngr. If bundled with another installer or not installed by choice then remove itNo
Optus Cable Data MonitorUdatamonitor.exeAllows Optus customers to monitor their actual data usage against Optus' "data allowance limits"No
msader15ADOR15Xdatamsadomd2.70.7713.0.exeDetected by Sophos as W32/Trite-ANo
DataProtectXDataProtect.exeDataProtect rogue security software - not recommended, removal instructions hereNo
Dell DataSafe OnlineUDataSafeOnline.exe"Dell DataSafe Online (now discontinued) helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection. For your security all data is encrypted and compressed before ever leaving your computer." Required for the automatic backups to runNo
Dell DataSafe SchedulerUDataSafeOnlineScheduler.exeScheduler for Dell DataSafe Online (now discontinued) which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection"No
datasaveXdatasaverun.exeDataSave rogue security software - not recommended, removal instructions hereNo
dataupdatedXdataupdate.exeDetected by Malwarebytes as Trojan.Autoit. The file is located in %AppData%No
DatcheckXdatcheck.exeDetected by Symantec as KeyPanic.TrojanNo
DateMakerIntlXDateMakerIntl.exePremium rate Adult content dialerNo
Date ManagerXDateManager.exeDateManager - calendar/reminder utility. Contains GAIN adware by Claria CorporationNo
IDTAUDIOXdatHost.exeDetected by McAfee as RDN/Generic PWS.y!zh and by Malwarebytes as Backdoor.Agent.IDNo
Data ProtectionXdatprot.exeData Protection rogue security software - not recommended, removal instructions hereNo
Desktop ArchitectNdatray.exeDesktop theme manager for managing the desktop appearance, fonts, sounds, etc.No
Google_UpdateXDaumCleans.exeDetected by Dr.Web as Trojan.DownLoader6.49071 and by Malwarebytes as Trojan.Downloader.ENo
DAupdateXDAupdate.exeNavEnhance adwareNo
Perfomance MonitorXdavcsync.exeDetected by Sophos as W32/Lamud-ANo
GMX_GMX Upload-ManagerNDAVSRV.EXETranslation: "With the GMX Upload-Manager, you can manage on your regular Windows desktop and move your GMX Media Center digital photos, music files and other files between your PC hard drive, associated media and your multimedia data storage"No
DAW9532EXE?DAW9532.EXELoaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?No
Daily PlannerNdayplan.exeDaily Planner - which was discontinued and became part of KMCS Deluxe System Suite (which was also discontinued). Tool to plan your days, and check activities off as you complete themNo
DayTodayUDAYTODAY.EXEDayToday from RoboMagic Software Corp. Displays the date on the taskbarNo
ArmA 2 Operation ArrowheadXDayZ Bypass.exeDetected by Dr.Web as Trojan.Siggen5.42978 and by Malwarebytes as Backdoor.Agent.ENo
DayZ Bypass.exeXDayZ Bypass.exeDetected by Dr.Web as Trojan.Siggen5.42978 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DayzKeyXDayzKeys.exeDetected by Dr.Web as Trojan.Siggen6.21038 and by Malwarebytes as Backdoor.Agent.ENo
DayzKeys.exeXDayzKeys.exeDetected by Dr.Web as Trojan.Siggen6.21038 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
WIZZXdazzler.exeDetected by Kaspersky as the DIALER.IS TROJAN!No
ASDPLUGINXdbaccess.exeAsdPlug premium rate adult content dialerNo
Win Validation ApplicationXDBExecCom.exeDetected by Sophos as W32/VBSilly-ANo
Microsoft Debug ServiceXdbgbgr.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
DbgHlp32XDbgHlp32.exeAdded by the WINKO.AO WORM!No
DBGOToolBarXDBGOToolbarT.exeDetected by Malwarebytes as Adware.Barogo. The file is located in %ProgramFiles%\DBGOToolBar - see hereNo
dbhlp32Xdbhlp32.exeDetected by McAfee as PWS-Mmorpg.genNo
DBISQL9Udbisqlg.exeRelated to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologiesNo
SearchModuleUdblaunch.exeDetected by Malwarebytes as PUP.Optional.Goobzo. The file is located in %LocalAppData%\SearchModule. If bundled with another installer or not installed by choice then remove itNo
deskbarUdblaunch.exeDetected by Malwarebytes as PUP.Optional.DeskBar. The file is located in %LocalAppData%\DeskBar. If bundled with another installer or not installed by choice then remove itNo
(Predeterminado)XDBLIST32.exeDetected by Dr.Web as Trojan.DownLoader5.43248No
 xmens32Xdbm322.exeDetected by Malwarebytes as Trojan.Banker. Note the space at the beginning of the "Startup Item" field and the file is located in %System%No
Microsoft System CheckupXdbnetlib.exeDetected by Symantec as W32.HLLW.Donk.L and by Malwarebytes as Backdoor.Agent.MSUGenNo
pjcpXdbpiixrn.exeDetected by Dr.Web as Trojan.DownLoader8.52097No
Gravis AppawareloaderUdbserver.exeLooks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support themNo
dsgbXdbw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
Intel(R) Audio DriveXDbx.exeDetected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.Agent.ADGenNo
DbxaxdXDbxaxd.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
WINSERV SERVICEXdc.exeDetected by Microsoft as Worm:Win32/Hamweq.DQ and by Malwarebytes as Backdoor.AgentNo
DCXDC.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.DCENo
dcXdc.exeDetected by Sophos as W32/VB-DZENo
Dialer ControlUdc.exeDialer-Control. Detects and protects from premium rate Adult content dialersNo
DC6cwXDC6cw.exePart of the DriveCleaner rogue security software - not recommended, removal instructions hereNo
DC6Xdc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
DC6_checkXdc6_startupmon.exePart of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions hereNo
DcapXDCap.exeDetected by Dr.Web as Trojan.DownLoader6.46786 and by Malwarebytes as Trojan.BankerNo
_Xdcbcg.exeDetected by Sophos as Troj/Agent-HMTNo
DCbckXDCbck.exeDetected by McAfee as RDN/Generic BackDoor!xm and by Malwarebytes as Backdoor.Agent.DCENo
dccXdcc_.exeDetected by Sophos as Troj/Agent-GBJNo
[various names]XDCC_send.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DAZEL Delivery AgentUDcDaemon.exeControl and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HPNo
DCE ManagerXdcemgr.exeDetected by Symantec as Backdoor.TumagNo
DCfssvcUdcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
dcfssveUdcfssvc.exeAssociated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an exampleNo
Phase One Media ReaderUDCIMImp.exePhase One Media Reader Capture imagesNo
Deus CleanerXDCleaner.exeDeus Cleaner rogue system cleaner utility - not recommendedNo
hunpenigXdclocmwk.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %LocalAppData%No
Dcom HelperXdcmhlp.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System% - see hereNo
dcmiXdcmi.exeDetected by Malwarebytes as Trojan.MSIL.RV. The file is located in %AppData%\MicrosoftNo
DarkComet RAT LegacyXDCModule.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
SalestartXdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
BMNXdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
dc6_checkXdcmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
audlmne32Xdcmsxe.exeDetected by Sophos as Troj/Mailbot-CFNo
dco.exeXdco.exeDetected by Dr.Web as Trojan.SkypeSpam.15 and by Malwarebytes as Trojan.Agent.SKP. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%No
8PiwzMI/qKnvKWzduvHoXdcomcnfg.exeDetected by Malwarebytes as Trojan.Myst. The file is located in %AppData%\Microsoft\Internet ExplorerNo
WINDOWS SYSTEMXdcomuser.exeDetected by Symantec as W32.Mytob.EO@mm and by Malwarebytes as Backdoor.AgentNo
SystemXdcomx.exeDetected by Symantec as Backdoor.IRC.Cirebot and by Malwarebytes as Trojan.FakeAlertNo
SalestartXdcpasmon.exeSystemDoctor rogue security software - not recommended, removal instructions hereNo
dlcipsclXdcpavss.exeDetected by Sophos as Troj/Mailbot-CBNo
DarkComet RATXDCSC.exeDetected by McAfee as RDN/Generic BackDoor!zy and by Malwarebytes as Backdoor.Agent.DCEGenNo
dcsdcsd.vbsXdcsdcsd.vbsDetected by Malwarebytes as Backdoor.Agent.Script. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
SalestartXdcsm.exePart of the PrivacyProtector and DriveCleaner rogue security toolsNo
dcsmXdcsm.exePart of the PrivacyProtector and DriveCleaner rogue security toolsNo
NETFRAME2.0Xdcwdll.exe.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
DATACONVERTERXdcwdll.exe.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
VERSIONCHECKERXdcwdll.exe.exeDetected by McAfee as Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
Windows Automatical UpdaterXdcz.exeDetected by Trend Micro as WORM_RBOT.CXSNo
DoubleDesktopUdd.exe"DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"No
D SYSTEMXdd.exeDetected by Sophos as W32/Mytob-FNNo
Dialer DetectUdd.exeDialerDetect detects stealth installed premium rate dialers, and sounds the alarm when such a connection is being installed without you knowing itNo
(Default)Xdd.exeDetected by Malwarebytes as Trojan.Agent. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
WinRARcXdd15.exeDetected by McAfee as RDN/Generic Dropper!ul and by Malwarebytes as Backdoor.Messa.ENo
DDCActiveMenuNDDCActiveMenu.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
DDCCSXDDCCMO.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\CCDDNo
DDCMNDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
DDCManNDDCMan.exeDigital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the caseNo
WinDirectoriesXddcs.exeDetected by Sophos as W32/VB-ETN and by Malwarebytes as Trojan.IRCBruteNo
WindowServerXdddasasa.exeDetected by Malwarebytes as Backdoor.Agent.WS. The file is located in %AppData%\windowNo
Windows ServiceXdddd.exeDetected by Kaspersky as Dialer.Salc, also known to come with the Bube family of trojansNo
ddeaeafXddeaeaf.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
ddeprocXddeproc.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
Winsvr managerXDDEsvr.exeDetected by Sophos as W32/Tirbot-CNo
AvanceXDDF116.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %AppData%No
DirectXXddhelp32.exeAdded by an unidentified VIRUS, WORM or TROJAN! Note - not the DirectX helper which is ddhelp.exeNo
DDiallerXDDialler.exeAdult content dialerNo
DVD Device Lock for Win95/98/Me/2k/XPUDDLAgent.exeLoads DVD Device Lock - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
DDLAgentUDDLAgent.exeLoads DVD Device Lock - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UIYes
DivX Download Manager?DDmService.exePart of the Web Player which is included with the DivX video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see hereYes
DivX Download Manager Service?DDmService.exePart of the Web Player which is included with the DivX video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see hereYes
DDmService?DDmService.exePart of the Web Player which is included with the DivX video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see hereYes
Microsoft® Windows® Operating SystemXDDORES.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Templates%No
Adobe DriversXDDoS.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserStartup%No
DDOS SERVICEXDDoS.exeDetected by McAfee as RDN/Generic.bfr!hq and by Malwarebytes as Backdoor.Agent.DCENo
DDoS.exeXDDoS.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Adobes UpdatesXddosw.exeDetected by Sophos as Troj/Backdr-DCNo
CCD ManagerUDDS.EXEProject Labs Century CD manager for their CD/DVD storage deviceNo
PlaySysXddsplay.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
MSRegScanUDDSSDemo.exeSystemSleuth surveillance software. Uninstall this software unless you put it there yourselfNo
DynDNS-Updater TraytoolNddutray.exeDynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Run manuallyNo
DDWMonUddwmon.exeDirect Disc Writer Event Monitor from TOSHIBANo
De32genXde32gen.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
DE58DC232B2EB5B6FC69BBB9A7C86D4CBC512941XDE58DC232B2EB5B6FC69BBB9A7C86D4CBC512941Detected by McAfee as RDN/Generic.bfr!dNo
HKCUXDeadAuth.exeDetected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\WinUpdate\spynetNo
HKLMXDeadAuth.exeDetected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\WinUpdate\spynetNo
PoliciesXDeadAuth.exeDetected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes as Backdoor.Agent.Pgen. The file is located in %ProgramFiles%\WinUpdate\spynetNo
DeadKittyXDeadKitty.exeDetected by Sophos as W32/DeadCat-ANo
DealbariumUdealbarium.exeDetected by Malwarebytes as PUP.Optional.DealBarium. The file is located in %ProgramFiles%\dealbarium\dealbarium\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DealDayUDealDay.exeDetected by Malwarebytes as PUP.Optional.DealDay. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\DealDay. If bundled with another installer or not installed by choice then remove itNo
auUDealioAu.exeDealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer productsNo
dealsfoxUdealsfox.exe"dealsfox.com is powered by SmartName to bring you targeted search terms designed specifically to enhance the users overall online search experience. dealsfox.com displays the top advertisers for and more." Detected by Malwarebytes as PUP.Optional.DealsFox. The file is located in %LocalAppData%\dealsfox.com\dealsfox\[version]. If bundled with another installer or not installed by choice then remove itNo
httpdXdeamon.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
cplXdeamon.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
Virtual CDROMXdeamon.exeDetected by Trend Micro as WORM_RBOT.VPNo
MessangerXdeamon.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
browserXdeamon.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
StartMenuXdeamon.exeDetected by Total Defense as Win32.Tactslay.C. The file is located in %Windir%No
deasycponyfeXdeasycponyfe.exeDetected by McAfee as PWS-Zbot-FAGQ!4B5426148A84 and by Malwarebytes as Trojan.Agent.USNo
Death.exeXDeath.exeDetected by Sophos as Troj/Delf-ERWNo
MqqocXdebug.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %Windir%No
DebugerXDebuger.exeDetected by Dr.Web as Trojan.AVKill.28870 and by Malwarebytes as Trojan.AgentNo
DebugMonitorXdebugmonitor.exeDetected by Symantec as W32.Mydoom.BG@mmNo
DebugXDebugW32.exeDetected by Symantec as W32.Gubed.intNo
runXdec25.exeDetected by Symantec as W32.Atak.F@mmNo
CiodiagXDECCONF.EXEDetected by Trend Micro as TROJ_STRAT.ELNo
DeciUpdXDeciUpd.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
ShellXDeciUpd.exe,explorer.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "DeciUpd.exe" (which is located in %AppData%\Microsoft)No
DeClassed.dllXDeClassed.dllDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.MSC. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
ReflWorkAssistXDeclient.exeDetected by Dr.Web as Trojan.DownLoader12.12365 and by Malwarebytes as Trojan.Downloader.ENo
wininfXdecoder.exeDetected by Dr.Web as Trojan.DownLoader5.29928No
what everXdecom.exeDetected by Sophos as W32/Rbot-SCNo
DECRYPT_INSTRUCTION.HTMLXDECRYPT_INSTRUCTION.HTMLDetected by McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as CryptoWall.Trace. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DECRYPT_INSTRUCTION.TXTXDECRYPT_INSTRUCTION.TXTDetected by McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as CryptoWall.Trace. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DECRYPT_INSTRUCTION.URLXDECRYPT_INSTRUCTION.URLDetected by McAfee as RDN/Generic.dx!dd3 and by Malwarebytes as CryptoWall.Trace. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dedtolsoXdedtolso.exeDetected by Malwarebytes as Trojan.Agent.DT. Note that there are two entries here - one loading via HKLM\Run with the file located in %System% and the other loading via HKCU\Run with the file located in %UserProfile%, see hereNo
DeeEnEsUDeeEnEs.exeDeeEnEs - automatically updates a dynamic IP address when it changesNo
AmicitaXDeepFreezer.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%No
NAV DefAlertUDefAlert.exeNorton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basisNo
Default KeyXDefault File.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Default FolderNo
Default KeyXDefault File.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %LocalAppData%\Default FolderNo
Default KeysXDefault File.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\Default Folder - see hereNo
winlogontmXDefault File.exeDetected by Malwarebytes as Backdoor.Bot.DFT. The file is located in %UserTemp%\Default FolderNo
svchostXDefault File.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%\updateNo
HSDKAGF6ASFASD2XDefault File.exeDetected by Malwarebytes as Trojan.Agent.ZG. The file is located in %AppData%\DASLGAEHG342RFANo
defaultXdefault.exeDetected by Dr.Web as Trojan.Siggen4.26128No
Default ApplicationXDefault.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.ENo
ShellXDefault.exeDetected by Malwarebytes as Trojan.Agent.MTA. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Default.exe" (which is located in %Temp%\FolderName)No
(Default)XDefault.exeDetected by Trend Micro as WORM_AUTORUN.BUK. Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
DefaultConfigurationXdefaultconfh.exeDetected by Sophos as W32/Agobot-JCNo
defaultsetsXdefaultsets.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.ENo
Defense CenterXdefcnt.exeDefense Center rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DefenseCenterNo
[various names]Xdefect08.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DefenceprivacyXDefencePrivacy.exeDefence Privacy rogue security software - not recommended, removal instructions hereNo
DefencerGBAXDefencer2011.exeDetected by McAfee as Generic.bfg!c. The file is located in %UserProfile%No
DefencerGBAXDefencer2011.exeDetected by McAfee as Generic.mfr. The file is located in %UserProfile%\msappsNo
defencevaccinestart.exeXdefencevaccinestart.exeDetected by McAfee as Generic.tfr and by Malwarebytes as Rogue.K.DefenceVaccineNo
defencevaccine mainXdefencevaccineu.exeDetected by McAfee as Generic.tfr and by Malwarebytes as Rogue.K.DefenceVaccineNo
DefencerGBAXdefend.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%\[numbers]No
DefendAPcXDefendAPc.exeDefendAPc rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
crss.exeXdefender.exeDetected by Malwarebytes as Backdoor.Bot.WPM. The file is located in %AppData%No
AUDIO EXTRUCTORXdefender.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.AgentNo
SearchindexXDefender.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent. The file is located in %Root%\microupdate\temp\Windows DefenderNo
SearchindexXDefender.exeDetected by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
SearchindexeXDefender.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
SpySpotter System DefenderXDefender.exeSpySpotter rogue spyware remover - not recommended, see hereNo
configXDefender.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.AgentNo
DefenderXdefender.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%No
Spyware ProtectionXdefender.exeSpyware Protection rogue security software - not recommended, removal instructions hereNo
Defender.exe PeruXDefender.exeDetected by Kaspersky as Trojan-Banker.Win32.MultiBanker.acs and by Malwarebytes as Trojan.AgentNo
configoXDefender.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
configOSXDefender.exeDetected by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
HOST MANAGERXdefender.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.AgentNo
viruspreventerXdefender.exeDetected by Dr.Web as Trojan.MulDrop4.63880 and by Malwarebytes as Trojan.Agent.ENo
tmpXdefender.exeFake Microsoft Security Essentials Alert - removal instructions here. Detected by Malwarebytes as Trojan.FakeAlert. The file is located in %AppData%No
Windows DefenderXDefender.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\Windows DefenderNo
Windows DefenderXdefender.exeDetected by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%\Windows Defender\[folder]No
MEDIA ROUTINESXdefender.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Backdoor.AgentNo
Security ProtectionXdefender.exeSecurity Protection rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.SpyproNo
systemLoadXDefender.exeDetected by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
systemXDefender.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.AgentNo
systemXDefender.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.WDFGen. The file is located in %Windir%\WdefenderNo
javaXdefender.exe.exeDetected by McAfee as RDN/Generic.dx!ctw and by Malwarebytes as Backdoor.Messa.ENo
loadXDefender.exe.lnkDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Defender.exe.lnk" (which is located in %AppData%\WinEssentials)No
defender32.exeXdefender32.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %UserTemp%No
Microsoft Defender Anti-VirusXdefenderdriver.dllDetected by Malwarebytes as Trojan.Agent.MD. The file is located in %LocalAppData%\MicrosoftNo
defendersys.exeXdefendersys.exeDetected by Malwarebytes as Trojan.Agent.DFS. The file is located in %AppData% - see hereNo
defendersys.exeXdefendersys.exeDetected by Malwarebytes as Trojan.Agent.DFSGen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
defenseXdefense.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %Windir%No
DefenseVirusMainXDefenseVirus.exeDefenseVirus rogue security software - not recommended, removal instructions hereNo
defergui?defergui.exeRelated to IBM Standard Software Installer. The file is located in %Root%\sdwork. What does it do and is it required?No
PoliciesXdeff.exeDetected by McAfee as RDN/Generic.bfr!eh and by Malwarebytes as Backdoor.Agent.PgenNo
Default ManagerUDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
DefMgrUDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
Microsoft Default ManagerUDefMgr.exePart of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use BingYes
DEFINI_INVENTXdefnv.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Root%\definitivaNo
Win DefragsXdefrag.exeDetected by Symantec as Backdoor.IRC.Bot. The file is located in %System%No
Automatic Defrag ManagerXdefrag.exeDetected by Sophos as W32/Rbot-AKENo
Defrag.exeXDefrag.exeDetected by McAfee as Downloader.gen.aNo
Windows DLL LoaderXdefragfat32.exeDetected by Sophos as W32/Sdbot-SS and by Malwarebytes as Trojan.DownloaderNo
Windows DLL LoaderXdefragfat32abc.exeDetected by Sophos as W32/Rbot-RG and by Malwarebytes as Trojan.DownloaderNo
Windows DLL LoaderXdefragfat32pi.exeDetected by Sophos as W32/Rbot-QQ and by Malwarebytes as Trojan.DownloaderNo
Windows DLL LoaderXdefragfat32z.exeDetected by Symantec as W32.Linkbot.ANo
Windows DLL LoaderXdefragfat39.exeDetected by Sophos as W32/Poebot-C and by Malwarebytes as Trojan.DownloaderNo
Windows DLL LoaderXdefragfatx.exeDetected by Sophos as W32/Poebot-FNo
Windows DLL LoaderXdefragfatz.exeDetected by Symantec as W32.Linkbot.HNo
defragm_checkXdefragment.exeCoolWebSearch parasite variantNo
MyDefragReminderUDefragReminder.exeMy Defragmenter by ConsumerSoft - "provides an easy-to-use interface, powerful scheduler, hard drive analysis, and excellent defragmenter. Download My Defragmenter today to get started and defrag your hard drive!" Detected by Malwarebytes as PUP.Optional.MyDefragmenter. The file is located in %ProgramFiles%\ConsumerSoft\My Defragmenter. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DefragReminderUDefragReminder.exeDefragmenter part of My Faster PC by ConsumerSoft - which "gives you the tools to maintain your PC and help improve computer performance. Now you can use the same tools that only experts know about ? easily and safely." Detected by Malwarebytes as PUP.Optional.MyFasterPC. The file is located in %ProgramFiles%\ConsumerSoft\My Faster PC\My Defragmenter. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Application ReadinessXdefragsvc.exeDetected by Microsoft as TrojanSpy:MSIL/Golroted.B and by Malwarebytes as Backdoor.Agent.DAPNo
DefragTaskBarUdefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2/3 - which "defragments your hard drive only when computer is idle, hence enabling you to follow your everyday work routine without any distraction"Yes
defragTaskBar.exeUdefragTaskBar.exeSystem Tray access to Ashampoo® Magical Defrag 2/3 - which "defragments your hard drive only when computer is idle, hence enabling you to follow your everyday work routine without any distraction"Yes
WebScanUDEFSCANGUI.EXEWeb scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
WebScanUDEFSCA~1.EXEWeb scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
Microsoft AntiMalware ServiceXdefualt.exeDetected by Malwarebytes as Trojan.Agent.MAS. The file is located in %CommonAppData%No
defwatchUdefwatch.exeDetects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basisNo
Windows Internet ProtocolXdeinst_qfe001.exeAdded by a variant of the Win32.Small TROJAN!No
SpywareGuardXdeinst_qfe001.exeAdded by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard applicationNo
Deko550UDeko550.exeAssociated with the Deko550 entry-level SD real-time graphics system from Avid TechnologyNo
Windows Service Pack Auto UpdateXdel-me.exeAdware, also detected as the LOWZONES.BH TROJAN!No
PoliciesXDelaws.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %AppData%\usecureNo
HKCUXDelaws.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\usecureNo
HKLMXDelaws.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\usecureNo
ioloDelayModuleUdelay.exePart of an older version of iolo's System Mechanic or System Mechanic Professional utility suites. Used to delay the startup of an application which loads automatically as Windows startsNo
hpWirelessAssistantUDelayedAppStarter.exe HPWA_Main.exeWireless management utility for HP computers that allows the user to enable individual wireless devices (such as Bluetooth or WLAN devices) and shows the state of the radios for those devicesNo
DelayUdelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
DelayrunUdelayrun.exeOn HP PCs this program is used to help prevent conflicts or timing issues on fast computersNo
InternetExplorerUpdateXdeleter.exeDetected by Dr.Web as Trojan.KillProc.19815 and by Malwarebytes as Trojan.AgentNo
GhostSurfDelSatelliteYDeleteSatellite.exePart of Tenebril SpyCatcher antispyware. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place. Also included with GhostSurf PlatinumNo
Delete_All_FilesXDelete_All_Files.exeDetected by Dr.Web as Trojan.Winlock.11337 and by Malwarebytes as Trojan.Agent.RNSNo
Execute?delfolders.exeThe file is located in %System%\Tools. What does it do and is it required?No
DeliveryCenter?DeliveryCenter.exeThe file is located in %ProgramFiles%\Delivery Center\5745897\Program. What does it do and is it required?No
Diamond Delivery Center?DeliveryCenter.exeThe file is located in %ProgramFiles%\Delivery Center\5745897\Program. What does it do and is it required?No
DellControlPointUDell.ControlPoint.exeDell ControlPoint is "designed to simplify and unify the execution of what should be simple system functions" and "integrates best-of-breed software and utility solutions into one helpful solution". Includes Power Manager, Security Manager and Connection Manager functionsNo
DellConnectionManagerUDell.UCM.exePart of the Dell ControlPoint Connection Manager which "provides a complete communications management environment for everything from Ethernet to dial-up to GPS". Dell ControlPoint is "designed to simplify and unify the execution of what should be simple system functions" and "integrates best-of-breed software and utility solutions into one helpful solution"No
DellDMIUDELLDMI.EXEDell OMCI DMI Module - part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Required if you use OpenManage and the associated ActionAgent and DEventAgent processesNo
Dell DockUDellDock.exeDell Dock by Stardock Corporation - "created to bring greater organization, personalization and productivity to Dell customers around the globe". Based upon Stardock's own ObjectDeck which is used to "organize your shortcuts, programs and running tasks into an attractive and fun animated dock"No
Dell Dock First RunUDellDock.exeDell Dock by Stardock Corporation - "created to bring greater organization, personalization and productivity to Dell customers around the globe". Based upon Stardock's own ObjectDeck which is used to "organize your shortcuts, programs and running tasks into an attractive and fun animated dock"No
DELLMMKBUDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
DellTouchUDELLMMKB.EXEMultimedia keyboard control for Dell based PCs - only required if you use the multimedia keysNo
SightSpeedUDellVideoChat.exeDell Video Chat - Dell customized version of the SightSpeed video chat service from SightSpeed Inc. SightSpeed was acquired by Logitech and has now been discontinuedNo
DELL Webcam ManagerNDellWMgr.exeDell Webcam Manager (by Creative Technology) - Webcam management software provided on Dell PCs enabling face tracking, brightness control, colour, etc.No
delmsbbXdelmsbb.exeAdware.180Search variant. The file is located in %Windir%No
delsaapXdelsaap.exenCase/180adsolution adware related - see the archived version of Andrew Clover's page. The file is typically located in %Windir%No
delstart.exe?delstart.exeReportedly part of BT ISP software. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts. What does it do and is it required in startup?No
Windows SecurityXdelta.exeDetected by Symantec as Trojan.Cryptolocker.P and by Malwarebytes as Trojan.Ransom.WS. The file is located in %CommonAppData%\MicrosoftNo
Windows SecurityXdelta.exeDetected by Malwarebytes as Trojan.Ransom.WS. The file is located in %LocalAppData%\Microsoft - see hereNo
Browser Infrastructure HelperUdelta.exeDelta ad-supported browser enhancement by Linkury. Detected by Malwarebytes as PUP.Optional.SmartBar. The file is located in %LocalAppData%\Smartbar\Application. If bundled with another installer or not installed by choice then remove itNo
DeltaIITaskbarAppUDeltaIITray.exeSystem Tray access to the Delta Control Panel for the Delta series of PCI audio cardsNo
M-Audio Taskbar IconUDeltaIITray.exeSystem Tray access to the Delta Control Panel for the Delta series of PCI audio cardsNo
DelTmp?DelTemp.exeAdded to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete?No
delcab?deltreew.exe C:\cabsThe file is located in %Root%\drivers. What does it do and is it required?No
DeltTrayUDeltTray.exeSystem Tray access to the Delta Control Panel for the Delta series of PCI audio cardsNo
M-Audio Delta Taskbar IconUDeltTray.exeSystem Tray access to the Delta Control Panel for the Delta series of PCI audio cardsNo
DELUXECCUDELUXECC.exeTwain driver for the SiPix SC-Deluxe digital cameraNo
DELXP ProtocolXdelxp.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
delBatBXdel_key.batDetected by Dr.Web as Trojan.Siggen3.51765No
del_tempXdel_temp.vbsDetected by Dr.Web as Trojan.Siggen6.5266 and by Malwarebytes as Backdoor.Agent.DLTNo
demm386.exeXdemm386.exeDetected by Sophos as W32/Rbot-EONo
MicrosoftXdemo.exeDetected by Malwarebytes as Trojan.Agent.MSGen. The file is located in %AppData%No
XPXDemon.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %Windir%No
demon?demon.exePart of the Wanadoo (which was rebranded as Orange and is now part of EE) ADSL extense pack. What does it do and is it required?No
Windows UpdateXden1.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
DencnfXDencnf.exeDetected by Malwarebytes as Trojan.Spyeyes.VS. The file is located in %AppData%No
DencnfXDencnf.exeDetected by Malwarebytes as Trojan.Ircbot. The file is located in %Windir%No
EspecialXDeneca.batDetected by Symantec as W97M.DeluzNo
WINDOWS DENEMEXdeneme.exeDetected by Sophos as W32/Mytob-CRNo
DenziNDenzi.exe"DENZI finds for you the latest available versions of your installed software and installs them automatically and for free"No
[various names]XdePloy.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
deploy.exeXdeploy.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
DeploymentUpdateXDeploymentupdt32.exeDetected by Malwarebytes as Trojan.SHarpro.Pgen. The file is located in %LocalAppData%\Deployment\DeploymentUpdateNo
deptonXdepton.exeDetected by Malwarebytes as Trojan.Agent.DPT. The file is located in %Windir%No
frunXderc32xz.exeAdded by unidentified malware. The file is located in %Windir%No
dertteyXderttey.exeDetected by McAfee as RDN/Generic.grp!ho and by Malwarebytes as Backdoor.Agent.NWNo
DES2Udes2.exeGIGABYTE Dynamic Energy Saver 2 - "incorporates a host of intelligent features that use a proprietary hardware and software design to considerably enhance PC system energy efficiency, reduce power consumption and deliver optimized auto-phase-switching for the CPU, Memory, Chipset, VGA, HDD and system fans"No
PoliciesXdesarakt.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKCUXdesarakt.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXdesarakt.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
DesensitizeXDesensitize.exeDetected by McAfee as RDN/Generic Dropper!qu and by Malwarebytes as Backdoor.Messa.ENo
VicXDeshnawy.exeDetected by Dr.Web as Win32.HLLW.Autoruner.12752 and by Malwarebytes as Worm.AutoRun.ENo
designer-contentXdesigner-wear.exeDetected by Malwarebytes as Backdoor.Agent.STL. The file is located in %AppData%\Designerconsult - see hereNo
DesignerLG.exeXDesignerLG.exeDetected by McAfee as PWS-Banker.gen.ad and by Malwarebytes as Trojan.BankerNo
DesireXdesires.exeAdult content dialerNo
desk-top-service?desk-top-service.exeThe file is located in %Root%\desk-top-service. What does it do and is it required?No
Desk 365Udesk365.exeDesk-365 by 337 Technology Limited - "offers you the fastest and easiest way to manage your desktop shortcuts and kinds of applications. With Desk 365's powerful capabilities, you can access your software and applications instantly. You can also keep your desktop tidy and clean!" Detected by Malwarebytes as PUP.Optional.Desk365. The file is located in %ProgramFiles%\Desk 365. If bundled with another installer or not installed by choice then remove itNo
HydarVisionDesktopManagerUdesk95.exePart of HYDRAVISION - ATI's software for managing multiple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"No
HydraVisionDesktopManagerUdesk98.exePart of HYDRAVISION - ATI's software for managing multiple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which "customizes the behaviour of windows and dialog boxes, allows you to set up Hotkeys for navigation in multiple display configurations and applies special effects like transparency and shadows to you desktop"No
DeskAd ServiceXDeskAdServ.exeDeskAd.Service adwareNo
Desktop AdviserUdeskadv.exeALDESI Desktop Adviser surveillance software. Uninstall this software unless you put it there yourselfNo
DeskBarUDeskBar.exeDetected by Malwarebytes as PUP.Optional.Goobzo. The file is located in %LocalAppData%\DeskBar. If bundled with another installer or not installed by choice then remove itNo
DeskColorNDeskColor.exeProvides transparent icon text backgrounds and coloured icon textNo
DeskDriveStartupUDeskDrive.exeDesk Drive by Mike Ward (formerly Blue Onion Software) - "You pop a USB thumb drive or DVD into your computer and then you have to open Window's Explorer and find the mapped drive or folder. Desk Drive adds a desktop icon pointing to the drive automatically. Remove the media and the shortcut goes away. Brilliantly simple and effective"No
DeskflagNdeskflag.exeDeskflag by Tiger Technologies - animated USA flag on the desktopNo
DeskMateAutoUpdateXDeskMateAutoUpdate.exeDeskMates: Virtual scantily clad girls enhance your desktop. Contains BargainBuddy adwareNo
Desktop MaestroNdeskmech.exePart of Desktop Maestro from PC Tools by Symantec (now discontinued) - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
DesktopMaestroNdeskmech.exePart of Desktop Maestro from PC Tools by Symantec (now discontinued) - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
deskmechNdeskmech.exePart of Desktop Maestro from PC Tools by Symantec (now discontinued) - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervalsYes
desksaverUdesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the "00DSKSVR01" or "00DSKSVR00" entriesYes
DeskSaverUDeskSaver.exeDeskSaver from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". The Pro version also includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaverYes
DeskSaver ProUDeskSaver.exeDeskSaver Pro from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". Includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaverYes
desksaver.exeUdesksaver.exePart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the "00DSKSVR01" or "00DSKSVR00" entriesYes
00DSKSVR00?desksaver.exe saskdaPart of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at presentYes
00DSKSVR01Udesksaver.exe traySystem Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a serviceYes
DiscoverDeskshopNDeskshop.exeDiscover Deskshop - single use "virtual" credit cardNo
DeskSlideUDeskSlide.exeDeskSlide desktop wallpaper changerNo
DeskSpaceUdeskspace.exeDeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube"Yes
DeskSpaceUDESKSP~1.EXEDeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube"Yes
Desktop CalendarUDesktop Calendar.exeDesktop Calendar for Windows XP and earlier by Tinnes Software - "is a simple yet functional program that turns your windows desktop into a traditional wall calendar. Unlike other overly complicated calendars, it?s very easy to grasp and gets straight to the point allowing you to enter events quickly and easily." Installs as a desktop gadget on Windows 7/VistaNo
Desktop Defender 2010XDesktop Defender 2010.exeDesktop Defender 2010 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DesktopDefenderNo
Desktop iCalendarUDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
Desktop iCalendar LiteUDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
Desktop iCalendar Lite.exeUDesktop iCalendar Lite.exeDesktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste"Yes
Desktop iCalendarUDesktop_iCalendar.exeDesktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
Desktop iCalendar.exeUDesktop_iCalendar.exeDesktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins"Yes
Desktop Security 2010XDesktop Security 2010.exeDesktop Security 2010 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DesktopSecurity2010No
DesktopXDesktop.comDetected by Sophos as W32/VB-DRN and by Malwarebytes as Trojan.AgentNo
desktopXdesktop.exeDetected by F-Secure as SdBot.MD and by Malwarebytes as Trojan.Agent. The file is located in %System%No
Desktop SearchXdesktop.exeDetected by McAfee as Adware-ISearchNo
desktop.exeXdesktop.exeDetected by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
desktopXdesktop.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
desktopXdesktop.ini.vbsDetected by McAfee as VBS/IE-Title and by Malwarebytes as Trojan.AgentNo
Desktop ArmorYDesktopArmor.exeDesktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malwareYes
DesktopArmorYDesktopArmor.exeDesktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malwareYes
SkinClockUDesktopClock.exeFree Desktop Clock by Drive Software - replacement for standard Windows tray clock that provides a number of skins and options such a load at start-up, transparent background, seconds display and 12-hour formatNo
BreakingNewsUDesktopContainer.exeDetected by Malwarebytes as PUP.Optional.BreakingNews. The file is located in %ProgramFiles%\BreakingNews\BreakingNews. If bundled with another installer or not installed by choice then remove itNo
DesktopDockUDesktopDock.exeDetected by Malwarebytes as PUP.Optional.DeskTopDock. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Desktop Dock. If bundled with another installer or not installed by choice then remove itNo
DesktopDockAppUDesktopDockApp.exeDetected by Malwarebytes as PUP.Optional.DeskTopDock. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\Desktop Dock. If bundled with another installer or not installed by choice then remove itNo
DesktopIconToyUDesktopIconToy.exe"Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons"No
Lto ManagerYDesktopLtoManager.exeRelated to the GPS found on HP iPAQ hw6500 unit and othersNo
Desktop ManagerNDesktopMgr.exeSynchronisation manager for the Research In Motion "Blackberry" range of wireless handheldsNo
DesktopPlantUDesktopPlant.exeDesktopPlant by Desksoft - "brings life to your desktop. Plants grow directly on your desktop and need your care just like real plants! There are several different plants to choose from"No
desktopsUdesktops.exeDetected by Malwarebytes as PUP.Optional.DeskTops. Note - this entry loads from the Windows Startup folder and the file is located in %Root%\Desktops Alert. If bundled with another installer or not installed by choice then remove itNo
DesktopSearchUDesktopSearch.exeDesktopSearch by Unique Solutions. Detected by Malwarebytes as PUP.Optional.PullUpdate. The file is located in %CommonAppData%\DesktopSearch. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Copernic Desktop Search - CorporateNDesktopSearchService.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
Copernic Desktop Search - HomeNDesktopSearchService.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
Copernic Desktop Search 2NDesktopSearchService.exeSystem Tray access to Copernic Desktop Search - which "enhances your basic computer search capabilities by finding any information in seconds. With an easy-to-use interface, Copernic turns long minutes of manually going through folders into instant results that you can work with"No
Motorola Desktop SuiteUDesktopSuite.exeRelated to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000No
Desktop Temperature MonitorUDesktopTemperature.exeDesktop Temperature Monitor by System Alerts LLC - which "automatically detects your location and displays the current temperature for your area in your desktop tray (near the clock in the bottom right corner of your screen). If you would like a more detailed view into upcoming temperatures, simply click the temperature shown." Detected by Malwarebytes as PUP.Optional.DesktopTemperature. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\DesktopTemperature. If bundled with another installer or not installed by choice then remove itNo
desktoptools.exeNdesktoptools.exePart of Starfield Technologies Workspace Desktop (owned by GoDaddy). "The tool promotes its use as an extension of the GoDaddy web interface, allowing users added functionality, such as drag-and-dropping media files into their GoDaddy web based email client, desktop notification, and others"No
DW4NDesktopWeather.exeDesktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
DW6NDesktopWeather.exeDesktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etcNo
DesktopWeatherAlertsUDesktopWeatherAlertsApp.exe"Once installed, Weather Alerts will use your IP address to detect your location. If severe weather is detected in your area, an alert will appear on your desktop." Detected by Malwarebytes as PUP.Optional.WeatherAlerts. Note - this entry loads from the Windows Startup folder and the file is located in %LocalAppData%\WeatherAlerts. If bundled with another installer or not installed by choice then remove itNo
DesktopXNDesktopX.exeSystem Tray access to DesktopX from Stardock Corporation - "is a desktop utility designed to enable users to build their own desktops, widgets, and gadgets." Note - if this entry is disabled and DesktopX has been configured to load any desktops, objects or widgets they will still load, along with DesktopX. Also part of the Object Desktop suiteYes
DesktopX.exeNDesktopX.exeSystem Tray access to DesktopX from Stardock Corporation - "is a desktop utility designed to enable users to build their own desktops, widgets, and gadgets." Note - if this entry is disabled and DesktopX has been configured to load any desktops, objects or widgets they will still load, along with DesktopX. Also part of the Object Desktop suiteYes
DeskupNdeskup.exeAdds Iomega (now LenovoEMC) Zip drive icons to the desktop. No longer supportedNo
DeskVaccineXDeskVaccine.exeDeskVaccine rogue security software - not recommended, removal instructions hereNo
desp2kUdesp2k.exePart of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurationsNo
xestXdest.exeDetected by McAfee as RDN/Generic.dx!dfz and by Malwarebytes as Trojan.Agent.MTANo
[various names]XDest068.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
KernelConfigXdestiny32.exeDetected by Trend Micro as WORM_AGOBOT.AMBNo
destroy11Xdestroy11.exeDetected by Sophos as Troj/Delf-KONo
DesuraNdesura.exe"Desura is a community driven digital distribution service for gamers, putting the best games, mods and downloadable content from developers at gamers fingertips, ready to buy and play"No
DetectorNdetector.exeUSB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing softwareNo
DetectorAppUDetectorApp.exeRelated to Roxio MyDVD (was Sonic) DVD authoring softwareNo
Disk Essensial ToolsXdetsvc.exeDetected by Microsoft as Worm:Win32/Slenfbot.JLNo
WindowsUpXdev-poin.exeDetected by Dr.Web as Trojan.DownLoader11.9700 and by Malwarebytes as Backdoor.Agent.WUGenNo
Microsoft Windows WorkstationXdevcode.exeDetected by Sophos as W32/Rbot-AWL and by Malwarebytes as Trojan.MWF.GenNo
Dev Gnu CppXdevcpp.exeDetected by Sophos as W32/Rbot-RUNo
Device DetectorUDevDetect.exeACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
Camera DetectorUDEVDET~*.EXEACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automaticallyNo
Device Detector 2NDevDtct2.exeInstalled by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resourcesNo
Device Detector 3NDevDtct2.exeInstalled by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resourcesNo
Mircosoft Windows Developer EnviromentXdevenv.exeDetected by Kaspersky as Backdoor.Win32.Rbot.auj. The file is located in %System%No
Development EnvironmentXdevenv.exeDetected by Sophos as W32/Delbot-AHNo
Driver Control Manager v4.6Xdevetnae.exeDetected by Sophos as W32/IRCBot-AGY and by Malwarebytes as Trojan.AgentNo
Digital DashboardNdevgulp.exeFor Compaq PC's. Loads Digital Dashboard optionsNo
SystemDevicXdevic.exeDetected by Microsoft as Worm:Win32/Pushbot.ALNo
SoundDeviceXdevice.comDetected by Dr.Web as Trojan.DownLoader11.22675 and by Malwarebytes as Backdoor.Agent.ENo
Device HardwareXdevicehnd.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Device IO SystemXdeviceio.exeDetected by Microsoft as Worm:Win32/Slenfbot.AARNo
USBDEVICEMANAGERXDeviceManager.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DPTNo
PhilipsDMNDeviceManager.exeDevice manager for Philips portable media players such as the GoGearNo
USBDEVICEMANAGERS32BITEXDeviceManager.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.DPTNo
Device ManagerXDeviceManager.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.AgentNo
win32servXdevicer.exeDetected by Intel Security/McAfee as W32/Checkout. The file is located in %System%No
System DeviceXdevices.exeDetected by Trend Micro as WORM_AGENT.AFIF. The file is located in %Windir%No
DriverMaxUdevices.exePart of the DriverMax driver update tool from Innovative SolutionsNo
DriverMax_RESTARTUdevices.exePart of the DriverMax driver update tool from Innovative SolutionsNo
CmpntXDevices2.exeDetected by Sophos as Troj/Tompai-D and by Malwarebytes as Trojan.AgentNo
Device Security DriverXdevicesec.exeAdded by a variant of the IRCBOT BACKDOOR! See hereNo
Configuration Loader ServiceXdevl32.exeDetected by Sophos as W32/Sdbot-XYNo
devldr16Udevldr16.exeAssociated with some Creative Labs sound cards in Win98/Me. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
devldr16.exeUdevldr16.exeAssociated with some Creative Labs sound cards in Win98/Me. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous DevicesNo
Microsoft Synchronization ManagerXdevldr32.exeAdded by a variant of Backdoor:Win32/Rbot. Note - do not confuse with the legitimate Creative Labs devldr32.exe file. The file is located in %System%No
Devlog?devlog.exeApparently mainboard/chipset related, by a French company called AS Media. The file is located in %Root%\util. What does it do and is it required?No
devmgmtXdevmgmt.exeDetected by Kaspersky as Trojan.Win32.VB.aqvl. The file is located in %Windir%No
Microsoft UpdateXdevmks32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
Developer Operations NetworkXdevon.exeDetected by Kaspersky as Trojan-Dropper.Win32.VB.atci and by Malwarebytes as Trojan.Backdoor. The file is located in %System%No
Device Microsoft SystemXdevsrv.exeDetected by Trend Micro as WORM_RBOT.AHLNo
Microsoft Desktop ManagerXdevwm.exeDetected by Dr.Web as Trojan.Inject1.34944 and by Malwarebytes as Backdoor.Agent.ENo
xdxqaXdewa.exeDetected by Sophos as W32/Sdbot-YBNo
Xplorer ConfirmatorXdexplre.exeDetected by Dr.Web as Trojan.Click1.59487 and by Malwarebytes as Trojan.Agent.RNSNo
autorepairXdexs.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
Configuration LoaderXdezi.exeDetected by Sophos as W32/Sdbot-OB and by Malwarebytes as Backdoor.BotNo
dezluinuoxibXdezluinuoxib.exeDetected by McAfee as RDN/Generic.dx!d2t and by Malwarebytes as Trojan.Agent.USNo
dfeaXdfea.exeDetected by Symantec as Trojan.Bisonal and by Malwarebytes as Trojan.BisonalNo
HKCUXdfexps.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\RegeditNo
HKLMXdfexps.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\RegeditNo
SNMP Detection Secondary ModulesXdffcmgag.exeDetected by Malwarebytes as Trojan.Agent.LBR. The file is located in %System%No
sAGwzfF8s2kTPQ2Av3TFYIjT7EBTtEXdfgdfgdg.exeDetected by McAfee as Ransom!hm and by Malwarebytes as Trojan.IRCbotNo
dfgdfgdg.exeXdfgdfgdg.exeDetected by McAfee as Ransom!hm and by Malwarebytes as Trojan.IRCbotNo
PlayCenterXdfgx.exeDetected by Malwarebytes as Trojan.Banker.E. The file is located in %AppData% - see hereNo
dfhaegehXdfhaegeh.exeDetected by Sophos as Troj/VB-EVO and by Malwarebytes as Trojan.DownloaderNo
dfjje.exeXdfjje.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
DF ManagerNdfmanager.exeDepositStorage cloud storage by DepositFilesNo
dfqupd32.exeXdfqupd32.exeDetected by Malwarebytes as Worm.AutoRun. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXdfr.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
HKCUXdfr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
HKLMXdfr.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\installNo
Symantec Antivirus professionalXdfrgfrat.exeAdded by a variant of W32/Forbot-Gen. The file is located in %System%No
DFSDCV.exeXDFSDCV.exeDetected by Malwarebytes as Trojan.AVKiller. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Distributed File SystemXDfsvc.exeDetected by Symantec as W32.Myfip.ANo
Hermes MessengerUDGDRHE~1.EXEA LAN messenger alternative to WinPopUp - Digital Dreams SoftwareNo
DGJM?DGJM.exeThe file is located in %Windir%. What does it do and is it required?No
Microsoft Security PansasagersXdgkztsqgn.exeDetected by Sophos as W32/Rbot-BBJNo
TrackaPackage EPM SupportUdgmedint.exeTrackaPackage toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TrackaPackage_dg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
TrackaPackage Search Scope MonitorUdgsrchmn.exeTrackaPackage toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TrackaPackage_dg\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
dgtstartXdgtstart.exeDetected by Kaspersky as AdWare.Win32.DigitalNames.g. The file is located in %System%No
dguardUdguard.exeDownload guard function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendationNo
DHAgentUDHAgent.exeDriverHound by Xionix "is the state-of-the-art driver downloader that ensures your computer has the latest drivers available for your computer and its devices automatically." Detected by Malwarebytes as PUP.Optional.DriverHound. The file is located in %ProgramFiles%\DriverHound. If bundled with another installer or not installed by choice then remove itNo
DealHelperBrwsrXdhbrwsr.exeDetected by Symantec as Adware.DealHelperNo
LANXdhcp.exeDetected by Sophos as W32/Rbot-GYINo
Microsoft STS ServiceXDHCP32.exeDetected by Sophos as W32/Sdbot-UKNo
dhcpagntYdhcpagnt.exeIntel DSL modem driver - leave enabled or you'll have to re-install the driversNo
Update ProUdhcphost.exeDetected by Malwarebytes as PUP.Optional.DhcpUpdater. The file is located in %Windir%\Update Pro\Update Pro. If bundled with another installer or not installed by choice then remove itNo
Dhcp Window HostUdhcphost.exeDetected by Malwarebytes as PUP.Optional.QuickyTranslator.PrxySvrRST. The file is located in %Windir%\Quicky Translator\Quicky Translator. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Dhcp Window HostUdhcphost.exeDetected by Malwarebytes as PUP.Optional.DhcpUpdater. The file is located in %Windir%\Update Pro\Update Pro. If bundled with another installer or not installed by choice then remove itNo
DHCP MangerXdhcpmgr.exeDetected by Symantec as Trojan.NancratNo
Windows APCI VerifierXdhcpserv.exeDetected by Sophos as W32/Rbot-FON. Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)No
dHeAZwUtXdHeAZwUt.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %LocalAppData%No
dlccjnaiiinXDHEHDHASHDE111218 AM.exeDetected by Malwarebytes as Trojan.Banker.DE. The file is located in %UserTemp%No
DeleteHistoryFreeUdhf.exeDelete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC"No
JavaXDHIpuMn.exeDetected by Malwarebytes as Backdoor.DarkKomet. The file is located in %UserProfile%\JavaNo
PackageTracking EPM SupportUdhmedint.exePackageTracking toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PackageTracking_dh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DHNUXB?DHNUXB.exeThe file is located in %Windir%. What does it do and is it required?No
rompleXdhple.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\MicrosoftNo
rundll32Xdhserv.exeDetected by Dr.Web as Trojan.Encoder.234No
PackageTracking Search Scope MonitorUdhsrchmn.exePackageTracking toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PackageTracking_dh\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DealHelperUpdateXDHUpdt.exeDetected by Symantec as Adware.DealHelperNo
DHxaBSbLeDyP.exeXDHxaBSbLeDyP.exeDetected by Sophos as Troj/Agent-QGYNo
GoogleUpdateXDiСhecker _1.8.exeDetected by Dr.Web as Trojan.Inject1.6587 and by Malwarebytes as Trojan.Agent.IGenNo
File1XDia Claro.htmDetected by Sophos as Troj/Dloader-ORNo
SWAPXDiablo3 swapping.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCNo
DiagnosticConfigurationXdiagcfg.exeDetected by Symantec as Backdoor.GWGirlNo
(Default)Xdiagcfg.exeDetected by Symantec as Backdoor.GWGirl. Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
diagentNdiagent.exeSystem Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start → ProgramsNo
Diagnostic AgentXdiagent.exeDetected by Sophos as W32/Agobot-CWNo
Microsoft® Windows® Operating SystemXdiager.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Templates%No
DiagnosticXdiagnostic.exeDetected by Sophos as Troj/Alpha-CNo
DiagnosticTools.exeNDiagnosticTools.exeWindstream internet service diagnostic toolsNo
PoliciesXdiagx.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.PGenNo
Diagx.exe.vbsXDiagx.exe.vbsDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.VBS.Generic. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
User23.exeXDIAL.exeThis is a trojan trying to disguise itself as User32.dllNo
InstallerXdial.exeMalware - detected by Kaspersky as the AGENT.MM TROJAN!No
BTopenworldUDialBTYahoo.exeBT Yahoo! internet connection managerNo
REGRUNXdialer.exeAdware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!No
[various names]Xdialer423.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
antidialer.co.ukUDialer_Watcher.exeDialer Watcher by Glenn Fletcher - "will check to see if your dialup connections change, this happens every couple of seconds. If a Dialer sets up a connection then the program will warn you." No longer availableNo
ItunesXdials.exeDetected by Kaspersky as the AGENT.MM TROJAN!No
Windows Dialup ServiceXdialup.exeDetected by Trend Micro as WORM_AGOBOT.AAHNo
Launcher DiamondXdiamond.exeDetected by Malwarebytes as Backdoor.Agent.DM. The file is located in %AppData%No
Diamondview?Diamondview.exeManulife Financial Insurance program. Is it required at startup?No
Windows MediaXdiapo.exeDetected by Malwarebytes as Trojan.Agent.WMGen. The file is located in %Temp% - see an example hereNo
LivreXDibane.batDetected by Symantec as W97M.BanediNo
DicBrowserUDicBrowser.exeDictionary Browser installed with versions of the Tildes Birojs language tools - which supports Latvian, English, German, Russian, French, Lithuanian and EstonianNo
High Definition DickSprinkles ServiceXdicksprinkles.exeDetected by Dr.Web as Trojan.DownLoader7.15806 and by Malwarebytes as Trojan.MSILNo
DicoXDico.exeDetected by Sophos as Troj/VB-IIP and by Malwarebytes as Trojan.AgentNo
SwdaswdwXdidesgx.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
disgxXdidesgx.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
yoinkXdidesgx.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
taskngrXdidi.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\system32No
FlashPlayerXdidi.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\system32No
system32Xdidi.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %ProgramFiles%\system32No
rundll777Xdie.exe mdll.exeDetected by Symantec as Backdoor.SumtaxNo
rundll946Xdie.exe secure.batDetected by Symantec as Backdoor.SumtaxNo
rundll569Xdie.exe secure.exeDetected by Symantec as Backdoor.SumtaxNo
rundll134Xdie.exe ttg.exeDetected by Symantec as Backdoor.SumtaxNo
diediohXdiedioh.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %UserProfile% - see hereNo
DietKUDietK.exeDiet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"No
DigiCellUDigiCell.exeMSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"No
DigiSrvUDigiSrv.exeRelated to camera software from DigitalDreamsNo
DigitalAppXDigitalApp.exeDetected by McAfee as RDN/Generic BackDoor!tn and by Malwarebytes as Backdoor.Messa.ENo
DigitalMETERUDigitalMETER.exeDigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exitsYes
DesktopX WidgetUDigitalMETER.exeDigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entryYes
DigitalNamesXDigitalNamesStart.exeDigitalNames spyware variantNo
DigiDXDigitalSound.exeTheGuardian malware!No
DigitalMETERUDIGITA~1.EXEDigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "DigitalMETER.exe" is shown as "DIGITA~1.EXE"Yes
DesktopX WidgetUDIGITA~1.EXEDigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the 7/Vista MSConfig entry where "DigitalMETER.exe" is shown as "DIGITA~1.EXE"Yes
Digital ProtectionXdigprot.exeDigital Protection rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DigitalProtectionNo
DigsbyNdigsby.exedigsby by dotSyntax, LLC. "is a multiprotocol IM client that lets you chat with all your friends on AIM, MSN, Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list"No
DIGServicesNDIGServices.exeCreated by Disney but licensed to ESPN for watching videosNo
DIGStreamNdigstream.exeDIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automaticallyNo
iConfigLoaderXDIIhost.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
dikkoceruvynXdikkoceruvyn.exeDetected by McAfee as PWS-FANO!77F138CB9225 and by Malwarebytes as Trojan.Ransom.GenNo
Diks32XDiks32.exeDetected by Dr.Web as Trojan.PWS.Banker1.2398 and by Malwarebytes as Trojan.BankerNo
dikwedsfXdikwedsf.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %UserTemp%No
dIlhost.exeXdIlhost.exeDetected by Sophos as Troj/Mdrop-DUW and by Malwarebytes as Worm.AutoRun. Note the upper case "i" in place of a lower case "L" after the "d"No
Microsoft Internal AntiVirus SystemsXdIlhost.exeDetected by Sophos as W32/Rbot-AEV and by Malwarebytes as Trojan.Autorun. Note the upper case "i" in place of a lower case "L" after the "d" in the filenameNo
diloqgohovapXdiloqgohovap.exeDetected by McAfee as RDN/Generic Downloader.x!co and by Malwarebytes as Trojan.Agent.USNo
dimapXdimap.exeDetected by McAfee as RDN/Downloader.a!os and by Malwarebytes as Backdoor.Agent.DMNo
EasyMailLogin EPM SupportUdimedint.exeEasyMailLogin toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyMailLogin_di\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DimensionUDimension.exeDimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocolNo
dimhuzusabnoXdimhuzusabno.exeDetected by McAfee as RDN/Generic Downloader.x!hn and by Malwarebytes as Trojan.Agent.USNo
Dino3Xdino3.exeRelated to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a resultNo
DinstXdinst.exeIMIServer/IEPlugin adwareNo
dionpisXdionpis.exeDetected by Sophos as Troj/PSW-FFNo
Dioxin.exeXDioxin.exeDetected by Symantec as W32.Dinoxi. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
DirexcXXDircxtX.exeDetected by Dr.Web as Trojan.DownLoader10.45586 and by Malwarebytes as Trojan.Agent.RNSNo
Direct XXDirect X9.exeDetected by Microsoft as Worm:Win32/Zanayat.ANo
Directx Startup DriversXdirect.exeDetected by Trend Micro as WORM_CPEX.F. The file is located in %System%\inetsrvNo
direct3d.exeXdirect3d.exeDetected by Sophos as Troj/Certif-FNo
DirectX9Xdirect3d.exeDetected by Kaspersky as Trojan.Win32.Agent.edw. The file is located in %Temp%No
Windows SP4XdirectCC.exeDetected by Sophos as W32/Rbot-ACXNo
DirectCDNDirectCD.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
Adaptec DirectCDNDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
AdaptecDirectCDNDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again laterNo
DirectKeywordXDirectKeyword.exeDetected by Malwarebytes as Adware.K.DirectKeyWord. The file is located in %AppData%\DirectKeywordNo
DirectoryXDirectory.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Backdoor.Agent.DRNo
directs.exeXdirects.exeDetected by Symantec as W32.Beagle.O@mmNo
DIRECTV DSLUDirectvdsl.exeStarts DirectTV DSL modem at boot up. Can also be started manuallyNo
USB ManagerXdirectwt.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp% - see hereNo
DirectXXDirectX.exeDetected by Malwarebytes as Ransom.Radamant. The file is located in %AppData% - see hereNo
directxXDirectx.exeDetected by Symantec as Backdoor.Sdbot.D and by Malwarebytes as Ransom.Radamant. The file is located in %System%No
DirectXXDirectX.exeDetected by Symantec as W32.HLLW.Blaxe and by Malwarebytes as Ransom.Radamant. The file is located in %Windir%No
DirectXXDirectX.exeDetected by Trend Micro as WORM_LOGPOLE.A and by Malwarebytes as Ransom.Radamant. The file is located in %Windir%\BackupNo
svchostXdirectx.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %Windir%No
dxXdirectX.exeDetected by Dr.Web as Trojan.KillFiles.11819 and by Malwarebytes as Trojan.AgentNo
Media SDKXDirectx10.exeDetected by Malwarebytes as Backdoor.Agent.SDK.Generic. The file is located in %AppData%\DotNetNo
DirectXXdirectx32.exeDetected by Trend Micro as WORM_AGOBOT.CGNo
DirectX 32Xdirectx32.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
DirectX PluginXdirectx32.exeDetected by Panda as KurtAgent.ANo
WindowsXP ModuleXDirectX3D.exeMalware, reportedly a keylogger - see hereNo
DirectX 3D ServiceXDirectX3D.exeDetected by Symantec as Backdoor.Revrs and by Malwarebytes as Backdoor.IRCBotNo
directx86.exeXdirectx86.exeDetected by Dr.Web as Trojan.Inject1.28403 and by Malwarebytes as Trojan.AgentNo
Microsoft DirectxXdirectxat.exeDetected by Sophos as W32/Sdbot-BXF and by Malwarebytes as Backdoor.SDBot. Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)No
Microsoft DirectxspXdirectxbt.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Directx clickXdirectxclick.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Directx clicksXdirectxclickers.exeDetected by Sophos as W32/Rbot-GHTNo
Microsoft DirectxspnewXdirectxnew.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Microsoft Directx pushXdirectxpushup.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
DirectX64XDirectXset.exeDetected by McAfee as W32/Browney.a.wormNo
directx_apiXdirectx_api..exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %UserTemp%No
DirecXXDirecX.exeDetected by Sophos as W32/Agobot-HUNo
direxshel.exeXdirexshel.exeDetected by Dr.Web as Trojan.Siggen6.23234 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
direxwin.exeXdirexwin.exeDetected by Dr.Web as Trojan.Siggen6.357 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
DirkeyUDirkey.exeDirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked foldersNo
DirLockXDirLock.exeDetected by Sophos as W32/Autorun-APLNo
DirLockerXdirlock.exeDetected by Sophos as W32/Autorun-AMSNo
SessionMngrXdirlock.exeDetected by Symantec as W32.DaprosyNo
dirnvv.exeXdirnvv.exeDetected by Malwarebytes as Trojan.Agent.TIB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
KexplorerXDiRS.batDetected by Dr.Web as Trojan.MulDrop1.49247 and by Malwarebytes as Trojan.Agent.ENo
tskmgrs.exeXDiRS_Gb.batDetected by Dr.Web as Trojan.Siggen6.21360 and by Malwarebytes as Backdoor.Agent.ENo
DirtyDecryptXDirtyDecrypt.exeDetected by Malwarebytes as Trojan.Ransom. The file is located in %AppData%\DirtyNo
vbc.exeXdirtypic.exeDetected by Malwarebytes as Backdoor.Messa.Gen. The file is located in %UserTemp%No
Winjava xmlXdirx9.exeDetected by SUPERAntiSpyware as Trojan.DIRX9.Process. The file is located in %System%No
DisableWinXPWZCS?DisableWinXPWZCS.exeAssociated with Qualcomm Technologies wireless chipsetsNo
EDFcsn?discfcsn.exeRelated to Hewlett-Packard's Discovery Agent. What does it do and is it required?No
Windows UpdateXdisco.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
DISCover?DISCover.exePart of Digital Interactive's "DISCover console - "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players". What does it do and is it required?No
DiscUpdateManagerNDiscUpdateMgr.exeDisc Update Manager for Digital Interactive's DISCover Console. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players"No
DiscUpdateManagerNDiscUpdMgr.exeDisc Update Manager for Digital Interactive's DISCover Console. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players"No
discussioneIMVU.exeXdiscussioneIMVU.exeDetected by Dr.Web as Trojan.DownLoader10.45726 and by Malwarebytes as Trojan.Downloader.ENo
DiscWizardMonitor.exeNDiscWizardMonitor.exePart of Seagate DiscWizard - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mountingNo
disds.vbsXdisds.vbsDetected by Dr.Web as Trojan.Siggen6.4557 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
disetypkidozXdisetypkidoz.exeDetected by Dr.Web as Trojan.DownLoad3.32793 and by Malwarebytes as Backdoor.Agent.ENo
disfyqgublyxXdisfyqgublyx.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
(Default)Xdisk.exeDetected by Kaspersky as Trojan.Win32.Scar.cgsz. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %Windir%No
msigXdisk10.exeDetected by Sophos as Troj/Banbra-KFNo
taskmsgsXdisk10.exeDetected by Sophos as Troj/Bancos-BBWNo
MSN32Xdisk22.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
cleainstXdiskator.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\mobsesetNo
Windows [random character]Xdiskcheck.exeDetected by Symantec as Backdoor.Singu.BNo
DiskCleanMainXDiskClean.exeDiskClean rogue security software - not recommended, removal instructions hereNo
Disk CleanerUDiskCleaner.ExeHard disk management part of an older version of TuneUp Utilities from TuneUp Software GmbH (now part of AVG Technologies)No
(Default)Xdiskete.exeDetected by Microsoft as TrojanDownloader:Win32/Banload and by Malwarebytes as Trojan.Delf. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
DiskinfXdiskinf.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
CrystalDiskInfoUDiskInfo.exeCrystalDiskInfo - a "HDD/SSD utility software which supports S.M.A.R.T. and a part of USB-HDD"No
DiskManagerXDiskManager.exeDetected by Malwarebytes as Backdoor.NetWiredRC. The file is located in %Temp%No
Diskmon.exeUDiskmon.exe"DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity"No
diskchkXdiskmon32.exeDetected by Sophos as W32/Rbot-BBINo
DisknagNdisknag.exeDell program that reminds you to make your backup diskettesNo
diskpartXdiskpart.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate DiskPart text-mode command interpreter which is always located in %System%. This one is located in %AppData%No
DiskPieProNDiskPiePro.exeDiskPie Pro cleaning utility from PC Magazine that provides users with customizable pie charts to find and fix overweight folders, files and disk drivesNo
DiskPowerUDiskPower.exeDetected by Malwarebytes as PUP.Optional.FreeDownloadManager. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Disk ReviverUdiskreviver.exeDisk Reviver from ReviverSoft - "will scan your hard drive for performance improvements. Disk Reviver can quickly and safely clean junk files, optimize your hard drive and maintain your hard drive health. The result is a faster, more reliable hard drive that is crucial for the functioning of your computer." Detected by Malwarebytes as PUP.Optional.ReviverSoft. The file is located in %ProgramFiles%\Disk Reviver. If bundled with another installer or not installed by choice then remove itNo
Microsoft Service Disk CycleXdisksave.exeDetected by Microsoft as Worm:Win32/Slenfbot.IINo
[various names]Xdiskserv.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
dllhltMcXdisksupd.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
Disk ManagerXdiskver.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Disk_MonitorUDisk_Monitor.exeMulti-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the readerNo
I am not Ranky. I am eTunnel!Xdisney.exeAdded by an unidentified WORM or TROJAN!No
disnisaXdisnisa.exeDetected by Sophos as W32/Dorf-AENo
DispatcherXdispatcher.exeDetected by Sophos as Troj/Abox-INo
ATI Display DriverXdispdrv.exeDetected by Dr.Web as Trojan.MulDrop5.10414 and by Malwarebytes as Backdoor.IRCBot.ENo
dispenterXdispenter.exeDetected by Sophos as Troj/Agent-MKKNo
Windows Display CouplerXdisplay.exeDetected by Sophos as Troj/IRCBot-YSNo
APC UPS StatusYDisplay.exeSystem Tray access to the APC PowerChute software which controls their range of uninterruptible power supplies (UPS) - to provide unattended shutdown of servers and workstations in the event of an extended power outage and status loggingNo
windowsdriversXdisplaydriver.exeDetected by Malwarebytes as Trojan.MPGen.nps. The file is located in %MyDocuments%\Services - see hereNo
internetXdisplaydriver.scrDetected by Malwarebytes as Trojan.Zbot.RV. The file is located in %AppData%\browserNo
DisplayFusionUDisplayFusion.exeDisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows"Yes
displaylinkXdisplaylink.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Adware.KorAdNo
NVIDIA DisplayXDisplayMonitor.exeDetected by Trend Micro as WORM_ABI.C. Note - this is not a legitimate NVIDIA entry and the file is located in %Windir%No
Display-DriverXdisplaynw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\displaynwNo
displaynwXdisplaynw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\displaynwNo
DisplaySwitchXDisplaySwitch.exeDetected by Sophos as Troj/Ransom-QA and by Malwarebytes as Trojan.FakeMS.zbNo
DisplayUpdate2014XDisplayUpdate2014.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.MNRNo
DisplayWorkerXdisplaywork.exeDetected by Malwarebytes as Trojan.PasswordStealer. The file is located in %AppData%No
EasyMailLogin Search Scope MonitorUdisrchmn.exeEasyMailLogin toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EasyMailLogin_di\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DisspyUdisspy.exeDisspy spyware detection and removal softwareNo
Distiller Assistant 3.01NDISTASST.EXEFrom Adobe. Creates PDF universal files for Acrobat ReaderNo
sdmsaXdisxmsQ.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftNo
DitXdit.exeDetected by Sophos as Troj/Lazar-A. The file is located in %System%No
DitYDit.exe"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found. Located in %Windir%No
DiTask.exeNDiTask.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call)No
Desktop ImproverUDITray.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC. The file is located in %ProgramFiles%\Desktop Improver. If bundled with another installer or not installed by choice then remove itNo
DittoUDitto.exeDitto by Scott Brogden - "is an extension to the standard Windows clipboard. It saves each item placed on the clipboard allowing you access to any of those items at a later time. Ditto allows you to specify what gets saved, text, images or html"No
Divamon.exe?Divamon.exeAssociated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem - what does it do and is it required?No
FlashPlayer UpdateXdivandshare.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%No
RIVXeXDivX.exeDetected by McAfee as RDN/Generic BackDoor!nz and by Malwarebytes as Backdoor.XTRatNo
TDIVXXDivX.exeDetected by McAfee as RDN/Generic BackDoor!nz and by Malwarebytes as Backdoor.XTRatNo
DivX UpdaterXdivx.exeDetected by Symantec as Trojan.NaldemNo
DDIVXXDivX.exeDetected by McAfee as RDN/Generic BackDoor!nz and by Malwarebytes as Backdoor.XTRatNo
Java UpdateXdivx.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %ProgramFiles%\JavaNo
divxXdivxenc.exeDetected by Symantec as Trojan.Spbot.BNo
DivXMediaServerNDivXMediaServer.exeMedia server part of the DivX Player software media player from DivX, LLC. "With the built-in DivX Media Server, your DivX Player lets you stream videos, music, and photos to any DLNA-compatible device in your home, including the PS3 and Samsung Galaxy line of products"No
DivX PlayerXDivXPlayer.exeDetected by Microsoft as Backdoor:Win32/Rbot.AWNo
DIVX Video PlayerXDIVXPloyer.exeAdded by an unidentified WORM or TROJAN!No
DivX UpdateNDivXUpdate.exeAutomatic updates for the DivX video software package from DivX, LLC - which includes the Player, Web Player and Converter. If disabled, DivXUpdate.exe will run the next time you start one of the components - but will not run on windows start-upYes
DivXUpdateNDivXUpdate.exeAutomatic updates for the DivX video software package from DivX, LLC - which includes the Player, Web Player and Converter. If disabled, DivXUpdate.exe will run the next time you start one of the components - but will not run on windows start-upYes
CerbXDivXx.exeDetected by Sophos as Troj/KeyLog-LVNo
DivyeshXDivyesh.exeDetected by Malwarebytes as Trojan.TechSupportScam. The file is located in %Windir%\Divyesh\Divyesh - see hereNo
diwiqarpacehXdiwiqarpaceh.exeDetected by McAfee as W32/Spybot.bfr and by Malwarebytes as Trojan.Agent.USNo
dixxodotbuodXdixxodotbuod.exeDetected by McAfee as RDN/Generic Downloader.x!lx and by Malwarebytes as Trojan.Agent.USNo
caidiysetupXdiynetsetupuni.exeDIYNet adwareNo
Data Joiner Administrative NetworkerXdjan.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
djebmm350.exeXdjebmm350.exeEbates Moe Money Maker adwareNo
djfake.exeXdjfake.exeDetected by Dr.Web as Trojan.KillProc.27347 and by Malwarebytes as Trojan.Agent.E. The file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Microsoft System ServiceXdjfxwyx.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System% - see hereNo
Network DeviceXdji63rgw.exeDetected by McAfee as Generic.dxNo
TaskmanXdjjqs.exeDetected by Trend Micro as TROJ_DROPPER.QBS and by Malwarebytes as Worm.Palevo. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "djjqs.exe" (which is located in %AppData%)No
EmailFanatic EPM SupportUdjmedint.exeEmailFanatic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EmailFanatic_dj\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DJSNetCN?DJSNetCN.exe"Symantec Licensing Detect Internet Connection" - part of older versions of Norton security softwareNo
EmailFanatic Search Scope MonitorUdjsrchmn.exeEmailFanatic toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\EmailFanatic_dj\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
djtopr1150.exeXdjtopr1150.exeWebRebates adwareNo
ServerXdkdel.exeDetected by Malwarebytes as Backdoor.Whimoo. The file is located in %System%No
dKernelXdKernel.exeDetected by Sophos as W32/Decoy-ANo
DiskeeperSystrayNDkIcon.exeDiskeeper defragmentation utility from Condusiv Technologies (was Diskeeper Corporation and Executive Software)No
DkServiceYDkService.exePart of the Diskeeper defragmentation utility from Condusiv Technologies (was Diskeeper Corporation and Executive Software). Recommended to leave this enabled, otherwise you could have problems starting it manually. Runs as a service on Windows XP and laterNo
DKTimeXdktime.exeDetected by Symantec as Downloader.LuniiNo
Debugger Windows BuilderXdkuowfxs.exeDetected by Dr.Web as Trojan.DownLoader5.32217 and by Malwarebytes as Trojan.AgentNo
Dkware lptt01Xdkware.exeRapidBlaster variant (in a "DonkySoft" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
Dkware ml097eXdkware.exeRapidBlaster variant (in a "DonkySoft" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove itNo
dkzzixm?dkzzixm.exeThe file is located in %System%. What does it do and is it required?No
Win32 UpdateXdl32.exeAdded by an unidentified WORM or TROJAN!No
DLAYDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
DLACTRLWYDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
DLACTRLW.EXEYDLACTRLW.EXEDrive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"Yes
HP DLANdlatray.exeSystem Tray access to DLA (Drive Letter Access) on HP PCs - HP's version of DirectCD (by Veritas - now Symantec). From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"No
dlatrayNdlatray.exeSystem Tray access to DLA (Drive Letter Access) on HP PCs - HP's version of DirectCD (by Veritas - now Symantec). From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"No
Dell AIO Printer A940Udlbabmgr.exeSystem Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttonsNo
dlbcservNdlbcserv.exeRelated to the Dell Photo Printer 720 and provides additional configuration optionsNo
Dell AIO Printer A960Udlbfbmgr.exeSystem Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttonsNo
Dell AIO Printer A920Udlbkbmgr.exeSystem Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttonsNo
Dell Photo AIO Printer 922Udlbtbmgr.exeSystem Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttonsNo
dlbtmon.exeUdlbtmon.exeDell Photo AIO Printer 922 device monitorNo
Dell Photo AIO Printer 942Udlbubmgr.exeSystem Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttonsNo
dlbumon.exeUdlbumon.exeDell Photo AIO Printer 942 device monitorNo
dlbxmon.exeUdlbxmon.exeDell Photo AIO Printer 962 device monitorNo
dlccmon.exeUdlccmon.exeDell Photo AIO Printer 924 device monitorNo
dlcdmon.exeUdlcdmon.exeDell Photo AIO Printer 944 device monitorNo
dlcgmon.exeUdlcgmon.exeDell Photo AIO Printer 810 device monitorNo
dlcimon.exeUdlcimon.exeDell AIO Printer 946 device monitorNo
dlcjmon.exeUdlcjmon.exeDell Photo AIO Printer 964 device monitorNo
dlclientUdlclient.exeDetected by Malwarebytes as PUP.Optional.DLClient. The file is located in %ProgramFiles%\dlclient\dlclient\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
dlcqmon.exeUdlcqmon.exeDell Photo AIO Printer 966 device monitorNo
dlcxmon.exeUdlcxmon.exeDell Photo AIO Printer 926 device monitorNo
dlderXdlder.exeDetected by Symantec as Spyware.Dlder. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilitiesNo
dldfmon.exeUdldfmon.exeDell AIO Printer 948 device monitorNo
dldnamonUdldnamon.exeDell V105 AIO printer device monitorNo
dldnmon.exeUdldnmon.exeDell V105 AIO printer device monitorNo
dldomon.exeUdldomon.exeDell 968 AIO Printer device monitorNo
dldtamonUdldtamon.exeDell V305 AIO Printer device monitorNo
dldtmonUdldtmon.exeDell V305 AIO Printer device monitorNo
dldtmon.exeUdldtmon.exeDell V305 AIO Printer device monitorNo
dldwamonUdldwamon.exeDell V505 AIO printer device monitorNo
dldwmon.exeUdldwmon.exeDell V505 AIO printer device monitorNo
dleamon.exeUdleamon.exeDell V310-V510 Series AIO printer device monitorNo
dlebmon.exeUdlebmon.exeDell P513w AIO wireless printer device monitorNo
dlecmon.exeUdlecmon.exeDell P713w AIO wireless printer device monitorNo
dleemon.exeUdleemon.exeDell V715w AIO wireless printer device monitorNo
Digital Line DetectNDLG.exeDetects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modemsNo
DLGNDLGCHBW.exeBackweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updatesNo
Data LifeGuard LifeLine Lite installerNDLGLI.EXEBackweb installer - see hereNo
DLHelperEXE.exeXDLHelperEXE.exeDownloader for Microgaming/Casino software - stealth installed. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
winprotectXdlhost.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
dlhostXdlhost.exeDetected by Sophos as Troj/ExpHook-ANo
HKCUXdlhost.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\FrameWork2No
HKCUXdlhost.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\InstallDirNo
HKCUXdlhost.exeDetected by McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
Windows System TrayXdlhost.exeIamBigBrother spywareNo
diagnosticsXdlhost.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
HKLMXdlhost.exeDetected by McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
nVidiaDisp32Xdlhzt.exeDetected by Dr.Web as Trojan.DownLoader4.16735No
loadXdlIhost.exeDetected by Malwarebytes as Backdoor.Agent.DLH. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "dlIhost.exe" (which is located in %AppData%\drivers)No
NetworkSetupNdlink.exeD-Link System Tray iconNo
DLKJhghfdhgXDLKJhghfdhg.exeDetected by McAfee as RDN/Generic PWS.y!e and by Malwarebytes as Backdoor.Agent.DCNo
hkeyXdllMOLEULTR-A malwareNo
policeXdllMOLEULTR-A malwareNo
FESTI64XDll Runner xded1.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %AppData%No
mstwain32XDLL.EXEDetected by Kaspersky as Trojan-Dropper.Win32.Delf.gdj and by Malwarebytes as Trojan.Agent. The file is located in %System%No
HKCUXDLL.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\sistem32No
HKCUXdll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowssNo
HKCUXdll.exeDetected by McAfee as Generic.dx!bhqr and by Malwarebytes as Backdoor.HMCPol.GenNo
dllXdll.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData%\{0664ECA6-B456-E195-1216-E87E3554727E} - see hereNo
DLLXdll.exeDetected by Dr.Web as Trojan.Inject1.42794 and by Malwarebytes as Backdoor.Agent.ENo
dll.exeXdll.exeDetected by Dr.Web as Trojan.DownLoader11.18952 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
RollBackXDll.exeDetected by Dr.Web as Trojan.Siggen6.18169 and by Malwarebytes as Backdoor.Agent.ENo
burhdanXdll.exeDetected by Dr.Web as Trojan.DownLoader11.18952 and by Malwarebytes as Trojan.Downloader.ENo
Flash PlayerXdll.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Backdoor.Agent.DCE. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Adobe (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Adobe (XP)No
Flash PlayerXdll.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %MyDocuments%\DropboxNo
Flash PlayerXdll.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %Temp%\DropboxNo
CLSIDXdll.exeFirstEnter - Switch dialer and hijacker variant, see hereNo
AMINAXdll.exeDetected by McAfee as Generic.dx!bhqr and by Malwarebytes as Backdoor.AgentNo
HKLMXDLL.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\sistem32No
HKLMXdll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\windowssNo
HKLMXdll.exeDetected by Dr.Web as Trojan.PWS.Stealer.17279 and by Malwarebytes as Backdoor.HMCPol.GenNo
bDp80FXdll.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%\ySy74V - see hereNo
dll.sys.exeXdll.sys.exeDetected by Malwarebytes as Trojan.Agent.DL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dll2host.exeXdll2host.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %AppData%No
dll2host.exeXdll2host.exeDetected by Malwarebytes as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
HKCUXdll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %UserTemp%\appNo
Windows DLLXdll32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\WindowsDllNo
Windows DLLXdll32.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %ProgramFiles%\WindowsDllNo
dll32Xdll32.exeDetected by Kaspersky as Trojan-Downloader.Win32.Banload.bej. The file is located in %System%No
dll32.exeXdll32.exeDetected by McAfee as RDN/Generic BackDoor!yi and by Malwarebytes as Backdoor.Agent.DCENo
HKLMXdll32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %UserTemp%\appNo
System32DllXDLL32SYS.EXEDetected by Sophos as W32/Spybot-CZ and by Malwarebytes as Trojan.AgentNo
dllcacheXdllcache.exeDetected by Trend Micro as WORM_SILLY.RK and by Malwarebytes as Trojan.Agent.RDMNo
MicrosoftCorpXdllCache.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.62171 and by Malwarebytes as Trojan.Agent.MSGenNo
dllcache.exeXdllcache.exeAdded by the VISPAT.A WORM!No
Windows Dynamic Library CacheXdllcache.exeDetected by Sophos as Troj/Inject-HT and by Malwarebytes as Backdoor.BotNo
netmonXdllcache.exeDetected by Sophos as Troj~Bckdr-RAA and by Malwarebytes as Backdoor.BotNo
MicrosoftNAPCXdllCache.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.62171 and by Malwarebytes as Backdoor.BotNo
NoDriveTypeAutoRunXdllcache32.exeAdded by the SPUNST TROJAN!No
DllCacherv2Xdllcachev2.exeDetected by Symantec as Backdoor.LatedaNo
Winsock2 driverXdllcfg32.exeDetected by Trend Micro as WORM_SPYBOT.AG and by Malwarebytes as Backdoor.BotNo
Live MenuNDllcmd32.exeDLL Command Utility for eFax Messenger from j2 Global Communications, Inc. - which "is a free software that can be used to enhance your eFax service. The software allows you to create and edit faxes, complete with text notes, highlights, and signatures." Older versionNo
MSN UpdateXdllcon.exeDetected by Sophos as W32/Rbot-EANo
DlldmtXdlldmt.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
loadXdllehosts.exeDetected by Malwarebytes as Trojan.Dropper.MSIL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "dllehosts.exe" (which is located in %AppData%\drivers)No
dllhelpXdllhelp.exeDetected by Sophos as Troj/StartPa-HDNo
Win32 ConfigurationXdllhelp.exeDetected by Trend Micro as WORM_SDBOT.UL and by Malwarebytes as Backdoor.BotNo
dllhelpXdllhlp.exeDetected by McAfee as Downloader-HINo
HKLMACH1H5Xdllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
ChromeXdllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
loadXdllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLH. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "dllhos.exe" (which is located in %System%\dllhost) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
HKCUSER242Xdllhos.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DLHNo
System RescueXdllhosl.exeDetected by Microsoft as TrojanSpy:Win32/Ranbyus.G and by Malwarebytes as Trojan.AgentNo
dllhost-f.exeXdllhost-f.exeDetected by Dr.Web as Trojan.DownLoader11.22019 and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dllhost.comXdllhost.comDetected by Sophos as W32/Lovelet-Y and by Malwarebytes as Trojan.Downloader.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
(Default)Xdllhost.comDetected by Sophos as W32/Lovelet-Y. Note - this malware actually changes the value data of the "(Default)" key in HKLM\policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%No
DLL32Xdllhost.dllAdded by the SUCLOVE.A WORM!No
desktopXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserTemp%No
PoliciesXdllhost.exeDetected by McAfee as RDN/Generic.bfr!hd and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in an "install" sub-folderNo
PoliciesXdllhost.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\dllhostNo
PoliciesXdllhost.exeDetected by McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\helpNo
AdobeAAMUpdaterXdllhost.exeDetected by McAfee as RDN/Generic.bfr!hd and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in an "install" sub-folderNo
Windows Defender ExtensionXdllhost.exeDetected by Malwarebytes as Trojan.Agent.WDE. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\WindowsNo
HKCUXdllhost.exeDetected by McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\helpNo
Microsoft Driver SetupXdllhost.exeDetected by Sophos as W32/Autorun-AOZ and by Malwarebytes as Worm.Palevo. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %System%\driversNo
Windows ReferenceXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%No
Windows UpdateXDllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%No
Windows UpdateXDllhost.exeDetected by Malwarebytes as Backdoor.Bladabindi.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %CommonAppData%\InstallDirNo
dllhostXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%No
dllhostXdllhost.exeDetected by Malwarebytes as Backdoor.Agent.DLH. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
DllhostXdllhost.exeDetected by Kaspersky as Trojan-Downloader.Win32.Agent.dbdd and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %LocalAppData%No
dllhostXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in a "dllhost" sub-folderNo
dllhostXdllhost.exeDetected by McAfee as RDN/Generic PWS.y!ui and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in a "dmw" sub-folderNo
dllhostXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserProfile%\Recent - see hereNo
dllhostXdllhost.exeDetected by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserTemp% - see hereNo
dllhostXdllhost.exeDetected by Kaspersky as Trojan.Win32.VBKrypt.cqcx and by Malwarebytes as Backdoor.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\dllhostNo
DllHostXdllhost.exeDetected by Trend Micro as BKDR_PROSTI.AA. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\InfNo
dllhost.exeXdllhost.exeDetected by Sophos as W32/Fontra-F and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
dllhost.exeXdllhost.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%No
dllhost.exeXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
WinMngnXdllhost.exeDetected by Sophos as Troj/Sivion-A. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %System%\systemNo
COM SurrogateXdllhost.exeDetected by Malwarebytes as Spyware.Imminent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\Microsoft .NETNo
COM SurrogateXdllhost.exeDetected by Malwarebytes as Spyware.Imminent.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\WindowsNo
COM SurrogateXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in a "dllhost" sub-folderNo
svchostXdllhost.exeDetected by Malwarebytes as Backdoor.Bot.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserProfile%\SendTo - see hereNo
GoogleUpdateXdllhost.exeDetected by Dr.Web as Trojan.DownLoader10.30151 and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\Microsoft\Windows\1042No
GoogleUpdateXdllhost.exeDetected by Dr.Web as Trojan.DownLoader10.54044 and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in a "Microsoft" sub-folderNo
ServiceXdllhost.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%No
Adobe UpdateXDllhost.exeDetected by Malwarebytes as Backdoor.Bladabindi.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %CommonAppData%\InstallDirNo
Microsoft-Startup ManagerXdllhost.exeDetected by Dr.Web as Trojan.MulDrop4.13434. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %CommonFiles%\Microsoft ComponentsNo
AdobeXDllhost.exeDetected by Malwarebytes as Backdoor.Bladabindi.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %CommonAppData%\InstallDirNo
diagtrackXdllhost.exeDetected by Malwarebytes as Spyware.Agent.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\diskraidNo
Java UpdateXDllhost.exeDetected by Malwarebytes as Backdoor.Bladabindi.E. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %CommonAppData%\InstallDirNo
Microsoft Update checkerXdllhost.exeDetected by Kaspersky as Trojan.Win32.Swisyn.atcs and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%No
HKLMXdllhost.exeDetected by McAfee as RDN/Generic.bfr!gc and by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %Windir%\helpNo
winXdllhost.exeDetected by Malwarebytes as Trojan.Downloader. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %UserTemp% - see hereNo
FirewallXdllhost.exeDetected by Malwarebytes as Backdoor.Bot. Note - this is not the legitimate dllhost.exe process which is always located in %System%. This one is located in %AppData%\MicrosoftNo
dllhost.exe -startUdllhost.exe -startDetected by Malwarebytes as PUP.Optional.StartPage. Note - this is not the dllhost.exe process which is always located in %System%. This one is located in %AppData%\sys. If bundled with another installer or not installed by choice then remove itNo
DLL Service ManagerXdllhost16.exeDetected by Symantec as Backdoor.IRC.RPCBot.FNo
DllHost2XDllHost2.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.DLNo
Windows DLL HostXdllhost32.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %System%No
Microsoft Autorun4Xdllhost32.exeDetected by Symantec as W32.Ogleon.ANo
dllhost64.exeXdllhost32.exeDetected by Malwarebytes as Spyware.Imminent. The file is located in %LocalAppData%\nodedll32No
Index ServiceXdllhost32.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
dllhost86.exeXdllhost86.exeDetected by Dr.Web as Trojan.Inject1.23491 and by Malwarebytes as Backdoor.TibiaNo
dllhoster.exeXdllhoster.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\NtDLL InstallerNo
dllhoster.exeXdllhoster.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\NtDLL LoaderNo
dllhoster.exeXdllhoster.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%\NtDLL SysScanNo
dllhoster.exeXdllhoster.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System% - see hereNo
PoliciesXdllhostfile.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\ COM SurrogateNo
WinUpDaterXdllhostfile.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %System%\ COM SurrogateNo
System32Xdllhostfile.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%\ COM SurrogateNo
NT Printing Services6Xdllhosts.exeDetected by Dr.Web as Trojan.Siggen1.55305 and by Malwarebytes as Trojan.AgentNo
USBDEVICEMANAGER_WINDOWSXdllhostservis32.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.ANDNo
Windows UpdateXdllhostup.exeDetected by Sophos as Troj/Bancban-NBNo
dllhostxp.exeXdllhostxp.exeBrowser hijacker and adware downloader. The file is located in %System%No
dllhotspotXdllhotspot.exeDetected by Malwarebytes as Backdoor.Agent.MPG. Note - this entry loads from the Windows Startup folder and the file is located in %System%No
dllhotspotXdllhotspot.exeDetected by Malwarebytes as Backdoor.Agent.MPG. Note - this entry loads from the HKLM\Run and HKCU\Run keys and the file is located in %System%No
DLLHostXdllhst.exeDetected by Sophos as W32/Delbot-ACNo
Dllhst3gXdllhst3g.exeDetected by Malwarebytes as Trojan.TDref.Gen. The file is located in %Windir%No
DllHstXdllhst3g.exe /waitserviceDetected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate dllhst3g.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\driversNo
[random CLSID]Xdllhsts.exeDetected by Microsoft as Ransom:Win32/Genasom.EJ and by Malwarebytes as Backdoor.Agent - see an example hereNo
Windows System GuardXdlll.exeDetected by ESET as Win32/Boberog.AQ and by Malwarebytes as Backdoor.IRCBotNo
dlll.vbsXdlll.vbsDetected by Dr.Web as Trojan.DownLoader10.9928 and by Malwarebytes as Backdoor.Agent.ZPT. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
dlllhostXdlllhost.exeDetected by McAfee as RDN/Generic PWS.y!xc and by Malwarebytes as Backdoor.Agent.ENo
SystemXdlllhost.exeDetected by Malwarebytes as Trojan.PassWords.VB. The file is located in %System%No
Windows Online UpdaterXdllman.exeDetected by Sophos as W32/Rbot-TENo
UpmeXdllman.exeDetected by Trend Micro as WORM_SDBOT.ALXNo
Windows Plug and Play Service 32 BITXdllmanager.exeAdded by the RBOT-CGK WORM!No
dliteXdllmanager.exeAdded by the WOOTBOT.DN WORM!No
NvCplScanXdllmanager.exeDetected by Trend Micro as WORM_FORBOT.RNo
Microsoft Windows DLL Services ConfigurationXdllmanager32.exeDetected by Sophos as W32/Sdbot-BTU and by Malwarebytes as Trojan.MWF.GenNo
Microsoft Connection ManagerXdllmanger.exeDetected by Trend Micro as WORM_RBOT.RGNo
DLL32Xdllmem32.exeDetected by Symantec as W32.Kwbot.E.WormNo
Microsoft DLL Host ServiceXdllmemhost.exeDetected by Microsoft as Worm:Win32/Slenfbot.BMNo
Microsoft DLL ManagerXdllmgr.exeDetected by Sophos as W32/Sdbot-KJNo
Module LoaderUDLLML.exeCreative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixingNo
AudioDrvEmulatorUDLLML.exe AudDrvEm.dllCreative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixing. This instance is related to an Audio Emulator functionNo
RCSystemUDLLML.exe RCSystemCreative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixing. This instance appears to be related to a Remote Control functionNo
DLL ManagerXdllmngr32.exeDetected by Total Defense as Win32.Rbot.AAT. The file is located in %System%No
Microsoft DLL MonitorXdllmon32.exeDetected by Microsoft as Worm:Win32/Slenfbot.DWNo
Microsoft DLL MonitorXdllmon64.exeDetected by Microsoft as Worm:Win32/Slenfbot.DYNo
Microsoft DLL MonitorXdllmonitor.exeDetected by Microsoft as Worm:Win32/Slenfbot.DRNo
Microsoft Dll Printer ManagerXdllpt.exeDetected by Trend Micro as WORM_SDBOT.BIHNo
PoliciesXDllrecover.exeDetected by Sophos as Mal/MSIL-FW and by Malwarebytes as Backdoor.Agent.PGenNo
HKCUXDllrecover.exeDetected by Sophos as Mal/MSIL-FW and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXDllrecover.exeDetected by Sophos as Mal/MSIL-FW and by Malwarebytes as Backdoor.HMCPol.GenNo
runXdllreg.exeDetected by Sophos as Troj/Dumaru-LNo
DllregXdllreg.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
Windows 32-bit DLL Integrity VerifierXdllrun.exeAdded by Remote Storm - a remote control tool that is a network application that allows users to manage and control PCs or networks from a remote locationNo
TaskmanXdllrun32.exeDetected by Trend Micro as WORM_RIMCUD.SM and by Malwarebytes as Worm.Rimecud. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "dllrun32.exe" (which is located in %Recycled%\{SID})No
Microsoft Windows Services EdtXdllrun32.exeDetected by Sophos as W32/Rbot-GAF and by Malwarebytes as Trojan.MWF.GenNo
SysFilesXdlls32.exeDetected by Trend Micro as BKDR_PRAYER.13No
SystemFilesXdlls32.exeDetected by Trend Micro as BKDR_PRAYER.13No
Microsoft DLL AuthentificationXdllsecure.exeDetected by Microsoft as Worm:Win32/Slenfbot.BNNo
Dll ServiceXdllservice.exeDetected by Dr.Web as Trojan.DownLoader11.9245 and by Malwarebytes as Trojan.Agent.MNRNo
Sysos Dll ServiceXdllservice.exeDetected by McAfee as RDN/Generic.grp!hh and by Malwarebytes as Trojan.Agent.MNRNo
Microsoft DLLSet32Xdllset32.exeDetected by Trend Micro as WORM_RBOT.OZNo
Microsoft DLL SourceXdllsrc.exeAdded by a variant of the IRCBOT BACKDOOR!No
RegScanXDLLSRV32.EXEDetected by Trend Micro as WORM_AGOBOT.AEWNo
DLLService32Xdllsvc32.exeDetected by Trend Micro as WORM_AGOBOT.VXNo
MS DLL Library ManagerXdllsys64.exeDetected by ThreatTrack Security as Trojan.Ranky. The file is located in %System%No
Dllbin32Xdllsysbin.exeDetected by Total Defense as Win32.Slinbot.FUNo
Skype32XDllUpdate.exeDetected by Dr.Web as Trojan.DownLoader11.16191 and by Malwarebytes as Trojan.Agent.SKNo
DLLUPDATE32Xdllupdate32.exeDetected by Trend Micro as WORM_AGOBOT.IANo
[blank]Xdllvirtual.dllDetected by Sophos as Troj/Dadobra-IW. Note - has a blank entry under the Startup Item/Name fieldNo
[blank]Xdllvirtual.exeDetected by Sophos as Troj/Dadobra-IW. Note - has a blank entry under the Startup Item/Name fieldNo
[blank]Xdllvirtual.jsDetected by Sophos as Troj/Dadobra-IW. Note - has a blank entry under the Startup Item/Name fieldNo
StartWinXDLLWinUp.exeDetected by Malwarebytes as Backdoor.Agent.SW. The file is located in %AppData%No
DllWNSSA.exeXDllWNSSA.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.ESCNo
sys sll serviceXdll_service.exeDetected by McAfee as RDN/Generic.dx!dc3 and by Malwarebytes as Trojan.Agent.MNRNo
igndlm.exeNDLM.exeIGN Download Manager used to be a requirement for downloading files through FilePlanet. It was based on Internet Explorer and installed through an ActiveX-plugin, hence Internet Explorer had to be installed beforehand and downloads has to be initialized through that browserNo
DLM.exeNDLM.exeIGN Download Manager used to be a requirement for downloading files through FilePlanet. It was based on Internet Explorer and installed through an ActiveX-plugin, hence Internet Explorer had to be installed beforehand and downloads has to be initialized through that browserNo
Dial22Xdlm.exeAdult content dialerNo
Dial33Xdlm.exeAdult content dialerNo
DLink System TrayUdlnetst.exeRelated to D-Link DGE-530T PCI card for servers and workstationsNo
DLO StartXDLO.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.STRGenNo
msvccc66Xdload.exeDetected by Malwarebytes as Backdoor.SDBot. The file is located in %System%No
Cliente DLOYDLOClientu.exePart of the backup suites from Veritas - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
DLO AgentYDLOClientu.exePart of the backup suites from Veritas - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005No
Symantec Backup Exec Desktop AgentYDLOClientu.exePart of Symantec's Backup Exec backup softwareNo
Symantec NetBackup Desktop AgentYDLOClientu.exePart of Symantec's NetBackup backup softwareNo
DLPSPUDLPSP.EXEDell laser printer status monitorNo
dlRBXdlRB.vbsDetected by Malwarebytes as Script.Reboot.Agent. The file is located in %System%No
li-speed****Xdlres.exeAdult web-dialer - **** is randomNo
dlsp2mxXdlsp2mx.exeDetected by Sophos as Dial/MPB-B. An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"No
DLT?DLT.EXEPart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotelyNo
dlucaXdluca.exeDetected by Symantec as Downloader.Dluca.CNo
dlup32Xdlup32.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Backdoor.Agent.DCENo
dluxdeXdluxde.exeAll-In-One-Telcom (Adult content dialer) variantNo
DluxjpXDluxjp.exeDetected by Symantec as Downloader.Dluca.DNo
dm***.exe [* = random char]Xdm***.exe [* = random char]Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DualMatchingXdm.exeDetected by Symantec as Trojan.ADH and by Malwarebytes as Adware.AdKong. The file is located in %ProgramFiles%\dmNo
Auto UpdateXdma.exeDetected by Sophos as W32/Rbot-AVONo
DMASchedulerNDMAScheduler.exeRelated to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problemsNo
dmaupd32.exeXdmaupd32.exeDetected by Malwarebytes as Trojan.Dropper. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
DMCXdmc.exeAdded by Trojan-Downloader.Win32.Dluca.bv TROJAN!No
CrustyXdmcpl.exeDetected by Symantec as W32.Rusty@mNo
ATK MediaXDMedia.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Trojan.Agent.E. Note - do not confuse with the legitimate Asus laptop media button support utility of the same filename which is typically located in %ProgramFiles%\ASUS\ATK Media. This one is located in %AppData%\MicrosoftNo
ATKMEDIAUDMEDIA.EXEDriver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etcNo
InControl Desktop ManagerNDMHKEY.EXESystem Tray access to desktop utilities such as screen resolution for older Diamond Multimedia video cardsNo
DMILDRNdmildr.exePart of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standardsNo
dmimeXdmime.exeMalware installed by different rogue security software including SpyKillerProNo
DMISLAPPNDMISLAPP.exeDMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management InterfaceNo
iktcXdmiy.exeDetected by Sophos as Troj/Agent-RDYNo
DMKEMAXDMKEMA.exeDetected by Dr.Web as Trojan.DownLoader9.1396 and by Malwarebytes as Trojan.AgentNo
DMHotKeyUDMLoader.exeHotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1No
dmloaderXdmloader.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
GoUnzip EPM SupportUdmmedint.exeGoUnzip toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GoUnzip_dm\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
PROFILEGATEXdmp.exeDetected by McAfee as Generic.dx and by Malwarebytes as Backdoor.Agent.IDFNo
DSServiceXdmrss.exeDetected by Sophos as W32/Agobot-XXNo
DriverMagicLogonUdmschedule.exePart of DriverMagic - "the easiest way to locate device drivers"No
DM_serverXdmserver.exeComet Cursor adwareNo
PlaySysXdmsplay.exeDetected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes as Trojan.AgentNo
GoUnzip Search Scope MonitorUdmsrchmn.exeGoUnzip toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\GoUnzip_dm\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Windows driver updateXdmsvc32.exeDetected by Sophos as W32/Sdbot-GPNo
Dmsvc32XDmsvc32.exeDetected by Trend Micro as WORM_AGOBOT.ABUNo
DmtdllXdmtdll.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Driver MaximizerUDMTray.exeDetected by Malwarebytes as PUP.Optional.DriverMaximizer. The file is located in %ProgramFiles%\Driver Maximizer. If bundled with another installer or not installed by choice then remove itNo
Disk Management Snap-inXdmview.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData%\Microsoft\Windows - see examples here and hereNo
PoliciesXdmw.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\iSecNo
HKCUXdmw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\SystemNo
HKCUXdmw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\iSecNo
FixbarXdmw.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Temp%No
IDT AudioXdmw.exeDetected by Malwarebytes as Trojan.Agent.DMW. The file is located in %AppData%\vlcNo
movieXdmw.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Agent.AVSNo
SecurityXdmw.exeDetected by Dr.Web as Trojan.DownLoader11.20342 and by Malwarebytes as Trojan.Banker.ENo
HKLMXdmw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %AppData%\SystemNo
HKLMXdmw.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\iSecNo
DmwClientUdmwclient.exeDMW "anti-cheating" software for online gamingNo
DMXLauncherUDMXLauncher.exePart of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video filesNo
JavaXDMygvb.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %UserTemp%\JavaNo
dm[3 random letters].exeXdm[3 random letters].exeAdded by the RUINDEM TROJAN!No
DM mgrXdm_mgr.exeDetected by Symantec as Backdoor.JittarNo
DM_UpdateXDM_Update.exeDetected by Dr.Web as Trojan.MulDrop5.5788 and by Malwarebytes as Trojan.Agent.TraceNo
Windows Data SerivceXdn.exeDetected by Sophos as Mal/Agent-NK and by Malwarebytes as Trojan.Agent.WDSNo
DancerUDncLE.exePart of Microsoft Plus! Digital Media Edition - see hereNo
dndsiocXdndsioc.exeAdded by the ONLINEGAMES.ALLM TROJAN!No
Windows Update FilesXdnetc.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %ProgramFiles%\microsoft hardwareNo
Microsoft Update ProtectionXdnetc.exeDetected by Dr.Web as Trojan.DownLoader8.31919. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\dnetcNo
distributed.net clientUDNETC.EXEDsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by virusesNo
DNHelper32XDNHlp32.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
wpqggejXdnierjk.exeDetected by Sophos as W32/Fanbot-FNo
dniw.exeXdniw.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and/or %UserStartup% and its presence there ensures it runs when Windows startsNo
WebmailWorld EPM SupportUdnmedint.exeWebmailWorld toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\WebmailWorld_dn\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
Windows Updt MaschishkhaXDnmee33.exeDetected by Trend Micro as WORM_KULSIBOT.A and by Malwarebytes as Backdoor.AgentNo
WindowsHelp ManagerXdnmisc.exeDetected by Dr.Web as Trojan.Siggen2.57782No
dnoteXdnote.exeDetected by Malwarebytes as Trojan.KeyLogger.DF. The file is located in %Windir% - see hereNo
DNS2GoClient?DNS2GOCLIENT.EXE"DNS2Go is a Dynamic DNS service that enables Internet users to host their own domain name, even if they have a dynamic IP address or are behind a router"No
winhelpXdns32.exeDetected by Malwarebytes as Worm.Email. The file is located in %System%No
LporiXdnsapik.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
DnsBlockUDnsBlockTray.exeDetected by Malwarebytes as PUP.Optional.DnsBlock. The file is located in %ProgramFiles%\DnsBlock. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
Network List ServiceXDnscache.exeDetected by McAfee as Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCENo
dnscleanerXdnscleaner.exeCoolWebSearch parasite variantNo
DNSEXDNSE.exePart of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctorNo
Microsoft System ServiceXdnservice.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %System%No
DNSKSI.exeXDNSKSI.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.JVNo
DNS ManagerXdnsmgr.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %ProgramFiles%\DNS ManagerNo
WebmailWorld Search Scope MonitorUdnsrchmn.exeWebmailWorld toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\WebmailWorld_dn\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
DNS ServiceXdnsresolver.exeAdded by the RBOT-PQ WORM!No
Domain Name Resolve ServiceXdnsresolver.exeAdded by the KIMAN.A WORM!No
Dns ResolverXdnsrslve.exeDetected by Sophos as W32/Rbot-WSNo
NAV Auto ProtectXdnsserv.exeDetected by Trend Micro as WORM_SDBOT.AQZNo
SiS DnsXdnssvc.exeDetected by Sophos as Troj/Dloader-UENo
DNS ServiceXdnssvc.exeDetected by Sophos as W32/Delbot-ZNo
ntupdateXdnsvc.exeDetected by Sophos as W32/Sdbot-TCNo
dnswinXdnswin.exeDetected by Total Defense as Backdoor.Win32.Agent.ce. The file is located in %Windir%\tasksNo
Dns ServerXdnswn.exeDetected by Trend Micro as WORM_RBOT.APKNo
catmanXDnxr92on.exeDetected by McAfee as RDN/Generic BackDoor!za and by Malwarebytes as Backdoor.Agent.ENo
DNXVC?dnxvc.exeThe file is located in %Windir%. What does it do and is it required?No
StartUp ProgramXdo0shav.exeDetected by McAfee as W32/Autorun.worm.gen and by Malwarebytes as Trojan.Agent.STPNo
DO7DWV481U0P.exeXDO7DWV481U0P.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
wrvrxriXdoanghc.exeDetected by Trend Micro as WORM_AUTORUN.VZX and by Malwarebytes as Worm.AutoRunNo
trololochikXdoc.batDetected by Dr.Web as Trojan.MulDrop2.27027 and by Malwarebytes as Trojan.Agent.TRLNo
PoliciesXdoc.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\installNo
HKCUXdoc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\installNo
docXdoc.exeDetected by Sophos as W32/Agobot-PJNo
docXdoc.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%\docNo
HKLMXdoc.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Root%\dir\install\installNo
BayMgrUDockApp.exeHot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devicesNo
Document ManagerYdocmgr.exePart of the legacy Embassy Trust Suite product from Wave Systems Corp. "Document Manager uses the hardware security provided by the TPM to provide strong protection for data. Files encrypted by Document Manager cannot be located or viewed by others"No
UpdateXDocs.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%\DocsNo
DoctoAVDownloadMgrUDoctoAntiVirus.exeDownloader for DoctoAntivirus - which is based upon Max Spyware Detector by Max Secure Software. Detected by Malwarebytes as PUP.Optional.DoctoAV as DoctoAntivirus is often bundled with other installers. The file is located in %UserTemp%\{GUID}\Addons. If not installed by choice then remove itNo
DocTorXDoctor.exeDetected by Trend Micro as WORM_DOTOR.ANo
NDoctorComXDoctorComLaunch.exeDoctorCom rogue security software - not recommended, removal instructions hereNo
ShellXdoctormypc.exeDetected by Malwarebytes as Hijack.Shell. Note - this entry modifies the legitimate HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" value data to point to the file "doctormypc.exe" (which is located in %Windir%) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry pointing to the same file. Removal instructions here)No
DoctorPCUDoctorPC.exeDetected by Malwarebytes as PUP.Optional.DrPC. The file is located in %ProgramFiles%\Doctor PC. If bundled with another installer or not installed by choice then remove itNo
DoctorSecurityMainXDoctorSecurity.exeDoctorSecurity rogue security software - not recommended, removal instructions hereNo
DoctorVXDoctorVLaunch.exeDoctorV rogue security software - not recommended, removal instructions hereNo
AdodepdfXdocument.exeDetected by Malwarebytes as Trojan.Agent.ADB. The file is located in %AppData%\pdfNo
DocumentXDocument.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %MyDocuments%No
NGPCBPJGNDKNAPGXdocumento.exeDetected by Malwarebytes as Trojan.Banker.Gen. The file is located in %UserStartup% - see hereNo
documento.exeXdocumento.exeDetected by Malwarebytes as Trojan.Banker.Gen. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
DocumentPerformanceEventsXDocumentPerformanceEvents.exeDetected by Malwarebytes as Trojan.Agent.E. Note - this entry loads from the Windows Startup folder and the file is located in %UserProfile%No
MicroLSdateXdocuments.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %MyDocuments%\MSDBHYNo
mswordXdocx.exeDetected by Sophos as W32/Codox-ANo
Microsoft UpMachineXdoezs.exeDetected by Trend Micro as WORM_RBOT.BCTNo
DofbotXDofbot.exeDetected by Dr.Web as Trojan.DownLoader10.54689 and by Malwarebytes as Backdoor.Agent.APLNo
dofusXdofus.exeDetected by Dr.Web as Trojan.DownLoader6.860. Note - this is not the legitimate DOFUS MMORPG which is typically located in %ProgramFiles%\Dofus. This one is located in %System%No
dofusXdofus.exeDetected by Dr.Web as Trojan.PWS.Siggen1.499. Note - this is not the legitimate DOFUS MMORPG which is typically located in %ProgramFiles%\Dofus. This one is located in %Temp%No
DofusXDofus.exeDetected by McAfee as RDN/Generic BackDoor!ui and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate DOFUS MMORPG which is typically located in %ProgramFiles%\Dofus. This one is located in %Temp%\DofusNo
DofusXDofus.exeDetected by Kaspersky as Trojan-Dropper.MSIL.Mudrop.ai. Note - this is not the legitimate DOFUS MMORPG which is typically located in %ProgramFiles%\Dofus. This one is located in %Windir%No
DofusXDofusBot.exeDetected by McAfee as Generic.grp!ddNo
Doing?doing.exeThe file is located in %System%No
doit.exeXdoit.exeDetected by Sophos as W32/Forbot-EKNo
BGGVXdokokj.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.XTRat.ENo
BGTYXdokokj.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.XTRat.ENo
MediaFaceOnlinePluginsServiceNdolcore.exePlugin service for an older version of Neato online design software for CD/DVD labels/inserts and other labelsNo
dolkeavukzagXdolkeavukzag.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
dolphiNXdolphiN.exeDetected by Malwarebytes as Trojan.Agent.DEUX. The file is located in %Windir%No
DolphinsScreenServerSvcUDolphinsScreenServer.exeScreensaver for the Miami Dolphins NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supportedNo
domXdom.exeDetected by Sophos as Troj/Agent-VGA and by Malwarebytes as Trojan.AgentNo
ConvertAnyFile EPM SupportUdomedint.exeConvertAnyFile toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertAnyFile_do\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BigDogPath323DominoNDomino.exeVimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and othersNo
DominoNDomino.EXEVimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and othersNo
domohuntijujXdomohuntijuj.exeDetected by McAfee as RDN/Downloader.a!sk and by Malwarebytes as Trojan.Agent.USNo
don't seeUdon't see.exeDon't See! French parental control software by Remy DelefosseNo
donXdon.exeDetected by Dr.Web as Trojan.DownLoader6.60182 and by Malwarebytes as Trojan.Agent.GenNo
uberkkkkXdone.exeDetected by Dr.Web as Trojan.DownLoader12.26523 and by Malwarebytes as Trojan.Downloader.ENo
Windows FirewallXdone2.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
WINDOWSMANDOTORYUPDATEXDONOTDELETE.exeDetected by Malwarebytes as Backdoor.Agent.DC. The file is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\WindowsMandatoryUpdate (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\WindowsMandatoryUpdate (XP)No
Don't PanicUdontpanicdemodp.exe30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"No
donxXdonx.exeDetected by Symantec as Infostealer.Donx and by Malwarebytes as Trojan.AgentNo
dooppXdoop32.exeDetected by Sophos as Troj/Agent-TKDNo
WindowsServerXdoor.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%\WebNo
DopusUdopus.exeDirectory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more"No
Directory Opus Desktop DblclkUdopusrt.exeDirectory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more"No
doqmalnapoqsXdoqmalnapoqs.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
wpds.exeXdoriot.exeDetected by Sophos as Troj/Small-KYNo
wersdsXdoriot.exeDetected by Symantec as Downloader.Ject.CNo
wersds.exeXdoriot.exeDetected by Sophos as Troj/BagleDl-ANo
doro-searchXdoro-searchUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\doro-searchNo
DoroServerNDoroServer.exeDoro PDF Writer from The SZ Development. All what you need for creating pdf filesNo
ShellXdos.exeDetected by Dr.Web as Trojan.Siggen6.21010 and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "dos.exe" (which is located in %AppData%)No
WIN32 DDOSSERXdos.exeDetected by Symantec as W32.Kelvir.FNo
Window LoaderXDos32.exeDetected by Symantec as W32.HLLW.Gaobot.AONo
1Xdos32.pifDetected by Kaspersky as Trojan.Win32.Delf.vir and by Malwarebytes as Trojan.PWS.Tibia. The file is located in %Root%No
dosXdos64.exeAdware downloader trojanNo
doscpXdoscp.exeDetected by Sophos as W32/Taterf-AHNo
Auto StartXdosin.exeDetected by Sophos as W32/Sdbot-GONo
perfrintXdoskeown.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
pcauhostXdoskeown.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
PINGuotaXdoskkeng.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
PATHHostXdoskmote.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
pcauhostXdosktray.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
pcauhostXdosktray.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
Micro ProcessXdosprmwin.exeDetected by Sophos as W32/Rbot-BCNo
ConvertAnyFile Search Scope MonitorUdosrchmn.exeConvertAnyFile toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\ConvertAnyFile_do\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Configuration LoaderXdosrun32.exeDetected by Symantec as W32.HLLW.Gaobot.AO and by Malwarebytes as Backdoor.BotNo
registry mainXdoss.exeDetected by Malwarebytes as Trojan.Agent.RM. The file is located in %ProgramFiles%\dllNo
1Xdossier.exeDetected by McAfee as RDN/Generic BackDoor!xt and by Malwarebytes as Backdoor.Agent.ENo
Windows DOSXdosw.exeDetected by Sophos as W32/Salay-ANo
Dot1XCfgXDot1XCfg.exeDetected by Trend Micro as TROJ_AGOBOT.EANo
dothujecixdoXdothujecixdo.exeDetected by McAfee as RDN/Generic Dropper!vd and by Malwarebytes as Trojan.Agent.USNo
WinUpdateSchedXdotkit.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\DotNet KitNo
dotNETXdotNET.exeDetected by McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Backdoor.Agent.ENo
loadXdotNET.exeDetected by McAfee as RDN/Generic.bfr!gt and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "dotNET.exe" (which is located in %AppData%\dotNET) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same fileNo
systechXdotnet.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
dotrudtegibdXdotrudtegibd.exeDetected by Sophos as Troj/Wonton-MX and by Malwarebytes as Trojan.Agent.US. The file is located in %AppData%No
DothabitXdot_experienced.exeDetected by Malwarebytes as Trojan.Dropper.FAV. The file is located in %UserTemp%\Dotconnect - see hereNo
doublevaccineXdoublevaccineu.exeDoubleVaccine rogue security software - not recommended. One of the OneScan family of rogue scanner programsNo
dowlond.vbsXdowlond.vbsDetected by McAfee as RDN/Generic PWS.y!b2m and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DowmingzuXDowmingzu.dll.vbsDetected by Sophos as VBS/Solow-ENo
downdownXdownDetected by Dr.Web as Trojan.Click2.62456 and by Malwarebytes as Trojan.ClickerNo
downXdown.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %CommonAppData%No
FlashPlayerXdown.exeDetected by McAfee as RDN/Generic Dropper!sl and by Malwarebytes as Trojan.Agent.FLP. The file is located in %Temp%\CrxNo
FlashPlayerXdown.exeDetected by Dr.Web as Trojan.StartPage.57770 and by Malwarebytes as Trojan.Agent.FLP. The file is located in %Temp%\CrxxNo
ddownXdown.exeDetected by Dr.Web as Trojan.DownLoader11.9061 and by Malwarebytes as Trojan.Agent.DNMNo
Microsoft Update 2.7.4.3XDown2.exeDetected by McAfee as RDN/Generic Downloader.x and by Malwarebytes as Backdoor.BotNo
Down2HomeUDown2Home.exeDown2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred"No
DownBookXDownBook.exeDetected by Malwarebytes as Trojan.Downloader.DB. The file is located in %LocalAppData%\DownBookNo
DownNowXdownite.exeDetected by Trend Micro as WORM_SDBOT.BOANo
Download Windows 32 64 Bit Gratis Full Version Full Speed.exeXDownload Windows 32 64 Bit Gratis Full Version Full Speed.exeDetected by Malwarebytes as Trojan.Downloader.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Eac DownloadXdownload.exeWebcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see hereNo
download.exeXdownload.exeDetected by Malwarebytes as Trojan.Agent.JVGen. The file is located in %AppData%\Sun\Java\Deployment\SystemCache\6.0\32No
javaXDownload.exeDetected by Malwarebytes as Backdoor.Agent.JV. The file is located in %AppData%No
Web1234Xdownload.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%No
DealHelperDownXdownload.exeDetected by Symantec as Adware.DealHelperNo
DGStartXdownloadgetupgrade.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\DownLoadGetNo
DGup2StartXdownloadgetuphp.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\DownLoadGetNo
ixplorer.exeXDownloadManager.exeDetected by McAfee as RDN/Generic Downloader.x!iaNo
DownloadManagerBXDownloadManagerB.exeDetected by Dr.Web as Trojan.DownLoader7.25181 and by Malwarebytes as Adware.KraddareNo
Download ManagerXDownloadManagers.exeDetected by Dr.Web as Trojan.MulDrop3.42220 and by Malwarebytes as Trojan.AgentNo
Download PlusXDownloadPlus.exeDownloadPlus adwareNo
eBotNDownloadWizard.exeeBot from Digital River - 'helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and "cool stuff".' Can optionally be installed with software such as Net Nanny internet filtering softwareNo
Download_Manager.exeXDownload_Manager.exeDetected by Microsoft as TrojanDropper:Win32/Dexel.A and by Malwarebytes as Trojan.Dropper. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicrosoftUpdateXdownnew.exeDetected by Sophos as Troj/Tanto-D and by Malwarebytes as Trojan.Agent.MUGenNo
downsXdowns.exeDetected by Sophos as Troj/Bckdr-MNRNo
DownsXDownsCK.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\DownsNo
DownShotFreeNDownShotFree.exeDownShotFree screenshot utility by IAC Applications (was Mindspark) which also installs a companion toolbar. Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Mindspark\DownShotFree. If bundled with another installer or not installed by choice then remove it, removal instructions hereYes
downvhostXdownvhost.exeDetected by Malwarebytes as Trojan.Downloader. The file is located in %AppData%\reg.microsoft\berlusconiNo
DownxzXDownxz.batDetected by Symantec as W32.Mydoom.W@mmNo
DsiXdp-******.exeAdded by an unidentified adware where ****** are random charactersNo
DsiXdp-him.exeDetected by Sophos as Troj/Multidr-AHNo
Don't Panic!UDP.EXEDon't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"No
DpAgentYdpagent.exePart of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for exampleNo
DPAgntNDPAgnt.exedigitalPersona fingerprint scannerNo
\dpapgraf.exeXdpapgraf.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.8189 and by Malwarebytes as Trojan.Agent.MVONo
AntispyXDpas.exeDefender Pro rogue security software - not recommended. Removal instructions here.No
DPASUpdateYDPASAutoUpdate.exeAutomatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
DPASYDPASNT.exeDefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1No
DOPCNOWXdpc32.exeDetected by McAfee as Generic PWS.yk and by Malwarebytes as Trojan.Agent.DPCNo
DailyPCCleanUDPCCSchedule.exeDetected by Malwarebytes as PUP.Optional.Tuto4PC. The file is located in %ProgramFiles%\DailyPCClean Support. If bundled with another installer or not installed by choice then remove itNo
DPConfigNDPConfig.exeDevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start MenuNo
dpcproxyXdpcproxy.exeDetected by Sophos as Troj/GoldenP-ANo
DPCProxyLoadOnStartupYdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
DpcstartYdpcstart.exeDirecWay from DirectTV (now HughesNet) - satellite based high-speed internet accessNo
Disk Panel ConfigurationXdpcsvc.exeDetected by Trend Micro as WORM_IRCBOT.ASL. The file is located in %System%No
dpiXdpi.exeDelfin PromulGate adwareNo
DPI ManagerXdpimgr.exeDetected by Malwarebytes as Trojan.Agent.DPI. The file is located in %ProgramFiles%\DPI ManagerNo
compinitXdplalace.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System%No
dplaysvrXdplaysvr.exeDetected by Dr.Web as Trojan.DownLoader5.44620 and by Malwarebytes as Trojan.QHost.BGNo
dply_en_#Udply_en_#.exeDetected by Malwarebytes as PUP.Optional.DeskTopPlay - where ** represents a 2 letter country code (ie, us, ca, jp, pl) and # represents one or more digits. The file is located in %ProgramFiles%\dply_**_#. If bundled with another installer or not installed by choice then remove itNo
FindYourMaps EPM SupportUdpmedint.exeFindYourMaps toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FindYourMaps_dp\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
NDPSUDPMW32.EXENovell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this featureNo
dpnsvr32Xdpnsvr32.exeDetected by Sophos as Troj/AOLPass-BNo
Don't Panic Pop-Up StopperUdpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
dpps2Udpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
Pop-Up StopperUdpps2.exePop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup groupNo
Edzy AntiVirusXdppsfa.exeAdded by a variant of Backdoor:Win32/RbotNo
dpsXdps.exeSmartestSearch homepage and search hijacker aimed at the site www.smartestsearch.com - distributed by scumware-remover.org, a supposed parasite remover application. Archived version of Andrew Clover's original descriptionNo
DTRSFRNFYMXdpserialo.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %System%No
DesktopPlant: AZARE10S.PLTUDPServer.exe AZARE10S.PLTDesktopPlant virtual Azalea plant by DesksoftNo
FindYourMaps Search Scope MonitorUdpsrchmn.exeFindYourMaps toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FindYourMaps_dp\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DptfPolicyLpmServiceHelperYdptfpolicylpmservicehelper.exeHelper for the Intel Dynamic Platform and Thermal Framework (DTPF) - which "is a power and thermal management solution at the platform level that utilizes both hardware and software." Helps to control when Low Power Mode (LPM) is entered, maximising battery lifeNo
dptrackerNdptracker.exeDigitalPeers CamTrack - webcam software that enhances the way people video chatNo
dpwMj73iXT0.exeXdpwMj73iXT0.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
XSRBYJSFXdpwsock5.exeDetected by Dr.Web as Trojan.DownLoader8.24053 and by Malwarebytes as Trojan.AgentNo
ffeqfqsXdqddss.exeDetected by Sophos as W32/Sdbot-SGNo
ddqdsxnfqsXdqddss.exeDetected by Trend Micro as WORM_SDBOT.AELNo
DownSpeedTest EPM SupportUdqmedint.exeDownSpeedTest toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownSpeedTest_dq\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
BEAST2XdQrOao.exeDetected by McAfee as RDN/Generic PWS.y!ur and by Malwarebytes as Backdoor.Agent.ENo
DownSpeedTest Search Scope MonitorUdqsrchmn.exeDownSpeedTest toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\DownSpeedTest_dq\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
dr-infoXdr-inforun.exeDetected by McAfee as Downloader.a!tq and by Malwarebytes as Rogue.DrInfoNo
DivX MediaPlayer 7.0XDr.DivX.exeDetected by Symantec as Backdoor.IRC.Aladinz.GNo
HKCUXDr1verUpdate00.exeDetected by McAfee as RDN/Generic.dx!dfz and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXDr1verUpdate00.exeDetected by McAfee as RDN/Generic.dx!dfz and by Malwarebytes as Backdoor.HMCPol.GenNo
Speedtouch USB DiagnosticsUDragdiag.exeFor an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)No
DragDropNDragDrop.exeToshiba CD/DVD burning utility - see hereNo
Drag'n Drop CDNDragDrop.exeToshiba CD/DVD burning utility - see hereNo
Drag'n Drop CD+DVDNDragDrop.exeToshiba CD/DVD burning utility - see hereNo
EleFunAnimatedWallpaperUDragon-Fly.exeDragon-Fly animated wallpaper fromNo
Dragon - Update ServiceXdragon-update.exeDetected by Malwarebytes as Spyware.Password. The file is located in %LocalAppData%No
DragonAssistantUDragonAssistant.exe"Dragon Assistant leverages the power of Nuance's speech recognition technology, offering you the freedom and flexibility to control your desktop applications using your voice. With Dragon Assistant, simply speak commands to do lots of things on your desktop - search the web, post updates to your social networks, check email and more"No
DragonDayXDragonDay.exeDetected by Malwarebytes as Trojan.Agent.DR. The file is located in %CommonAppData%\DragonDay\My\0.0.0.0No
DrAntispyXDrAntispy.exeDrAntiSpy rogue security software - not recommended, removal instructions hereNo
DraughtsUDraughts.exeDetected by Malwarebytes as PUP.Optional.Checkers. The file is located in %AppData%\Checkers\Draughts - see here. If bundled with another installer or not installed by choice then remove itNo
Windows Update DravenXdraven.exeDetected by Trend Micro as WORM_SDBOT.AXBNo
DrBoanXDrBoan.exedr.Boan rogue security software - not recommended, removal instructions hereNo
DRCTROY.exeXDRCTROY.exeDetected by Dr.Web as Trojan.DownLoader11.35911 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
runXDRDOOM.EXEDetected by Sophos as W32/Semapi-A. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" value data to include the file "DRDOOM.EXE" (which is located in %Windir%)No
ModuloSecXdreamx.exeDetected by Malwarebytes as Trojan.Injector.MSIL. The file is located in %AppData% - see hereNo
MediaCenterXdreamx.exeDetected by Malwarebytes as Trojan.Banker.IM. The file is located in %LocalAppData%\queenteenstar - see hereNo
Drag-to-DiscNDrgToDsc.exeSystem Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menuYes
DrgToDscNDrgToDsc.exeSystem Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menuYes
RoxioDragToDiscNDrgToDsc.exeSystem Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menuYes
Dr. GuardXdrguard.exeDr. Guard rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.DrGuardNo
KE9801UDriBat32.exeKE9801 multimedia keyboard driver - required if you use the multimedia keysNo
dripXdrip.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\MicrosoftNo
Clarus Drive ManagerUDrive Manager.exeSamsung Drive Manager by Clarus, Inc. - bundled with Samsung external drives. Features include Backup, SecretZone, and Drive Lock (for drives that support this feature)No
Microsoft UpdateXdrive.exeDetected by Sophos as W32/Bifrose-PN and by Malwarebytes as Backdoor.BotNo
knifepartyXdrive.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
DriveIconsUDriveIcon.exeDrive Icons from Realtek - shows a specific icon for each card type for their card reader controllersNo
Drive InfoXdriveinfo.exeDetected by Trend Micro as WORM_SPYBOT.ALQNo
Driver soundXDriver sound.exeDetected by Dr.Web as Trojan.Siggen3.43081No
PoliciesXdriver.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\redeNo
PoliciesXDriver.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %System%\installNo
drvXdriver.exeDetected by Microsoft as Worm:Win32/Autorun.ZZ and by Malwarebytes as Trojan.AgentNo
Window TabifierXdriver.exeDetected by Dr.Web as Trojan.DownLoader9.44592 and by Malwarebytes as Trojan.Agent.ENo
HKCUXdriver.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\redeNo
audiodriverXdriver.exeDetected by Dr.Web as Win32.HLLW.Autoruner.55901 and by Malwarebytes as Trojan.FakealertNo
driverXdriver.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
driverXdriver.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.MNR. The file is located in %Root%\webNo
DriverXdriver.exeDetected by Malwarebytes as Trojan.Agent.DRV. The file is located in %Windir%No
driverXdriver.exeDetected by McAfee as Generic.dx!bh3e. The file is located in %Windir%\SystemNo
driverXdriver.exeDetected by McAfee as RDN/Generic.dx!cwb and by Malwarebytes as Trojan.Agent.MNR. The file is located in %Windir%\WebNo
driver.exeXdriver.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
driver.exeXdriver.exeDetected by Kaspersky as Trojan.Win32.Pasta.nra and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Windows DefenderXdriver.exeDetected by Malwarebytes as Backdoor.NanoCore.E. The file is located in %AppData%\driverNo
HKLMXdriver.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %ProgramFiles%\redeNo
Rising DriverXdriver.exeDetected by Sophos as W32/SillyFD-TLNo
systemXdriver.exeDetected by McAfee as Generic.dx!bh3eNo
HKCUXdriver2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
HKLMXdriver2.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\InstallDirNo
PoliciesXdriver32.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\DriversNo
HKCUXdriver32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\DriversNo
[various names]Xdriver32.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
HKLMXdriver32.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\DriversNo
[various names]Xdriver64.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DriverAgentUDriverAgent.exe"DriverAgent scans computers for outdated drivers. It uses sophisticated matching technology to search our comprehensive database of over 12 million device drivers." Detected by Malwarebytes as PUP.Optional.DriverAgent. The file is located in %CommonAppData%\DriverAgent. If bundled with another installer or not installed by choice then remove itNo
DriverAgent PlusUDriverAgentPlus.exeDriverAgent Plus driver update utility. Detected by Symantec as PUA.DriverAgentPlus and by Malwarebytes as PUP.Optional.DriverAgentPlus. The file is located in %CommonAppData%\DriverAgentPlus\UpdateReminder. If bundled with another installer or not installed by choice then remove itNo
Driver GeniusXDriverGenius.exeDriver Genius driver update utility by Driver-Soft - which "improves PC performance with the powerful driver manager for Windows that backs up, restores, and updates your device drivers automatically with just a few clicks of your mouse. Driver Genius, updates the drivers of your system can't find on its own." Not recommended as multiple anti-virus scanners have detected possible malware, see here and hereNo
Driver Genius SchedulerXDriverGenius.exeDriver Genius driver update utility by Driver-Soft - which "improves PC performance with the powerful driver manager for Windows that backs up, restores, and updates your device drivers automatically with just a few clicks of your mouse. Driver Genius, updates the drivers of your system can't find on its own." Not recommended as multiple anti-virus scanners have detected possible malware, see here and hereNo
DriverMaxUdrivermax.exeDriverMax by Innovative Solutions "is a driver updater that finds and downloads the latest driver updates for your computer"No
DriverPack NotifierUDriverPackNotifier.exeDriverPack by Artur Kuzyakov "automatically selects and installs necessary drivers on your pc/laptop in several minutes and without limitations." Detected by Malwarebytes as PUP.Optional.DriverPack. The file is located in %ProgramFiles%\DriverPack Notifier (HKLM\Run) and %AppData%\DriverPack Notifier (HKCU\Run). If bundled with another installer or not installed by choice then remove itNo
PDPReminderUdriverperformer.exeDriver Performer driver updater utility by PerformerSoft. Detected by Malwarebytes as PUP.Optional.DriverPerformer. The file is located in %ProgramFiles%\Driver Performer. If bundled with another installer or not installed by choice then remove itNo
Driver ProUDriverpro.exeDetected by Malwarebytes as PUP.Optional.DriverPro. The file is located in %ProgramFiles%\DriverPro. If bundled with another installer or not installed by choice then remove itNo
DriverProUDriverpro.exeDetected by Malwarebytes as PUP.Optional.DriverPro. The file is located in %ProgramFiles%\DriverPro. If bundled with another installer or not installed by choice then remove itNo
DriverReviverUDriverReviver.exeDriver Reviver from ReviverSoft - "will scan your PC to identify out of date and obsolete drivers. Driver Reviver can quickly and easily update these drivers to restore optimum performance to your PC and its hardware and extend its life." Detected by Malwarebytes as PUP.Optional.DriverReviver. The file is located in %ProgramFiles%\Reviversoft\Driver Reviver. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DriverXdrivers update.exeDetected by McAfee as RDN/Generic PWS.y!zh and by Malwarebytes as Backdoor.Agent.DWNo
MicrosoftKsXDrivers.batDetected by Sophos as Troj/Shutdown-FNo
HKCUXDrivers.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
loadXdrivers.exeDetected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "drivers.exe" (which is located in %AppData%\DirectX)No
drivers.exeXdrivers.exeDetected by Malwarebytes as Trojan.Injector. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts - see hereNo
HKLMXDrivers.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDirNo
win32Xdrivers.vbsDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.GenNo
drivers32.exeXdrivers32.exeDetected by Malwarebytes as RiskWare.RemoteAdmin.DR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AXIS Print System DriverScannerUDriverScanner.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
AXIS Print System DriverServerUDriverServer.exePart of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinuedNo
DriverSim.exeXDriverSim.exeDetected by McAfee as Generic.dx and by Malwarebytes as Trojan.BankerNo
[random].exeXdriversUpdate.exeDetected by Malwarebytes as Spyware.Agent.E. The file is located in %AppData%No
driversUpdate.exeXdriversUpdate.exeDetected by Malwarebytes as Spyware.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Driver SupportNDriverSupport.exeDriver Support provides an innovative way to diagnose issues with your PC, resolve those issues through support and driver matching technology, and optimize your PC's performance"No
driversxxx.exeXdriversxxx.exeDetected by Malwarebytes as Spyware.SpyEyes. The file is located in %Root%\driversxxx.exe - see hereNo
DriverUpdateXDriverUdate.exeDetected by Dr.Web as Trojan.DownLoader6.54975 and by Malwarebytes as Trojan.PWS.Agent.AINo
TKYJRRXDriverUpdate.exeDetected by McAfee as RDN/Generic BackDoor!tv and by Malwarebytes as Backdoor.Agent.DCENo
WinXPServiceXDriverUpdate.exeDetected by Dr.Web as Trojan.DownLoader8.40367 and by Malwarebytes as Backdoor.BotNo
DriverUpdateUDriverUpdate.exeDriverUpdate by SlimWare Utilities - "uses award-winning cloud technology to conveniently update multiple PC drivers simultaneously and in proper sequence". Detected by Malwarebytes as PUP.Optional.DriverUpdate. The file is located in %ProgramFiles%\DriverUpdate. If bundled with another installer or not installed by choice then remove itNo
DUPUDriverUpdaterPro.exeDriverUpdaterPro by oTweak Software LLC "is designed to eliminate driver problems for both internal and external devices. It does this by automatically analyzing hardware and finding the most up-to-date and suitable driver for it." Detected by Malwarebytes as PUP.Optional.oTweak. The file is located in %ProgramFiles%\DriverUpdaterPro. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DriverUSBXDriverUSB.cplDetected by Malwarebytes as Trojan.Banker. Note - this entry loads from the Windows Startup folder and the file is located in %AppData%No
Driver WhizNDriverWhiz.exeDriver Whiz from 383 Media, Inc - "quickly locates the most current drivers for your computer through a user-friendly interface and a database of over twenty million drivers. Driver Whiz saves you time and frustration in getting your computer up-to-date"No
driverwinx.exeXdriverwinx.exeDetected by Malwarebytes as Trojan.SpyEyes. The file is located in %Root%\driverwinx.exeNo
Driver Host WindowsXdriver_host.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\WindowsNo
Windows HD UpdateXdriver_services.exeDetected by McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FLNo
Drives 32 BitsXdrives32.exeDetected by Kaspersky as Trojan.Win32.Scar.cney. The file is located in %Windir%No
DriveSelectNdriveselect.exeDVD X Copy Xpress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selectedNo
DriveSitterUDriveSitter.exe"DriveSitter is a deluxe hard disk drive diagnostic and background monitoring tool. Based on the well proven S.M.A.R.T. (Self-Monitoring Analysis and Reporting Technology), it reliably detects and forecasts up to 70% of all HDD crashes before they occur!"No
RDSoundXdrivesonyhx.exeDetected by McAfee as Generic.bfr!cs and by Malwarebytes as Trojan.BankerNo
Adobe SixXDriveSound.exeDetected by McAfee as RDN/Ransom and by Malwarebytes as Trojan.Agent.RNSNo
Nero DriveSpeedNDriveSpeed.exeUtility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drivesNo
DRIVES~1NDRIVES~1.EXEUtility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drivesYes
DriveSpeed ApplicationNDRIVES~1.EXEUtility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drivesYes
Nero DriveSpeedNDRIVES~1.EXEUtility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drivesYes
Systems ServiceXdrivex.exeAdded by a variant of Backdoor:Win32/RbotNo
Drive XpertUDriveXpert.exeHard drive management utility included with some ASUS motherboards. "Without drivers or BIOS setups, the ASUS exclusive Drive Xpert is ideal for anyone who needs to secure data on their hard drives or enhance hard drive performances without the hassles of complicated configurations"No
drmXdrm.exeDetected by Sophos as Troj/Agent-VVY and by Malwarebytes as Trojan.AgentNo
(Default)XDrm.exeDetected by Malwarebytes as Backdoor.Bot. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData%No
InboxNow EPM SupportUdrmedint.exeInboxNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InboxNow_dr\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DRM UpgradeXdrmupgd.exeDetected by Microsoft as Worm:Win32/Slenfbot.TINo
DrmupgdsXDrmupgds.exeMaxfiles adware. The file is located in %ProgramFiles%\DrmupgdsNo
drnXdrn.exeDetected by Sophos as Troj/Agent-ABKZNo
DropboxNDropbox.exeSystem Tray access to the Dropbox online storage service which provides 2GB of space for free for you to save, sync and share filesYes
DropboxXDropbox.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %CommonAppData%\Microsoft\Windows\Start Menu\Programs\fox (10/8/7/Vista) or %AllUsersProfile%\Start Menu\Programs\fox (XP)No
DropboxXDropbox.exeDetected by McAfee as RDN/Generic PWS.y!ta and by Malwarebytes as Trojan.MSIL. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
PoliciesXdropbox.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %Root%\directory\system32\install - see hereNo
HKCUXdropbox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %Root%\directory\system32\install - see hereNo
MessengerXDropbox.exeDetected by Malwarebytes as Trojan.Banker.E. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %CommonAppData%No
HKLMXdropbox.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. Note - this is not the legitimate Dropbox file of the same name which is normally located in %AppData%\Dropbox\bin. This one is located in %Root%\directory\system32\install - see hereNo
Dropbox UpdateUDropboxUpdate.exeAutomatically updates the Dropbox online storage service to that latest version - see here. The file is located in %LocalAppData%\Dropbox\UpdateNo
DropboxWXDropboxW.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %AppData%\DropboxWNo
WinServXDropMine.exeDetected by Dr.Web as Trojan.DownLoader9.8171 and by Malwarebytes as Trojan.Agent.MNRNo
dropped.exeXdropped.exeDetected by Dr.Web as Trojan.DownLoader6.39742 and by Malwarebytes as Backdoor.Botnet. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
[random]Xdropped.exeAdded by the VERTEXBOT BACKDOOR!No
vnetXdropped.exeDetected by Dr.Web as Trojan.DownLoader6.39742 and by Malwarebytes as Backdoor.Botnet. The file is located in %AllUsersStartup%No
vnetXdropped.exeDetected by Dr.Web as Trojan.DownLoader9.42629 and by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
vnetXdropped.exeDetected by Dr.Web as Trojan.DownLoader6.26706 and by Malwarebytes as Trojan.Agent. The file is located in %ProgramFiles%No
vnetXdropped.exeDetected by McAfee as Generic.bfr!do and by Malwarebytes as Trojan.Agent. The file is located in %Root%No
vnetXdropped.exeDetected by McAfee as RDN/Generic BackDoor!tn and by Malwarebytes as Trojan.Agent. The file is located in %System%No
WinloggonXDropped.exe.exeDetected by Dr.Web as Trojan.DownLoader4.11243 and by Malwarebytes as Backdoor.Agent.WLNo
DropRum.exeXDropRum.exeDetected by Malwarebytes as Trojan.Agent.FXD. The file is located in %LocalAppData%\FFoxDostNo
DrPcFreeXDrPFUpdate.exeDetected by Dr.Web as Trojan.DownLoader5.24152No
DrProtectionXDrProtection.exeDrProtection rogue security software - not recommendedNo
0003d449Xdrprov32.exeDetected by Sophos as Troj/WebPrefi-BNo
TqqnXcompmgmts.exeDetected by Dr.Web as Trojan.DownLoader9.10879No
WSAConfigurationXdrrss.exeAdded by a variant of WORM_AGOBOT.GEN. The file is located in %System%No
Drsktop.exeXDrsktop.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.14589 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
InboxNow Search Scope MonitorUdrsrchmn.exeInboxNow toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InboxNow_dr\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
STManagerNdrst.exeDr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see hereNo
MicrosoftDriverService32Xdrsys32.exeDetected by Microsoft as Worm:Win32/Slenfbot.APNo
netservices.exeXdrupal-exploit-5.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.DIGenNo
ExplorerXdrv.exeDetected by Sophos as Troj/Small-FD and by Malwarebytes as Trojan.AgentNo
syspathXdrv.exeDetected by Symantec as W32.Sober@mmNo
HKCUXdrv32.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.HMCPol.GenNo
adrv32Xdrv32.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.Agent.ENo
HKLMXdrv32.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.HMCPol.GenNo
Driver ConfigurationXdrvconfig.exeDetected by McAfee as Generic BackDoorNo
drvddll.exeXdrvddll.exeDetected by Symantec as W32.Beagle.AP@mmNo
Drvddll_exeXdrvddll.exeDetected by Symantec as W32.Beagle.X@mmNo
DLLCONFIG32Xdrvdsk32.exeDetected by Malwarebytes as Backdoor.IRCBotNo
drvhandler.exeXdrvhandler.exeDetected by Malwarebytes as HackTool.BlueBotNet. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
sysDrvHandlerXdrvhandler.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData% - see hereNo
DrvIconUDrvIcon.exeVista Drive Icon by artArmin 'changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar'No
DrvIFxAPIXDrvIFxAPI.exeDetected by McAfee as Generic PWS.y and by Malwarebytes as Backdoor.IRCBot.ENo
DrvListnr?DrvListnr.exeAnalog Devices SoundMax integrated soundcard related. What does it do and is it required?No
drvlsnrUdrvlsnr.exeCompaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedlyNo
main_moduleXdrvmmx32.exeDetected by Kaspersky as Trojan-Downloader.Win32.Dila and by Malwarebytes as Trojan.AgentNo
DrvMon.exeUDrvMon.exeAlcor drive monitor softwareNo
drvnetwXdrvnetw.exeDetected by Sophos as Troj/Brogger-BNo
drvr32hXdrvr32h.exeAdded by an unidentified VIRUS, WORM or TROJAN!No
drvrmanagerXdrvrquery32.exeDetected by Symantec as BAT.Boohoo.WormNo
avidrvXdrvsc.exeDetected by Kaspersky as the AGENT.PH TROJAN!No
CONNECTIONXdrvsetup.exeDetected by McAfee as RDN/Generic PWS.y!vp and by Malwarebytes as Trojan.Banker.AGURLNo
drvsys.exeXdrvsys.exeDetected by Symantec as W32.Beagle.W@mmNo
Dr.WatsonXdrwat32.exeDetected by McAfee as Generic.bfr and by Malwarebytes as Trojan.AgentNo
(Default)XDrWatson32.exeDetected by Symantec as Trojan.Dremn. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%\syscacheNo
DrWatsonXdrwatson_32.exeDetected by Sophos as Troj/Lohav-SNo
Sync ServerXdrwatsoon.exeDetected by Symantec as Trojan.Watsoon.ANo
MkascXdrweb.exeDetected by McAfee as Generic.dx!zbk and by Malwarebytes as Trojan.DownloaderNo
DrWeb AntivirusXDRWEBAV.EXEAdded by an unidentified WORM or TROJAN!No
DrwebschedulerYDRWEBSCD.EXEDrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystemNo
DrWindowsNDrWindows.exeDr.Windows is "a harmless joke/prank/trick program that will periodically display funny joke error messages to unsuspecting users"No
drwtsn16.exeXdrwtsn16.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.DR. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
COM+ Event SystemXDRWTSN16.EXEDetected by Symantec as W32.Lovgate.AB@mmNo
prtstartUdr_inst.exeDetected by Malwarebytes as PUP.Optional.Vbates.BrwsrFlsh. The file is located in %ProgramFiles%\firstOffer[digits]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
prtstartUdr_inst.exeDetected by Malwarebytes as PUP.Optional.Groover.BrwsrFlsh. The file is located in %ProgramFiles%\groover[digits]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
prtstartUdr_inst.exeDetected by Malwarebytes as PUP.Optional.Shopperz. The file is located in %ProgramFiles%\shopperz[digits]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
DR_SXDR_S.exeIstBar adwareNo
dsXds.exeAdded by the SPYMON TROJAN!No
dsaXdsa.exeHomepage hijacker - redirecting to downseek.comNo
DASDS VSAVdjsXdsabdw.exeDetected by Sophos as W32/Sdbot-RENo
Answer ProblemXdSAFsqs.exeDetected by Sophos as W32/Sdbot-SCNo
DellSupportUDSAgnt.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
dsadlsa14Xdsakfsak14.exeDetected by Sophos as Troj/OnLineG-PNo
Windows Service AgentXdsass.exeDetected by Avira as Worm/RBot.Mirco.bng and by Malwarebytes as Backdoor.BotNo
Intel Driver Update UtilityUDsaTray.exeSystem Tray access to and notifications for the Intel Driver Update Utility - which "identifies both Intel driver and 3rd-party driver updates for a variety of Intel products, such as Intel Desktop Boards, Intel NUC and Intel Compute Sticks, and makes it easy to download and install them"Yes
Intel Driver Update Utility TrayUDsaTray.exeSystem Tray access to and notifications for the Intel Driver Update Utility - which "identifies both Intel driver and 3rd-party driver updates for a variety of Intel products, such as Intel Desktop Boards, Intel NUC and Intel Compute Sticks, and makes it easy to download and install them"Yes
DSATrayUDsaTray.exeSystem Tray access to and notifications for the Intel Driver Update Utility - which "identifies both Intel driver and 3rd-party driver updates for a variety of Intel products, such as Intel Desktop Boards, Intel NUC and Intel Compute Sticks, and makes it easy to download and install them"Yes
DSBXDSB.exeEnergyPlugin adwareNo
dsbua.exeXdsbua.exeDetected by Dr.Web as Trojan.Disabler.84 and by Malwarebytes as Trojan.Agent. The file location variesNo
Desktop Service CentreNDSC.exeOptus DSL or Dial-up connection softwareNo
OptusNet Desktop Service CentreNDSC.exeOptus DSL connection softwareNo
dscXdsc.exeDetected by Sophos as Troj/Agent-SYCNo
updscXdsc.exeDetected by Dr.Web as Trojan.PWS.Banker1.16435 and by Malwarebytes as Trojan.Banker.ENo
KEY NAME JOBUUXDSC000607.scrDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.KNGenNo
dscactivateUdsca.exeDell Support Agent offers additional support and update features for your Dell computer or laptopNo
CcleanerXdsch.exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %UserTemp%No
DSC drvXdschost.exeDetected by McAfee as W32/IRCbot.gen.ab and by Malwarebytes as Backdoor.BotNo
IEHEKCFIGDDAABKXDSCLoad.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Banker.ENo
LKAAKCMJKOHLCALGXDSCLoad.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Trojan.Banker.ENo
DS ClockUdsclock.exeDigital desktop clock including synchronization with atomic servers - see hereNo
dsc[numbers].exeXdsc[numbers].exeDetected by Malwarebytes as Backdoor.Agent.DCE - see an example hereNo
sdgsXdsdsd.exeDetected by McAfee as RDN/Generic PWS.y!b2g and by Malwarebytes as Backdoor.Agent.ENo
DSentryNDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
DVDSentryNDSentry.exeAnti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation startsNo
Absolute ShieldUdseraser.exeAbsolute Shield Evidence Eliminator - internet history eraserNo
Windows Reg ServicesXdservice.exeDetected by Sophos as Troj/Prorat-D and by Malwarebytes as Backdoor.AgentNo
rCronXdservice.exePageOn1 - Switch dialer and hijacker variant, see hereNo
daskaskfsak6Xdsfids6.exeDetected by Sophos as Troj/OnLineG-JNo
QQ2013Xdsfsfdsdf.exeDetected by McAfee as RDN/Generic PWS.y and by Malwarebytes as Trojan.Agent.QPGenNo
Sharing and Mapping Software?DShmap.exeIntel AnyPoint Wireless Home Network related. Now discontinued. What does it do and is it required?No
SIDEBARNdsidebar.exe"Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control"No
DskcompatXDskcompat.exeDetected by Symantec as Trojan.GemaNo
DSKEYUDsKey.exePart of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computersNo
Desktop ManagerXDsktopMngr.exeDetected by Malwarebytes as Backdoor.Agent. Note that this is not the legitimate Synchronisation manager for the Research In Motion "Blackberry" range of wireless handhelds, whose filename is "DesktopMgr.exe" and is typically located in %ProgramFiles%\Research In Motion\BlackBerry. This one is located in %Temp%No
DSLAGENTEXEYDSLagent.exeUsed in conjunction with ADSL modems and routers from Eicon Networks (now Dialogic), Huawei, Conexant and others. Required for a permanent ADSL connectionNo
YAMAHA DS-XG LauncherNdslaunch.exeSystem Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-upsNo
ASDPLUGINXdsldbaccess.exeAsdPlug premium rate adult content dialerNo
ASDPLUGINXdslgeaccess.exeAsdPlug premium rate adult content dialerNo
DropSpam LifestyleXdslifestyle.exeDetected by McAfee as Adware-DropSpamNo
DSLMONYDSLMON.exeSagem based DSL modem related - apparently needed to detect the modemNo
ooohnd?cbe?agebiXDSLoad.exeDetected by Dr.Web as Trojan.DownLoader10.15543 and by Malwarebytes as Trojan.Downloader.ENo
DSLSTATEXEUdslstat.exeSystem tray connection status for ADSL modems and routers from Eicon Networks (now Dialogic), Conexant and othersNo
DSL ServiceXdslsv.exeDetected by Malwarebytes as Trojan.Agent.BOT. The file is located in %ProgramFiles%\DSL ServiceNo
DsmSerXdsm.exeDetected by Symantec as W32.Serflog.BNo
rollbkXdsm.exeDetected by Symantec as W32.Serflog.BNo
AvSerXdsm.exeDetected by Symantec as W32.Serflog.BNo
InternetSpeedUtility EPM SupportUdsmedint.exeInternetSpeedUtility toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InternetSpeedUtility_ds\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
dsmsysXdsmsys.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %Windir%No
DSndUpYDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
SpkrCnfgYDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
adi DSndUpYDSndUp.exeUtility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used onYes
SlipStreamYdsnetwacore.exeDSNet Web Accelerator customized core module for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
DSNet Web AcceleratorYdsnetwagui.exeDSNet Web Accelerator customized user interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pixNo
dso32Xdsoqq.exeDetected by Sophos as W32/Taterf-AO and by Malwarebytes as Worm.MaganiaNo
Yahoo! SearchUdsrlte.exeDetected by Malwarebytes as PUP.Optional.PayByAds. The file is located in %AppData%\Pay-By-Ads\Yahoo! Search\[version]. If bundled with another installer or not installed by choice then remove itNo
DSSSGENS?dssagens.exeThe file is located in %Windir%\Bbstore\dss. What does it do and is it required?No
DSSXdssagent.exeRegistration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more infoNo
HARRRRRXdssdfdfd.exeDetected by McAfee as BackDoor-EKP and by Malwarebytes as Backdoor.AgentNo
DsSearchBarOSXDsSearchBar.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %ProgramFiles%\Downs\DsSearchBarNo
InternetSpeedUtility Search Scope MonitorUdssrchmn.exeInternetSpeedUtility toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\InternetSpeedUtility_ds\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
[various names]Xdstart2.exeAdware - detected by Kaspersky as the SMALL.ALW TROJAN!No
Windows ServiceXdstart4.exeAdded by an unidentified TROJAN! The file is located in %System%No
RESUPDATEXdsu.exeDetected by McAfee as Trojan-FEXE and by Malwarebytes as Backdoor.Agent.RSNo
would4Xdsua.exeDetected by Malwarebytes as Trojan.Banker.Gen. Note - this entry loads from the Windows Startup folder and the file is located in %MyDocuments%\eebaffdcNo
scren4Xdsua.exeDetected by Malwarebytes as Banker.Trace. Note - this entry loads from the Windows Startup folder and the file is located in %MyDocuments%\ebbafdccNo
wnds4Xdsua.exeDetected by Malwarebytes as Banker.Trace.Gen. Note - this entry loads from the Windows Startup folder and the file is located in %MyDocuments%\baffdcceNo
WinBoot1Xdsvayvon.exeDetected by Dr.Web as Trojan.MulDrop5.37479 and by Malwarebytes as Worm.AutoRun.ENo
WinBoot2Xdsvayvon.exeDetected by Dr.Web as Trojan.MulDrop5.37479 and by Malwarebytes as Worm.AutoRun.ENo
WinBoot3Xdsvayvon.exeDetected by Dr.Web as Trojan.MulDrop5.37479 and by Malwarebytes as Worm.AutoRun.ENo
WinBoot4Xdsvayvon.exeDetected by Dr.Web as Trojan.MulDrop5.37479 and by Malwarebytes as Worm.AutoRun.ENo
DT###.exeXDT###.exeDetected by Malwarebytes as Trojan.MSIL - where # represents a digit. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
DAEMON Tools ProNDTAgent.exeSystem Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
DAEMON Tools Pro AgentNDTAgent.exeSystem Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
DTAgentNDTAgent.exeSystem Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootYes
DT 11Mbps WLAN PC Card StationUDTCARDMonitor.exe11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche TelekomNo
SkinClockUDTClock.exeDesktop Tray Clock by Drive Software - "highly customizable, feature-rich clock that takes the place of the standard Windows clock on your system tray"No
explorerXdtdasndku.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonAppData%\MicrosoftNo
randomXdtdasndku.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %CommonAppData%\randomfolderNo
EzTuneUdthtml.exeEzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
forteManagerUdthtml.exeforteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
DT HPWUDTHtml.exeHP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
DT TaskUDTHtml.exeDisplay Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus)No
ImageTuneUdthtml.exeImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
PerfectSuiteUdthtml.exePerfectSuite™ from ViewSonic. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface"No
Iomega Backup SchedulerNdtiom98.exeUsed by Iomega (now LenovoEMC) drives. Details of its purpose can be found here. No longer supportedNo
DTliteNDTlite.exeDaemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
DAEMON Tools LiteNDTlite.exeDaemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature setYes
EDLoaderNDTLoader.exeEffective Desktop from MiniStars Software - desktop management software no longer being supportedNo
UnzipApp EPM SupportUdtmedint.exeUnzipApp toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\UnzipApp_dt\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
atuvpUdtor.exeEZKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!No
[various names]XDTOURS.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
DAEMON Tools Pro AgentNDTProAgent.exeSystem Tray access to an older version of DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a rebootNo
UnzipApp Search Scope MonitorUdtsrchmn.exeUnzipApp toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\UnzipApp_dt\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Sony Audio TunerXdttezftca.exeDetected by Malwarebytes as Trojan.Dropper. The file is located in %CommonFiles%\Sony Smart Blaster.{2227A280-3AEA-1069-A2DE-08002B30309D}No
healthXdttezftca.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %CommonFiles%\healthNo
DT 11Mbps WLAN USB StationUDTUSBMonitor.exe11Mbps USB based wireless LAN connection monitor - possibly from Deutsche TelekomNo
WinFastDTVUDTVSchdl.exeScheduler for LeadTech WinFast DTV digital TV productsNo
DirectX For Microsoft WindowsXdtxservice.exeDetected by Symantec as Trojan.Progent and by Malwarebytes as Backdoor.AgentNo
DualCoreCenterUDualCoreCenter.exeUnified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chipNo
DualVaccineXDualVaccine.exeDualVaccine rogue security software - not recommended, removal instructions hereNo
duaneezXduaneez.exeDetected by Sophos as Mal/VBNam-A and by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
DuArTaByXDuArTaBy.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
ducupdateXduc.exeDetected by McAfee as RDN/Generic BackDoor!xb and by Malwarebytes as Backdoor.Agent.DCENo
No-IP DUCUDUC20.exePart of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut availableNo
duckXduck.exeDetected by Sophos as W32/Agobot-AVGNo
DUControlUDUControl.exeDirectUpdate dynamic DNS updaterNo
dudbymcylhyfXdudbymcylhyf.exeDetected by McAfee as RDN/Generic.tfr!dk and by Malwarebytes as Trojan.Agent.USNo
dudjeznormulXdudjeznormul.exeDetected by McAfee as Generic.tfr and by Malwarebytes as Trojan.Agent.USNo
duecufXduecuf.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
duedueXduedue.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
dugokgeaqipeXdugokgeaqipe.exeDetected by McAfee as BackDoor-FAYA!A3AB6522F025 and by Malwarebytes as Trojan.Agent.USNo
dujizgaqbeapXdujizgaqbeap.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
boucaXdujuga.exeDetected by Malwarebytes as Trojan.Oderoor. The file is located in %System%No
Fun Popular Games EPM SupportUdumedint.exeFun Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunPopularGames_du\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DU MeterNDUMeter.exeDU Meter by Hagel Technologies - which "is an Internet usage monitor for your computer. It shows real-time graphs and can create reports and alerts based on your downloads and uploads"No
Dumeter ServicesXdumeter.exeDetected by Sophos as W32/Sdbot-AEQ. Note - this is not the legitimate DU Meter internet usage monitor with the same filename which is normally located in %ProgramFiles%\DU Meter. This one is located in %System%No
NWEReboot?dummy.exeThe file is located in %Windir% and appears to be a temporary entry added by older versions of multimedia software by Nero (formally Ahead). The parameters seen added to the command line reference removing the folder %WinTemp%\RARSFX0 and copying to %ProgramFiles%\Ahead\WE_copy.txtNo
preventerXdummy.exeDetected by Dr.Web as Trojan.MulDrop4.63880 and by Malwarebytes as Trojan.Agent.ENo
dumprepXdump-k.exeDetected by Sophos as Troj/Buzus-UNo
DumpXDump.exeAdded by the ZIMUSE WORM!No
dumprepXdump.exeDetected by Sophos as W32/Codox-ANo
kernelfaultExXdumpkernel.exeDetected by McAfee as Downloader.a!d2y! and by Malwarebytes as Trojan.AgentNo
vmregXdumpre.exeDetected by Dr.Web as Trojan.Siggen3.64173 and by Malwarebytes as Backdoor.AgentNo
kernelfaultcheckNdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
dumprep 0 -kNdumprep 0 -kUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
dumprep 0 -uNdumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
UserFaultCheckNdumprep 0 -uUsed in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outNo
PHIME2002ASyncXdumprep.exeDetected by Sophos as W32/Puress-B. Note - this is not the legitimate dumprep.exe process from Windows XP/2003 which is always located in %System%. This one is located in %Windir%\SystemNo
CrashDumpXdumpreport.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %System% or %AppData%No
dumprepsXdumpreps.exeDetected by Dr.Web as Trojan.DownLoader9.6879 and by Malwarebytes as Trojan.Downloader.ENo
Windows Updataor SerivcesXDumpUperRs.movDetected by Dr.Web as BackDoor.BlackHole.3026 and by Malwarebytes as Backdoor.Agent.ENo
DUN_SERVICES3Xdun3.exeDetected by Symantec as Trojan.SokironNo
dunesuxdybjoXdunesuxdybjo.exeDetected by McAfee as Cutwail-FBYD!DBAA76C1ED19 and by Malwarebytes as Backdoor.PushdoNo
CVHOSTXDung.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
dunniscezugxXdunniscezugx.exeDetected by McAfee as Downloader.a!dc3 and by Malwarebytes as Trojan.Agent.USNo
DriverUpdaterPlusDUReminderUdup.exeDriver Updater Plus is the best driver updating tool that scans your system for outdated drivers and updates them to the latest and genuine ones in a click. Detected by Malwarebytes as PUP.Optional.Jawego. The file is located in %ProgramFiles%\Driver Updater Plus. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
WindowsUpdateDirectXdupadirect.exeDetected by Sophos as Troj/Dupa-C and by Malwarebytes as Backdoor.IRCBot.GenNo
WindowsUpdateXdupadupam2.exeDetected by Sophos as Troj/Dupa-B and by Malwarebytes as Backdoor.IRCBot.GenNo
Driver UpdaterUdupdater.exeCarambis Driver Updater is the easiest and fastest way to update all drivers on your PC. The program scans all connected devices, checks the database for updated drivers as well as missing drivers, more compatible, and stable versions of drivers, which are suitable individually for your PC and your devices configuration. Detected by Malwarebytes as PUP.Optional.Carambis. The file is located in %ProgramFiles%\Carambis\Driver Updater. If bundled with another installer or not installed by choice then remove itNo
Fun Popular Games Search Scope MonitorUdusrchmn.exeFun Popular Games toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FunPopularGames_du\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
duuilXduuil.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
DoUWantItNduwi.exeDoUWantIt - online shopping assistant. Start it manuallyNo
duxurlarfakkXduxurlarfakk.exeDetected by McAfee as Downloader.gen.a and by Malwarebytes as Trojan.Agent.USNo
DVUDV.exeDetected by Malwarebytes as PUP.Optional.OnePCOptimizer. The file is located in %CommonAppData%\DataFile. If bundled with another installer or not installed by choice then remove itNo
DV0ZSXBUMW1Q.exeXDV0ZSXBUMW1Q.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%No
Driver Control Manager v5.1Xdvadescetr.exeDetected by Sophos as Troj/Agent-OVL and by Malwarebytes as Trojan.AgentNo
Device SecurityXdvcsecure.exeAdded by a variant of W32.IRCBot. The file is located in %System% - see hereNo
Device Security ManagerXdvcsecure.exeAdded by a variant of W32.IRCBot. The file is located in %System% - see hereNo
DVD43UDVD43.exeDVD43 is a small tool that overrides CSS copy-protection found on DVD moviesNo
dvd43NDVD43_Tray.exeDVD43 is a small tool that overrides CSS copy-protection found on DVD moviesNo
DVD@ccessNDVDAccess.exePart of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer"No
DVDAgent?DVDAgent.exeFound on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?No
DVDBitSetUDVDBitSet.exeDVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always usedNo
WatchDog?DVDCheck.exeRelated to an old Intervideo (now Corel) program. What does it do and is it required in startup?No
DVD Check?DVDCheck.exeRelated to an old Intervideo (now Corel) program. What does it do and is it required in startup?No
DVDCheck?DVDCheck.exeRelated to an old Intervideo (now Corel) program. What does it do and is it required in startup?No
DvdcompatXDvdcompat.exeDetected by Symantec as Trojan.GemaNo
WINDOWS SYSTEM64XDVDdriver3628.exeDetected by Sophos as W32/Mytob-IYNo
DVDFabXDVDFab.exeDetected by McAfee as RDN/Generic.dx!d2e and by Malwarebytes as Backdoor.Agent.DCENo
DVDFab PasskeyNDVDFabPasskey.exe"DVDFab Passkey by Fengtao Software Inc. - "is a great DVD/Blu-ray decrypter which is powerful to remove almost all known DVD and Blu-ray copy protections to decrypt any protected DVD/Blu-ray and allows you to watch them freely, or use any other software to access and edit the movie content as you like"No
DVDXGhostNDVDGhost.EXEDVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk"No
DVDLauncherNDVDLauncher.exePart of Cyberlink's Power Cinema - allows you to play DVDs upon insertionNo
UltraDVDMonNDVDMon.exeUltraDVD by ZJMedia - "is a powerful and easy to use DVD player software. It also plays avi/vcd/mpeg/mpg movies and almost all video or audio multimedia files. Just click one button to play and have an advanced or normal user interface. It will monitor your DVD or CDROM drive and will automatically play a movie on DVD or VideoCD". No longer supportedNo
DVDMP3MakerPlayXDVDMP3MakerPlay.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.MPBNo
DVDMP5MakerPlayXDVDMP5MakerPlay.exeDetected by McAfee as RDN/PWS-Banker and by Malwarebytes as Trojan.Banker.MPBNo
ShellXDvdPlayer.exeDetected by Dr.Web as Trojan.Siggen6.5021 and by Malwarebytes as Backdoor.Agent.SHLNo
DvdPlayerXDvdPlayer.exeDetected by Dr.Web as Trojan.KillProc.23363No
DVDTrayNDVDTray.exeHP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmwareNo
DVD UpgradeXdvdupgd.exeAdded by a variant of W32.IRCBotNo
DVDUpgradeNDVDUpgrd.exeMicrosoft program to upgrade your DVD decoder program - see hereNo
DVDXGhostUDVDXGhost.EXEDVD X Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk"No
Microsoft Time ManagerXdveldr.exeDetected by Sophos as W32/Rbot-HQNo
Java UpdateXDVhVSMebyisyuHXYtv.exeDetected by McAfee as Generic Dropper!fhvNo
Windows Automatic UpdatesXdvldr.exeDetected by Trend Micro as WORM_RBOT.MF and by Malwarebytes as Backdoor.IRCBotNo
AidemHotKey?DVMAIN.EXEKeyboard relatedNo
Test iNet Speed EPM SupportUdvmedint.exeTest iNet Speed toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TestiNetSpeed_dv\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
LoadDvpApi9xYDVPAPI9X.exePart of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium, then Commtouch and now Cyren)No
dvpapi9xYDVPAPI9X.exePart of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium, then Commtouch and now Cyren)No
DvpInitExeYDvpinit.exePart of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium, then Commtouch and now Cyren)No
DvprptYDvprpt.exePart of Commtouch Command Antivirus (was Authentium, now Cyren)No
DvraudioXdvraudio.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
DriverConfXdvrconf.exeDetected by Sophos as W32/Agobot-IYNo
DvrvideoXdvrvideo.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
Test iNet Speed Search Scope MonitorUdvsrchmn.exeTest iNet Speed toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\TestiNetSpeed_dv\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DVSyncUdvsync.exeDVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PCNo
D_V_T?dvt.exeInstallation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entryNo
D_V_TUdvt.exeDICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"No
DvVideo32Xdvvid32.exeDetected by Trend Micro as TROJ_TINY.FD. The file is located in %Windir%No
DataViz Inc MessengerNDvzIncMsgr.exeInstalled with DataViz Documents to Go - which "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"No
DataViz MessengerNDvzMsgr.exeInstalled with DataViz Documents to Go - which "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"No
DownloadWareXdw.exeDownloadWare adwareNo
dwXdw.exeDownloadWare adwareNo
MediaLoadsXdw.exeDownloadWare adwareNo
MediaLoads InstallerXdw.exeDownloadWare adwareNo
dwar32.exeXdwar32.exeDetected by Malwarebytes as Trojan.PasswordStealer.MCR. The file is located in %AppData%\Micorsoft\mySQLNo
sstataXdwdas.exeDetected by Symantec as Trojan.DasdaNo
DamedWare ServicesXdwdrce.exeDetected by Sophos as W32/Rbot-AOJNo
{**-**-**-**-**}Xdwdsregt.exeZenoSearch adware variant where ** are random charactersNo
DownloadWare EngineXDwe.exeDownloadWare adwareNo
dwgrunXdwgrun.batDetected by Microsoft as Virus:ALisp/Dwgun.ANo
DWHeartbeatMonitor?DWHeartbeatMonitor.exeInstalled alongside the Desktop Weather by The Weather Channel - which provides current temperature, conditions, alerts, etc. Exact purpose unknown at presentNo
dwintlXdwintl.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\3083No
dwintl.dllXdwintl.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %System%\3083No
WindowsTranslatorUDWinTrsl.exeMicropower Delta Translator English < > Portuguese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet"No
WindowsTranslator_EspanholUDWinTrsl.exeMicropower Delta Translator - Spanish < > Portuguese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet"No
Driver WizardNDWLauncher.exeDriver Wizard driver update toolNo
D-Link AirPlus G+ Wireless Adapter UtilityUDWLGTI.EXED-Link DWL-G520+ AirPlus G+ Wireless LAN PCI Adapter configuration utilityNo
HKCUXDwll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32No
HKLMXDwll.exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %System%\System32No
skypeXdwm.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\InstallDirNo
JavaUpadateXdwm.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %Temp%\JavaUpadateNo
SkypeXdwm.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in an "AppData" sub-folderNo
PoliciesXdwm.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %Windir%\MicrosoftNo
winupd32Xdwm.exeDetected by Malwarebytes as Trojan.Agent.OT. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %UserTemp% - see hereNo
bXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu\Programs (10/8/7/Vista) or %UserProfile%\Start Menu\Programs (XP)No
eXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft\Windows\Start Menu (10/8/7/Vista) or %UserProfile%\Start Menu (XP)No
StartupXdwm.exeDetected by McAfee as RDN/Generic.bfr!ew and by Malwarebytes as Trojan.Agent.Gen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\MicrosoftNo
Desktop Window ManagerXdwm.exeDetected by Malwarebytes as Trojan.Agent.DWGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%No
Desktop Window ManagerXdwm.exeDetected by Sophos as Troj/MSIL-BSP and by Malwarebytes as Trojan.Agent.DWGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Kebra\Kebra\1.0.0.0No
Desktop Windows ManagerXdwm.exeDetected by Malwarebytes as Trojan.Agent.DWGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft\WindowsNo
raidcallXdwm.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\InstallDirNo
updateXdwm.exeDetected by Malwarebytes as Backdoor.XTRat.Gen. Note - this entry either replaces or loads the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. Which is the case is unknown at this timeNo
Java(TM) Platform SE Auto Updater 2 0Xdwm.exeDetected by McAfee as Downloader.gen.aNo
AviraXdwm.exeDetected by Malwarebytes as Backdoor.SpyNet. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in an "AppData" sub-folderNo
MCore86Xdwm.exeDetected by Malwarebytes as Trojan.Dropper.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\######## - where # represents a digitNo
windowsXdwm.exeDetected by Malwarebytes as Backdoor.XTRat.Gen. Note - this entry either replaces or loads the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. Which is the case is unknown at this timeNo
JavaXdwm.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%No
javaXdwm.exeDetected by Malwarebytes as Backdoor.Agent.PGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %Windir%\MicrosoftNo
WindowsDirectXdwm.exeDetected by Malwarebytes as RiskWare.BitCoinMiner.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %CommonAppData%\WindowsTaskNo
WINADMINXdwm.exeDetected by McAfee as RDN/Generic.tfr!ed and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%No
taskownXdwm.exeDetected by Malwarebytes as RiskWare.BitCoinMiner.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %CommonAppData%\WindowsTaskNo
Java auto-updaterXdwm.exeDetected by Malwarebytes as Trojan.FakeJava. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\MicrosoftNo
cXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %MyDocuments%No
HostSVCXdwm.exeDetected by Dr.Web as Trojan.MulDrop5.3438 and by Malwarebytes as Trojan.Agent.HST. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%No
LKRRMTXdwm.exeDetected by McAfee as RDN/Ransom!eh and by Malwarebytes as Trojan.Agent.VBS. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AllUsersProfile%No
dwmXdwm.exeDetected by Malwarebytes as Trojan.Agent.OMO. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData% - see hereNo
dwmXdwm.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Avanger - see hereNo
dwmXdwm.exeDetected by Malwarebytes as Ransom.FileCryptor. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft\SpoonBusterNo
dwmXdwm.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft\Windows - see hereNo
dwmXdwm.exeDetected by Sophos as Mal/Agent-WS. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %UserTemp%No
dwmXdwm.exeDetected by McAfee as Downloader-BYH. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %Windir%No
*WindowsMngerXdwm.exeDetected by Dr.Web as Trojan.DownLoader12.20313 and by Malwarebytes as Backdoor.IRCBot.FR. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AllUsersProfile%\WindowsMngerNo
dwm.exeXdwm.exeDetected by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\Microsoft - see hereNo
avastuiXdwm.exeDetected by McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %AppData%\InstallDirNo
dXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %UserProfile%\FavoritesNo
dwm.exeXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550 and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
AvastUIXdwm.exeDetected by Malwarebytes as Backdoor.Agent.DCEGen. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %MyDocuments%\DCSCMINNo
avastUIXdwm.exeDetected by McAfee as RDN/Generic BackDoor and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %MyDocuments%\PointBlankNo
dwmsXdwm.exeDetected by McAfee as RDN/Sdbot.bfr!c and by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %WinTemp%\CookiesNo
avastUIXDwm.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCE. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %MyDocuments%\PointBlank\ScreenShotNo
aXdwm.exeDetected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/Vista which loads as a service and is located in %System%. This one is located in %UserProfile%\DesktopNo
PSDRVXdwm32.exeDetected by McAfee as RDN/Generic.dx!xw and by Malwarebytes as Trojan.Agent.PSNo
ezftsXdwm32.exeDetected by Malwarebytes as Trojan.Agent.PS. The file is located in %AppData%\Microsoft\DLL - see hereNo
MsDtcXdwmc.exeDetected by Malwarebytes as Backdoor.Agent.DCE. The file is located in %AppData% - see hereNo
DigitalWizard MonitorNdwMon.exeInstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital contentNo
dwmsXdwms.exeDetected by McAfee as RDN/Generic.bfr!ib and by Malwarebytes as Backdoor.XTremeNo
cmosXdwmsys.exeDetected by Dr.Web as Trojan.DownLoader10.26644 and by Malwarebytes as Trojan.Agent.HLNGenNo
Sys32bitsXdwmsys.exeDetected by Sophos as Mal/Rebhip-XK and by Malwarebytes as Trojan.Backdoor.VITNo
systemuiXdwmsys.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Downloader.Gen. The file is located in %AppData%\Microsoft\Sys32No
systemuiXdwmsys.exeDetected by Malwarebytes as Trojan.Downloader.Gen. The file is located in %AppData%\Microsoft%\SysWOW_x86_64No
dwmw.exeXdwmw.exeDetected by McAfee as RDN/Generic.tfr and by Malwarebytes as Backdoor.Agent.DCNo
taskerwinXDwmx32k.exeDetected by Malwarebytes as Trojan.InfoStealer.E. The file is located in %AppData%\WindirtNo
PoliciesXdwn..exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Windir%\.SysvNo
HKCUXdwn..exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\.SysvNo
HKLMXdwn..exeDetected by Malwarebytes as Backdoor.HMCPol.Gen. The file is located in %Windir%\.SysvNo
PoliciesXdwn.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %Root%\Database\Microsoft\Windows\dwnNo
Avast AntivirusXdwn.exeDetected by Malwarebytes as Backdoor.Agent.AV. The file is located in %System%No
Gestionnaire de fenetre AeroXdwn.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
dwn.exeXdwn.exeDetected by Malwarebytes as Trojan.FakeMS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
CTGKjXXDwPMjF.exeDetected by Malwarebytes as Backdoor.Bot.MSIL. The file is located in %AppData%\crssNo
Google SearchXdwrdsyetp.exeDetected by Malwarebytes as Backdoor.BetaBot. The file is located in %CommonFiles%\Google Search0No
Olympus DSSXdwrdsyetp.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %CommonFiles%\AppleDev0No
Creative Media BlasterXdwrdsyetp.exeDetected by Dr.Web as Trojan.PWS.Siggen1.911No
Watson Subscriber for SENS Network NotificationsUdwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
DWPersistentQueuedReportingUDWTRIG20.EXEUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareNo
DWQueuedReportingUdwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
dwtrig20Udwtrig20.exeUsed to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their softwareYes
ChromeDevelopXdww.exeDetected by Dr.Web as Trojan.DownLoader11.56046 and by Malwarebytes as Trojan.Downloader.ENo
Desktop Window ManagerXdwwm.exeDetected by Sophos as W32/VBNA-E. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 10/8//7/VistaNo
DX11 DriverXdx11.exeDetected by Dr.Web as Trojan.Siggen6.5508 and by Malwarebytes as Backdoor.Agent.ENo
appsXdx2u12.exeDetected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes as Trojan.Agent. The file is located in %System%No
DxLoadXDX3DRndr.exeDetected by Symantec as W32.Gibe.B@mmNo
RunmeAtStartupXdx5.exeDetected by Microsoft as TrojanDownloader:Win32/Bulilit.ANo
RunmeAtStartupXdx8.exeDetected by Malwarebytes as Trojan.ChinAd. The file is located in %Root%\Users (10/8/7/Vista) or %Root%\Documents and Settings (XP)No
Dx8compatXDx8compat.exeDetected by Symantec as Trojan.GemaNo
DirectX9 DiagXdx9diag.exeDetected by Sophos as W32/Rbot-ALTNo
ShellXDXALCDeXp48a.exe,explorer.exeDetected by Malwarebytes as Backdoor.Agent.Generic. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "explorer.exe" (which is a legitimate file located in %Windir% and shouldn't be deleted) and "DXALCDeXp48a.exe" (which is located in %AppData%\Adobe)No
DeluxeCommunicationsXDxc.exeDeluxe Communications adware - successor to SurfSideKickNo
Direct X Direct3DXdxd3d.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
FrameworkXdxdiag.exeDetected by Dr.Web as Trojan.DownLoader7.48368 and by Malwarebytes as Backdoor.IRCBot. Note - this is not the legitimate DirectX diagnostics tool process which is always located in %System%. This one is located in %Temp%No
dxdiags.exeXdxdiags.exeDetected by Sophos as Troj/Certif-GNo
DxDialogXdxdlg32.exeDetected by Sophos as Troj/VB-CXTNo
dxdllregNdxdllreg.exeRegisters with Windows the DLL (Dynamic Link Library) files that are part of Microsoft DirectX9. Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it after a manual installation or after a new application is installed that also installs DirectX9. This entry should only appear once and can cause boot error messages if it remains so remove itYes
DXDllRegExeNdxdllreg.exeRegisters with Windows the DLL (Dynamic Link Library) files that are part of Microsoft DirectX9. Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it after a manual installation or after a new application is installed that also installs DirectX9. This entry should only appear once and can cause boot error messages if it remains so remove itYes
UdaterXdxeepca.exeDetected by Malwarebytes as Trojan.Udate. The file is located in %AllUsersProfile%No
HKCUXdxfg3s.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.HMCPol.GenNo
HKLMXdxfg3s.exeDetected by McAfee as RDN/Generic.bfr!ey and by Malwarebytes as Backdoor.HMCPol.GenNo
FreeMaps EPM SupportUdxmedint.exeFreeMaps toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeMaps_dx\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
dxmsrvXdxmsrv.exeAdded by an unidentified WORM or TROJAN!No
OneDriveXdxmwv.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%No
Direct X OpenglXdxopengl.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
Service ManagerXdxsound.exeDetected by McAfee as Proxy-GricNo
FreeMaps Search Scope MonitorUdxsrchmn.exeFreeMaps toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\FreeMaps_dx\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
DxstyXDxsty.exeDetected by Symantec as Trojan.GemaNo
DirectX Video DriverXdxterm5.exeDetected by Sophos as W32/Wilab-ANo
Dxupdate.exeXDxupdate.exeDetected by Symantec as W32.MafegNo
dxvidXdxvid.exeDetected by Sophos as Troj/Dluca-YNo
fddddHOMEXdxxatp.exeDetected by Trend Micro as TROJ_RANKY.AANo
Dynamic DHCPXdydhcp.exeDetected by Trend Micro as BKDR_RINBOT.BNo
STARTUPXdylan.exeDetected by McAfee as RDN/Spybot.bfr and by Malwarebytes as Backdoor.AgentNo
dyljukeqsutmXdyljukeqsutm.exeDetected by McAfee as RDN/Generic BackDoor!uq and by Malwarebytes as Trojan.Agent.USNo
Dezipper EPM SupportUdymedint.exeDezipper toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Dezipper_dy\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
Microsoft.nameXdyn.exeDetected by McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
DynDNS UpdaterUDynDNS.exeDynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.orgNo
Symantec Antivirus professionalXdyndns.exeAdded by a variant of W32/Forbot-Gen. The file is located in %System%No
Dynamic Dns BinaryXdynitora.exeDetected by Sophos as W32/Rbot-WTNo
DynHttp Dns BinaryXdynizari.exeDetected by Trend Micro as WORM_RBOT.AUONo
DynSiteUDynSite.exeDynSite by Noël Danjou - "automatically updates your dynamic IP address every time it changes on one or many dynamic DNS services or by email. This allows anyone to connect to the servers (Web, FTP, NNTP, etc.) running on your own computer using a fully qualified domain name (e.g. myhost.dyndns.org, where myhost is a name of your choice)"No
DynDNS Updater Tray IconUDynTray.exeSystem Tray access to, and notifications for the Dyn Updater client for DynDNSNo
Dynu Basic ClientUdynubas.exeDynu online dynamic IP update clientNo
DynDNS UpdaterUDynUpPs.exeDynDNS Updater from Dynamic Network Services - "is a lightweight application designed to keep hostnames in DynDNS' free and paid DNS services up-to-date with your current IP address. This allows one to run Web or e-mail services at home, even on a dynamic IP address"No
dyqepjokubexXdyqepjokubex.exeDetected by McAfee as RDN/Generic Downloader.x!ip and by Malwarebytes as Trojan.Agent.USNo
Dezipper Search Scope MonitorUdysrchmn.exeDezipper toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\Dezipper_dy\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
boqamahXdytevevi.exeDetected by Sophos as W32/Sdbot-UHNo
SwdaswdwXdywwif.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
disgxXdywwif.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
yoinkXdywwif.exeDetected by Trend Micro as WORM_SDBOT.BGFNo
dzg32.exeXdzg32.exeDetected by Dr.Web as Trojan.Inject1.28641 and by Malwarebytes as Trojan.VBKryptNo
PConverter EPM SupportUdzmedint.exePConverter toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PConverter_dz\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
QTGameUDZS.exeDetected by Malwarebytes as PUP.Optional.ShopBox. The file is located in %AppData%\DzsGame. If bundled with another installer or not installed by choice then remove itNo
DZKillMe?DZSAVEME.EXEThe file is located in %Windir%. What does it do and is it required?No
PConverter Search Scope MonitorUdzsrchmn.exePConverter toolbar - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\PConverter_dz\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
nVidiaDisp32Xdzucg.exeDetected by Dr.Web as Trojan.DownLoader4.16277No
Windows Reg ServicesXd_service.exeDetected by Microsoft as Backdoor:Win32/Prorat and by Malwarebytes as Backdoor.AgentNo
UpdateXd_update.exeDetected by Malwarebytes as Trojan.HawkEyeKeyLogger.E. The file is located in %AppData%No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home