| Index | Introduction | Database | Detailed Entries | Updates | Concise List | HJT Forums | Rogues | Message Board |
If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.
See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.
Last database update :- 29th Apr, 2013
31819 items listed
You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.
Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:
A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.
Please click on the Search button
1096 results found for D
| Startup Item or Name | Status | Command or Data | Description | Tested |
|---|---|---|---|---|
| drocher | X | d.exe | Adult content dialler | No |
| SYSTEM | X | d.exe | Detected by Trend Micro as WORM_MYTOB.LP | No |
| WindowsSystem32 | X | d.exe | Detected by Sophos as Troj/Agent-ZGM and by Malwarebytes Anti-Malware as Trojan.Backdoor | No |
| D066UUtility | N | D066UUTY.EXE | TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software | No |
| SysteZ | X | d1.exe | Added by the MSNDIABLO.A WORM! | No |
| Jufualt | X | d11host.exe | Added by the SDBOT.ARA WORM! | No |
| systemr | X | d11host.exe | Added by the VB-GX TROJAN! | No |
| dnam | X | d140113.a.Stub.EXE | Added by the STUB_A TROJAN! | No |
| D3**.exe [* = random char] | X | D3**.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| D3**32.exe [* = random char] | X | D3**32.exe [* = random char] | CoolWebSearch/HomeSearch adware - for examples, see this log | No |
| d3790de650d70ac1da4aa0af1beaec99 | X | d3790de650d70ac1da4aa0af1beaec99.exe | Detected by Dr.Web as Trojan.DownLoader8.31938 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d3b723be6cda7831128c70a6114bebc5 | X | d3b723be6cda7831128c70a6114bebc5.exe | Detected by Dr.Web as Trojan.DownLoader7.13092 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Microsoft® Windows® Operating System | X | D3D10Ref.exe | Detected by Sophos as Mal/Agent-AIP and by Malwarebytes Anti-Malware as Backdoor.Messa | No |
| D3DOverrider | U | D3DOverrider.exe | Utility that comes bundled with the RivaTuner graphics tweaking utility which allows you to override the control panel settings and force Triple Buffering to be enabled for Direct3D games. This can improve graphics performance, especially when you have VSync enabled - see here | No |
| D3DOverrider | U | D3DOverriderWrapper.exe | Utility that comes bundled with the RivaTuner graphics tweaking utility which allows you to override the control panel settings and force Triple Buffering to be enabled for Direct3D games. This can improve graphics performance, especially when you have VSync enabled - see here. This is the Windows 7/Vista version which loads the main application (D3DOverrider.exe) | No |
| behpyoup | X | d3drml.exe | Detected by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %Temp% | No |
| D4 | U | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| Dimension4 | U | D4.exe | Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down | No |
| d42f0fa15f4769f5694d7c89fe18e16e | X | d42f0fa15f4769f5694d7c89fe18e16e.exe | Detected by Dr.Web as Trojan.DownLoader7.2094 and by Malwarebytes Anti-Malware as Spyware.Password. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows starts | No |
| d4d09436d35da01cf69e37f8597d3266 | X | d4d09436d35da01cf69e37f8597d3266.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d4f8ba9eae9d84a2873c361974f1f3aa | X | d4f8ba9eae9d84a2873c361974f1f3aa.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| WinMine | X | D4NG3.vbs | Added by the BISCUIT.A WORM! | No |
| toastpop | X | d57BJSail5.exe | Detected by Dr.Web as Trojan.KillProc.19830 and by Malwarebytes Anti-Malware as Adware.KorAd.Gen | No |
| toastpop003 | X | d57BJSail555.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd.Gen. The file is located in %Windir% | No |
| d5a38e9b5f206c41f8851bf04a251d26 | X | d5a38e9b5f206c41f8851bf04a251d26.exe | Detected by Dr.Web as Trojan.DownLoader7.13869 and by Malwarebytes Anti-Malware as Backdoor.Bot. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d5a38e9b5f206c41f8851bf04a251d26 | X | d5a38e9b5f206c41f8851bf04a251d26.exe | Detected by Dr.Web as Trojan.DownLoader7.21837 and by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d5e680da0c3a0008bbfd086e30868721 | X | d5e680da0c3a0008bbfd086e30868721.exe | Detected by Dr.Web as Trojan.DownLoader8.19454 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d709f34a2bc48c2ecfacf26803c2c376 | X | d709f34a2bc48c2ecfacf26803c2c376.exe | Detected by Dr.Web as Trojan.DownLoader7.19599 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d7271e2abb6db7647dd37dd76bdecd00 | X | d7271e2abb6db7647dd37dd76bdecd00.exe | Detected by McAfee as Trojan-FAUE!79C0889AC0CB and by Malwarebytes Anti-Malware as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| GHWAUC6NNZ | X | D7AB19ECEDE2D[private subnet]FD66CBEF20E0A0911F.exe | Detected by McAfee as Downloader-CEW.ap and by Malwarebytes Anti-Malware as Trojan.FakeAlert.SA | No |
| d9347bb67c3915d4b4f4b318a915057b | X | d9347bb67c3915d4b4f4b318a915057b.exe | Detected by Dr.Web as Trojan.Siggen4.33560 and by Malwarebytes Anti-Malware as Worm.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d93cea3f9c93f407bf84abee820b565c | X | d93cea3f9c93f407bf84abee820b565c.exe | Detected by McAfee as RDN/Generic PWS.y!lt and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d9bae609eb51f8ca1766366d36a7ee5d | X | d9bae609eb51f8ca1766366d36a7ee5d.exe | Detected by McAfee as RDN/Generic PUP.x!qk and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| d9fw5i91p | X | d9fw5i91p.exe | Detected by Sophos as Troj/Agent-GIW | No |
| [random name] | X | d?dplay.exe | PurityScan adware | No |
| [random name] | X | d?xplore.exe | PurityScan adware | No |
| Windows Update | X | DA2900B2669.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %AppData% | No |
| dab1c01d088e43d83122e84a5262c4d7 | X | dab1c01d088e43d83122e84a5262c4d7.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Dabayo | X | DabayoLaunch.exe | Detected by Malwarebytes Anti-Malware as Adware.K.Dabayo. The file is located in %ProgramFiles%\Dabayo | No |
| DACONFIGEXE | N | daconfig.exe | 3Com NIC Diagnostics. Available via Start → Programs | No |
| DadApp | Y | dadapp.exe | "DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell | No |
| Corel Desktop Application Director | N | dadx.exe | The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start → Programs | No |
| dae.exe | X | dae.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %System% | No |
| dae31c02cb06222e776b9ccb9207edb1 | X | dae31c02cb06222e776b9ccb9207edb1.exe | Detected by McAfee as RDN/Generic.bfr!e and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| daemon | N | Daemon.exe | Older version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature set | Yes |
| DAEMON Tools | N | daemon.exe | Older version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature set | Yes |
| DAEMON Tools Lite | N | daemon.exe | Older version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required on later revisions if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature set | Yes |
| DAEMON Tools-1033 | N | daemon.exe | Older version of Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. This version is free for personal use and has a limited feature set | Yes |
| TrackpointSrv | U | daemon.exe | Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work | No |
| Daemon | X | daemon.exe c daemon2.exe | Added by the SELOTIMA.A WORM! | No |
| Daemon | N | DAEMON32.EXE | Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start → Programs | No |
| Daemon Tools ATAPI driver | X | daemontools.exe | Added by the AGENT-OTX TROJAN! | No |
| DaemonUI | N | DaemonUI.exe | DaemonUI - graphical user interface for older versions of the DAEMON Tools CD/DVD emulation utility | No |
| Dafu | X | Dafu.exe | Detected by IKarus as Backdoor.Win32.FlyAgent and by Malwarebytes Anti-Malware as Trojan.Agent.WDR. The file is located in %Windir% | No |
| Administrator di Dago | X | Dago.exe | Added by the PUNYA-B WORM! | No |
| CueX44 | X | Dago.exe | Added by the PUNYA-B WORM! | No |
| Micro Update | X | dailin.exe | Added by the RBOT-ER WORM! | No |
| dailycon | X | dailycon.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %ProgramFiles%\dailycon - see here | No |
| userinit | X | daipnwf.exe | Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| ZaCker | X | DaLaL.vbs | Detected by McAfee as W32/Vote.b@MM | No |
| Download Accelerator Manager Free Edition | N | dam.exe | Download Accelerator Manager Free Edition from Tensons Corp | No |
| Dell|Alert | N | DAMon.exe | "Dell Alert" utility, that's supposed to make interaction with Support easier | No |
| damqysmufadu | X | damqysmufadu.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| DanBtR270414 | X | DanBtR270414.exe | Added by the VB-NIB WORM! | No |
| DANEFXICYXZU | X | danefxicyxzu.exe | Detected by McAfee as Downloader.a!dbf and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| 65655dee73cec9bf37410b3a70792d7f | X | dany.exe | Detected by Dr.Web as Trojan.DownLoader8.37150 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ | No |
| Dap | N | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start → Programs. Note that the free version is adware based | No |
| Download Accelerator Plus 5.0 | N | DAP.exe | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start → Programs. Note that the free version is adware based | No |
| DownloadAccelerator | N | DAP.EXE | Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start → Programs. Note that the free version is adware based | No |
| DRan posessor | X | DAP.exe | Added by a variant of W32/Sdbot.worm | No |
| load= | X | dapdll.exe | Added by the ATAK.E WORM! | No |
| DarkGold | X | DarkGold.exe | Detected by Sophos as Troj/Bckdr-RNA and by Malwarebytes Anti-Malware as Backdoor.Bot | No |
| DSADFDF | X | darki.exe | Detected by McAfee as RDN/Generic.grp!d and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| daskgfkkcx15 | X | dasdsaads15.exe | Added by the ONLINEG-Q TROJAN! | No |
| AllSearch_main | X | DaSearchU.exe | DaSearch rogue security software - not recommended. One of the OneScan family of rogue scanner programs. Detected by Malwarebytes Anti-Malware as Adware.K.AllSearch | No |
| Codename Dashboard | U | dashboard.exe | Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time." No longer available | No |
| DashBarState | ? | dashIE | ?? | No |
| asdsaxcxz13 | X | dasxcsx13.exe | Added by the LEGMIR-ARF TROJAN! | No |
| [40 hex characters] | X | data.pif | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile% - see examples here and here | No |
| data.pif | X | data.pif | Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| DataCardMonitor | U | DataCardMonitor.exe | Mobile (USB) internet management tool by Huawei Technologies Co., Ltd as used by a number of providers including T-Mobile, Virgin Media, tele.ring and blueconnect | No |
| DataHealer | X | DataHealer.exe | DataHealer rogue security software - not recommended, removal instructions here | No |
| DataKeeper | U | DataKeeper.exe | PowerQuest DataKeeper (now owned by Symantec) backup software | No |
| Data Layer 2 | X | datalayer.exe | Added by the RBOT-BNF WORM! Note - do not confuse with the legitimate Nokia file sharing the same filename - this one is located in %System% | No |
| DataLayer | Y | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| Nokia PC Suite | Y | DataLayer.exe | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | Yes |
| DataLayer | Y | DATALA~1.EXE | Part of Nokia PC Suite version 5 - which "is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one." Required by the Nokia status/connection monitor (NclTray.exe) | No |
| DataMngr | ? | DataMngrUI.exe | Toolbar associated with the iMesh and BearShare peer-to-peer (P2P) file-sharing clients | No |
| DataMngr | ? | DATAMN~1.EXE | Toolbar associated with the iMesh and BearShare peer-to-peer (P2P) file-sharing clients | No |
| Optus Cable Data Monitor | U | datamonitor.exe | Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" | No |
| msader15ADOR15 | X | datamsadomd2.70.7713.0.exe | Added by the TRITE-A WORM! | No |
| DataProtect | X | DataProtect.exe | DataProtect rogue security software - not recommended, removal instructions here | No |
| Dell DataSafe Online | U | DataSafeOnline.exe | "Dell DataSafe Online helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection. For your security all data is encrypted and compressed before ever leaving your computer." Required for the automatic backups to run | No |
| Dell DataSafe Scheduler | U | DataSafeOnlineScheduler.exe | Scheduler for Dell DataSafe™ Online which "helps protect your music, photos and other important files by placing backup copies on a secure storage site using your internet connection" | No |
| datasave | X | datasaverun.exe | DataSave rogue security software - not recommended, removal instructions here | No |
| Datcheck | X | datcheck.exe | Detected by Symantec as KeyPanic.Trojan | No |
| DateMakerIntl | X | DateMakerIntl.exe | Premium rate adult content dialler | No |
| Date Manager | X | datemanager.exe | DateManager - calendar/reminder utility. Contains GAIN adware by Claria Corporation | No |
| DateMngr | X | DATEMNGR.EXE | Added by the SPYBOT-BR BACKDOOR! | No |
| Data Protection | X | datprot.exe | Data Protection rogue security software - not recommended, removal instructions here | No |
| Desktop Architect | N | DATRAY.EXE | Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc | No |
| Google_Update | X | DaumCleans.exe | Detected by Dr.Web as Trojan.DownLoader6.49071 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| DAupdate | X | DAupdate.exe | NavEnhance adware | No |
| Perfomance Monitor | X | davcsync.exe | Added by the LAMUD-A WORM! | No |
| DAW9532.exe | ? | DAW9532.EXE | Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required? | No |
| Daily Planner | N | dayplan.exe | Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them | No |
| DayToday | U | DAYTODAY.EXE | DayToday from RoboMagic Software Corp. Displays the date on the taskbar | No |
| WIZZ | X | dazzler.exe | Detected by Kaspersky as the DIALER.IS TROJAN! | No |
| ASDPLUGIN | X | dbaccess.exe | AsdPlug premium rate adult content dialer | No |
| Win Validation Application | X | DBExecCom.exe | Added by the VBSILLY-A WORM! | No |
| Debugger | X | dbg32.exe | Added by the MYTOB-FW WORM! | No |
| Microsoft Debug Service | X | dbgbgr.exe | Added by a variant of Win32/Rbot | No |
| DbgHlp32 | X | DbgHlp32.exe | Added by the WINKO.AO WORM! | No |
| dbhlp32 | X | dbhlp32.exe | Added by the GAMEOL.AQ TROJAN! | No |
| DBISQL9 | U | dbisqlg.exe | Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies | No |
| xmens32 | X | dbm322.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. Note the space at the beginning of the "Startup Item" field and the file is located in %System% | No |
| Microsoft System Checkup | X | dbnetlib.exe | Added by the DONK.L WORM! | No |
| dbserv | N | dbserv.exe | Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled | No |
| Gravis Appawareloader | U | dbserver.exe | Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them | No |
| Dbxaxd | X | Dbxaxd.exe | Added by the VBKRYPT.GNJU TROJAN! | No |
| BD | X | dc.exe | Added by the RASDOOR-A TROJAN! | No |
| dc | X | dc.exe | Detected by Sophos as W32/VB-DZE | No |
| Dialer Control | U | dc.exe | Dialer-Control. Detects and protects from premium rate adult content diallers | No |
| WINSERV SERVICE | X | dc.exe | Added by the HAMWEQ.DQ WORM! | No |
| DC6cw | X | DC6cw.exe | Part of the DriveCleaner rogue security software - not recommended, removal instructions here | No |
| DC6 | X | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions here | No |
| DC6_check | X | dc6_startupmon.exe | Part of the WinAntiVirus Pro 2006 rogue security software - not recommended, removal instructions here | No |
| Dcap | X | DCap.exe | Detected by Dr.Web as Trojan.DownLoader6.46786 and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| _ | X | dcbcg.exe | Detected by Sophos as Troj/Agent-HMT | No |
| dcc | X | dcc_.exe | Added by the AGENT-GBJ TROJAN! | No |
| [various names] | X | DCC_send.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| DAZEL Delivery Agent | U | DcDaemon.exe | Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP | No |
| DCE Manager | X | dcemgr.exe | Added by the TUMAG TROJAN! | No |
| DCfssvc | U | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| dcfssve | U | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example | No |
| Phase One Media Reader | U | DCIMImp.exe | Phase One Media Reader Capture images | No |
| Deus Cleaner | X | DCleaner.exe | Deus Cleaner rogue system cleaner utility - not recommended | No |
| hunpenig | X | dclocmwk.exe | Detected by Malwarebytes Anti-Malware as Trojan.Downloader. The file is located in %LocalAppData% | No |
| BMN | X | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| dc6_check | X | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| Salestart | X | dcmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| audlmne32 | X | dcmsxe.exe | Added by the MAILBOT-CF TROJAN! | No |
| WINDOWS SYSTEM | X | dcomuser.exe | Added by the MYTOB.EO WORM! | No |
| System | X | dcomx.exe | Added by the CIREBOT BACKDOOR! | No |
| Salestart | X | dcpasmon.exe | SystemDoctor rogue security software - not recommended, removal instructions here | No |
| dlcipscl | X | dcpavss.exe | Added by the MAILBOT-CB TROJAN! | No |
| dcsm | X | dcsm.exe | Part of the PrivacyProtector and DriveCleaner rogue security tools | No |
| Salestart | X | dcsm.exe | Part of the PrivacyProtector and DriveCleaner rogue security tools | No |
| Windows Automatical Updater | X | dcz.exe | Added by the RBOT.CXS WORM! | No |
| D SYSTEM | X | dd.exe | Added by the MYTOB-FN WORM! | No |
| Dialer Detect | U | dd.exe | DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it | No |
| DoubleDesktop | U | dd.exe | "DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop" | No |
| DDCActiveMenu | N | DDCActiveMenu.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| DDCM | N | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| DDCMan | N | DDCMan.exe | Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case | No |
| WinDirectories | X | ddcs.exe | Added by the VB-ETN WORM! | No |
| WindowServer | X | dddasasa.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.WS. The file is located in %AppData%\window | No |
| Windows Service | X | dddd.exe | Detected by Kaspersky as Dialer.Salc, also known to come with the Bube family of trojans | No |
| ddeproc | X | ddeproc.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| Winsvr manager | X | DDEsvr.exe | Added by the TIRBOT-C WORM! | No |
| DirectX | X | ddhelp32.exe | Added by an unidentified VIRUS, WORM or TROJAN! Note - not the DirectX helper which is ddhelp.exe | No |
| DDialler | X | DDialler.exe | Adult content dialler | No |
| DDLAgent | U | DDLAgent.exe | Loads DVD Device Lock - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| DVD Device Lock for Win95/98/Me/2k/XP | U | DDLAgent.exe | Loads DVD Device Lock - which "can be used to restrict read or write access to removable media devices such as CD, DVD, floppy, flash and USB drives. You can also restrict access to partitions of hard disk drives". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI | Yes |
| MSConfig | X | ddmlxjwy.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% | No |
| DDmService | ? | DDmService.exe | Part of the Web Player which is included with the DivX Plus video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see here | Yes |
| DivX Download Manager | ? | DDmService.exe | Part of the Web Player which is included with the DivX Plus video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see here | Yes |
| DivX Download Manager Service | ? | DDmService.exe | Part of the Web Player which is included with the DivX Plus video software package from DivX, LLC. The exact purpose of this entry and whether it's needed is unknown at present but it appears to be associated with clearing the cache - see here | Yes |
| Microsoft® Windows® Operating System | X | DDORES.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %Templates% | No |
| Adobes Updates | X | ddosw.exe | Added by the BACKDR-DC BACKDOOR! | No |
| CCD Manager | U | DDS.EXE | Project Labs Century CD manager for their CD/DVD storage device | No |
| PlaySys | X | ddsplay.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| MSRegScan | U | DDSSDemo.exe | SystemSleuth surveillance software. Uninstall this software unless you put it there yourself | No |
| DynDNS-Updater Traytool | N | ddutray.exe | DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually | No |
| DDWMon | U | ddwmon.exe | Direct Disc Writer Event Monitor from TOSHIBA | No |
| De32gen | X | de32gen.exe | Added by the GEMA TROJAN! | No |
| DE58DC232B2EB5B6FC69BBB9A7C86D4CBC512941 | X | DE58DC232B2EB5B6FC69BBB9A7C86D4CBC512941 | Detected by McAfee as RDN/Generic.bfr!d | No |
| HKCU | X | DeadAuth.exe | Detected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| HKLM | X | DeadAuth.exe | Detected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| Policies | X | DeadAuth.exe | Detected by Kaspersky as Trojan.Win32.VB.ahsj and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen | No |
| DeadKitty | X | DeadKitty.exe | Added by the DEADCAT-A WORM! | No |
| deafb983a004e9d6c19560e2100b5de3 | X | deafb983a004e9d6c19560e2100b5de3.exe | Detected by Dr.Web as Trojan.DownLoader7.12571 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| au | U | DealioAu.exe | Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products | No |
| browser | X | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| cpl | X | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| httpd | X | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| Messanger | X | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| StartMenu | X | deamon.exe | Added by the TACTSLAY.C TROJAN! | No |
| Virtual CDROM | X | deamon.exe | Added by the RBOT.VP WORM! | No |
| deasycponyfe | X | deasycponyfe.exe | Detected by McAfee as PWS-Zbot-FAGQ!4B5426148A84 and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| Death.exe | X | Death.exe | Added by the DELF-ERW TROJAN! | No |
| Debuger | X | Debuger.exe | Detected by Dr.Web as Trojan.AVKill.28870 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| DebugMonitor | X | debugmonitor.exe | Added by the MYDOOM.BG WORM! | No |
| Debug | X | DebugW32.exe | Added by the GUBED TROJAN! | No |
| run= | X | dec25.exe | Added by the ATAK.F WORM! | No |
| Ciodiag | X | DECCONF.EXE | Detected by Trend Micro as TROJ_STRAT.EL | No |
| wininf | X | decoder.exe | Detected by Dr.Web as Trojan.DownLoader5.29928 | No |
| what ever | X | decom.exe | Added by the RBOT-SC WORM! | No |
| DeeEnEs | U | DeeEnEs.exe | DeeEnEs - automatically updates a dynamic IP address when it changes | No |
| Ltho | X | dees.exe | PurityScan adware | No |
| NAV DefAlert | U | DefAlert.exe | Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis | No |
| (Default) | X | Default.exe | Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| DefaultConfiguration | X | defaultconfh.exe | Added by the AGOBOT-JC WORM! | No |
| Defense Center | X | defcnt.exe | Defense Center rogue security software - not recommended, removal instructions here | No |
| [various names] | X | defect08.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Defenceprivacy | X | DefencePrivacy.exe | Defence Privacy rogue security software - not recommended, removal instructions here | No |
| defencevaccinestart.exe | X | defencevaccinestart.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Rogue.K.DefenceVaccine | No |
| defencevaccine main | X | defencevaccineu.exe | Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Rogue.K.DefenceVaccine | No |
| DefencerGBA | X | defend.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %UserProfile%\[numbers] | No |
| DefendAPc | X | DefendAPc.exe | DefendAPc rogue security software - not recommended, removal instructions here. A member of the AntiAID family | No |
| Security Protection | X | defender.exe | Security Protection rogue security software - not recommended, removal instructions here | No |
| SpySpotter System Defender | X | Defender.exe | SpySpotter rogue spyware remover - not recommended, see here | No |
| Spyware Protection | X | defender.exe | Spyware Protection rogue security software - not recommended, removal instructions here | No |
| tmp | X | defender.exe | Fake Microsoft Security Essentials Alert - removal instructions here | No |
| DefenseVirusMain | X | DefenseVirus.exe | DefenseVirus rogue security software - not recommended, removal instructions here | No |
| defergui | ? | defergui.exe | Related to IBM Standard Software Installer. What does it do and is it required? | No |
| Default Manager | U | DefMgr.exe | Part of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| DefMgr | U | DefMgr.exe | Part of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| Microsoft Default Manager | U | DefMgr.exe | Part of MSN Toolbar from version 4.* onwards (renamed "Bing Bar" from version 5.* onwards) which includes the Bing search engine. Via Start → All Programs → Microsoft Default Manager you can elect to keep Bing as the default search engine and set it to notify you of any changes to your browsers default settings. Not required if you choose not to use Bing | Yes |
| DEFINI_INVENT | X | defnv.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Root%\definitiva | No |
| Automatic Defrag Manager | X | defrag.exe | Added by the RBOT-AKE WORM! | No |
| Win Defrags | X | defrag.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Windows DLL Loader | X | defragfat32.exe | Added by the SDBOT-SS WORM! | No |
| Windows DLL Loader | X | defragfat32abc.exe | Added by the RBOT-RG WORM! | No |
| Windows DLL Loader | X | defragfat32pi.exe | Added by the RBOT-QQ WORM! | No |
| Windows DLL Loader | X | defragfat32z.exe | Added by the LINKBOT.A WORM! | No |
| Windows DLL Loader | X | defragfat39.exe | Added by the POEBOT-C WORM! | No |
| Windows DLL Loader | X | defragfatx.exe | Added by the POEBOT-F WORM! | No |
| Windows DLL Loader | X | defragfatz.exe | Added by the LINKBOT.H WORM! | No |
| defragm_check | X | defragment.exe | CoolWebSearch parasite variant | No |
| DefragTaskBar | U | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2/3 - which "defragments your hard drive only when computer is idle, hence enabling you to follow your everyday work routine without any distraction" | Yes |
| defragTaskBar.exe | U | defragTaskBar.exe | System Tray access to Ashampoo® Magical Defrag 2/3 - which "defragments your hard drive only when computer is idle, hence enabling you to follow your everyday work routine without any distraction" | Yes |
| WebScan | U | DEFSCANGUI.EXE | Web scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation | No |
| WebScan | U | DEFSCA~1.EXE | Web scanner function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation | No |
| defwatch | U | defwatch.exe | Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis | No |
| SpywareGuard | X | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application | No |
| Windows Internet Protocol | X | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN! | No |
| Deko550 | U | Deko550.exe | Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology | No |
| Windows Service Pack Auto Update | X | del-me.exe | Adware, also detected as the LOWZONES.BH TROJAN! | No |
| HKCU | X | Delaws.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %AppData%\usecure | No |
| HKLM | X | Delaws.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %AppData%\usecure | No |
| Policies | X | Delaws.exe | Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.XTR. The file is located in %AppData%\usecure | No |
| ioloDelayModule | U | delay.exe | Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads | No |
| hpWirelessAssistant | U | DelayedAppStarter.exe HPWA_Main.exe | Wireless management utility for HP computers that allows the user to enable individual wireless devices (such as Bluetooth or WLAN devices) and shows the state of the radios for those devices | No |
| Delay | U | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| Delayrun | U | delayrun.exe | On HP PCs this program is used to help prevent conflicts or timing issues on fast computers | No |
| GhostSurfDelSatellite | Y | DeleteSatellite.exe | Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place | No |
| Execute | ? | delfolders.exe | ?? | No |
| Delivery Center | ? | DeliveryCenter.exe | ?? | No |
| Diamond Delivery Center | ? | DeliveryCenter.exe | ?? | No |
| DellControlPoint | U | Dell.ControlPoint.exe | Dell ControlPoint is "designed to simplify and unify the execution of what should be simple system functions" and "integrates best-of-breed software and utility solutions into one helpful solution". Includes Power Manager, Security Manager and Connection Manager functions | No |
| DellConnectionManager | U | Dell.UCM.exe | Part of the Dell ControlPoint Connection Manager which "provides a complete communications management environment for everything from Ethernet to dial-up to GPS". Dell ControlPoint is "designed to simplify and unify the execution of what should be simple system functions" and "integrates best-of-breed software and utility solutions into one helpful solution" | No |
| DellDMI | ? | delldmi.exe | Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? | No |
| Dell Dock | U | DellDock.exe | Dell Dock by Stardock Corporation - "created to bring greater organization, personalization and productivity to Dell customers around the globe". Based upon Stardock's own ObjectDeck which is used to "organize your shortcuts, programs and running tasks into an attractive and fun animated dock" | No |
| Dell Dock First Run | U | DellDock.exe | Dell Dock by Stardock Corporation - "created to bring greater organization, personalization and productivity to Dell customers around the globe". Based upon Stardock's own ObjectDeck which is used to "organize your shortcuts, programs and running tasks into an attractive and fun animated dock" | No |
| DELLMMKB | U | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| DellTouch | U | DELLMMKB.EXE | Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys | No |
| DellSC | N | dellsc.exe | Dell Solution Center - web-based troubleshooting tools and educational offerings | No |
| DELL Webcam Manager | N | DellWMgr.exe | Dell Webcam Manager - Webcam management software provided on Dell PCs | No |
| delmsbb | X | delmsbb.exe | 180Search adware | No |
| delsaap | X | delsaap.exe | NCase adware | No |
| delstart | ? | delstart.exe | Reportedly part of BT ISP software - what does it do and is it required in startup? | No |
| DeltaIITaskbarApp | U | DeltaIITray.exe | System Tray access to the Delta Control Panel for the Delta series of PCI audio cards | No |
| M-Audio Taskbar Icon | U | DeltaIITray.exe | System Tray access to the Delta Control Panel for the Delta series of PCI audio cards | No |
| DelTmp | ? | DelTemp.exe | Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? | No |
| delcab | ? | deltreew.exe C:\cabs | ?? | No |
| DeltTray | U | DeltTray.exe | System Tray access to the Delta Control Panel for the Delta series of PCI audio cards | No |
| M-Audio Delta Taskbar Icon | U | DeltTray.exe | System Tray access to the Delta Control Panel for the Delta series of PCI audio cards | No |
| DELUXECC | U | DELUXECC.exe | Twain driver for the SiPix SC-Deluxe digital camera | No |
| DELXP Protocol | X | delxp.exe | Added by a variant of W32/Sdbot.worm | No |
| demm386.exe | X | demm386.exe | Added by the RBOT-EO WORM! | No |
| Microsoft | X | demo.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %AppData% | No |
| demon | ? | demon.exe | Part of the French Wanadoo ADSL extense pack. What does it do and is it required? | No |
| Dencnf | X | Dencnf.exe | Detected by Malwarebytes Anti-Malware as Trojan.Ircbot. The file is located in %Windir% | No |
| Especial | X | Deneca.bat | Added by the DELUZ VIRUS! | No |
| WINDOWS DENEME | X | deneme.exe | Added by the MYTOB-CR WORM! | No |
| [various names] | X | dePloy.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| DeploymentUpdate | X | Deploymentupdt32.exe | Detected by Malwarebytes Anti-Malware as Trojan.SHarpro.Pgen. The file is found in %LocalAppData%\Deployment\DeploymentUpdate | No |
| depton | X | depton.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.DPT. The file is located in %Windir% | No |
| frun | X | derc32xz.exe | Added by unidentified malware. The file is located in %Windir% | No |
| 90efc1c59b4d9e300470f34b7b9e92e3 | X | dersa.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.MSIL. The file is located in %UserTemp% | No |
| Desire | X | desires.exe | Adult content dialler | No |
| desk-top-service | ? | desk-top-service.exe | ?? | No |
| HydarVisionDesktopManager | U | desk95.exe | ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs | No |
| HydraVisionDesktopManager | U | desk98.exe | ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup | No |
| DeskAd Service | X | DeskAdServ.exe | DeskAd.Service adware | No |
| Desktop Adviser | U | deskadv.exe | ALDESI Desktop Adviser surveillance software. Uninstall this software unless you put it there yourself | No |
| DeskColor | N | DESKCOLOR.EXE | Provides transparent icon text backgrounds and coloured icon text | No |
| Deskflag | N | Deskflag.exe | DeskFlag - animated USA flag on the desktop | No |
| DeskMateAutoUpdate | X | DeskMateAutoUpdate.exe | DeskMates: Virtual scantily clad girls enhance your desktop. Contains BargainBuddy adware | No |
| deskmech | N | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervals | Yes |
| Desktop Maestro | N | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervals | Yes |
| DesktopMaestro | N | deskmech.exe | Part of Desktop Maestro from PC Tools - which "combines the features of our award winning products, Registry Mechanic and Privacy Guardian to ensure that you have the range of tools at your fingertips to ensure optimal system performance, stability and user privacy". This entry is created when Desktop Maestro is installed on XP and loads the System Tray icon and runs a registry scan at startup - if either are enabled. Run manually at regular intervals | Yes |
| DeskSaver | U | DeskSaver.exe | DeskSaver from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". The Pro version also includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaver | Yes |
| desksaver | U | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the "00DSKSVR01" or "00DSKSVR00" entries | Yes |
| DeskSaver Pro | U | DeskSaver.exe | DeskSaver Pro from Headway Creative - utility that allows you "to backup and to restore the icons position easily on the Windows desktop". Includes a "Taskbar Economizer" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaver | Yes |
| desksaver.exe | U | desksaver.exe | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Located in %ProgramFiles%\[program name]. For more details please see the "00DSKSVR01" or "00DSKSVR00" entries | Yes |
| 00DSKSVR00 | ? | desksaver.exe saskda | Part of Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. The exact purpose of this startup entry is unknown at present | Yes |
| 00DSKSVR01 | U | desksaver.exe tray | System Tray access to Advanced Desktop Shield, Easy Desktop Keeper, 1st Desktop Guard and Desktop Layout Keeper (and maybe others) - which give you the ability to save, restore, manage and lock your desktop layout that includes files and folders located on your desktop, placement of desktop icons, desired wallpaper and screen saver. Disabling via the program's own options will leave this startup entry but it will not run - "desksaver.exe" does however run as it's also used as a service | Yes |
| DiscoverDeskshop | N | Deskshop.exe | Discover Deskshop - single use "virtual" credit card | No |
| DeskSlide | U | DeskSlide.exe | "DeskSlide is utility for automating wallpaper changes on your desktop" | No |
| DeskSpace | U | deskspace.exe | DeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube" | Yes |
| DeskSpace | U | DESKSP~1.EXE | DeskSpace desktop management utility from Otaku Software Pty Ltd - which "gives you more space for your windows and icons. You can eliminate desktop clutter by arranging your windows and icons across up to six desktops, all easily reachable by navigating a desktop cube" | Yes |
| Desktop Calendar | U | Desktop Calendar.exe | Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis" | No |
| Desktop Defender 2010 | X | Desktop Defender 2010.exe | Desktop Defender 2010 rogue security software - not recommended, removal instructions here | No |
| Desktop iCalendar | U | Desktop iCalendar Lite.exe | Desktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste" | Yes |
| Desktop iCalendar Lite | U | Desktop iCalendar Lite.exe | Desktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste" | Yes |
| Desktop iCalendar Lite.exe | U | Desktop iCalendar Lite.exe | Desktop iCalendar Lite by Desksware - "is a free desktop calendar for Windows. It allows you to manage your events, to-do list on desktop. It allows subscribing public Google Calendar, such as holidays, election or NBA. It is full customizable. A build in skin editor makes it easy to set the skin by your own taste" | Yes |
| Desktop iCalendar | U | Desktop_iCalendar.exe | Desktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins" | Yes |
| Desktop iCalendar.exe | U | Desktop_iCalendar.exe | Desktop iCalendar by Desksware - "is a handy desktop calendar for Windows. It stays on your desktop and shows the days of the current month. It can sync with your Google Calendar, share calendars with your family and friends. It also uses high-quality fonts, looks pretty, and has lots of skins" | Yes |
| Desktop Security 2010 | X | Desktop Security 2010.exe | Desktop Security 2010 rogue security software - not recommended, removal instructions here | No |
| Desktop | X | Desktop.com | Added by the VB-DRN WORM! | No |
| ba36334ad9883cdf49fcccd0d285d289 | X | desktop.exe | Detected by McAfee as RDN/Generic PWS.y!l and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| desktop | X | desktop.exe | Detected by Malwarebytes Anti-Malware as Trojan.Dropper. The file is located in %AppData% | No |
| desktop | X | desktop.exe | Detected by F-Secure as SdBot.MD. The file is located in %System% | No |
| Desktop Search | X | desktop.exe | Detected by McAfee as Adware-ISearch | No |
| desktop | X | desktop.ini.vbs | IE-Title malware | No |
| Desktop Armor | Y | DesktopArmor.exe | Desktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malware | Yes |
| DesktopArmor | Y | DesktopArmor.exe | Desktop Armor from Headlight Software - "watches dozens and dozens of important settings on your computer and warns you if any program has changed them" including those made by malware | Yes |
| SkinClock | U | DesktopClock.exe | Free Desktop Clock by Drive Software - replacement for standard Windows tray clock that provides a number of skins and options such a load at start-up, transparent background, seconds display and 12-hour format | No |
| DesktopIconToy | U | DesktopIconToy.exe | "Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons" | No |
| Lto Manager | Y | DesktopLtoManager.exe | Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others | No |
| Desktop Manager | N | DesktopMgr.exe | Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry" | No |
| Copernic Desktop Search | N | DesktopSearch.exe | Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures" | No |
| Copernic Desktop Search 2 | U | DesktopSearchService.exe | Copernic Desktop Search - search agent | No |
| Motorola Desktop Suite | U | DesktopSuite.exe | Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000 | No |
| DW4 | N | DesktopWeather.exe | Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| DW6 | N | DesktopWeather.exe | Desktop Weather 6 by The Weather Channel - provides current temperature, conditions, alerts, etc | No |
| DesktopX | N | DesktopX.exe | System Tray access to DesktopX from Stardock Corporation - "is a desktop utility designed to enable users to build their own desktops, widgets, and gadgets." Note - if this entry is disabled and DesktopX has been configured to load any desktops, objects or widgets they will still load, along with DesktopX. Also part of the Object Desktop suite | Yes |
| DesktopX.exe | N | DesktopX.exe | System Tray access to DesktopX from Stardock Corporation - "is a desktop utility designed to enable users to build their own desktops, widgets, and gadgets." Note - if this entry is disabled and DesktopX has been configured to load any desktops, objects or widgets they will still load, along with DesktopX. Also part of the Object Desktop suite | Yes |
| deskup | N | deskup.exe | Adds Iomega Zip drive icons to the desktop | No |
| DeskVaccine | X | DeskVaccine.exe | DeskVaccine rogue security software - not recommended, removal instructions here | No |
| desp2k | U | desp2k.exe | Part of the Turbo Analyzer tool from LightComm Brazil Telecom that analyzes and corrects ADSL configurations | No |
| [various names] | X | Dest068.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| KernelConfig | X | destiny32.exe | Detected by Trend Micro as WORM_AGOBOT.AMB | No |
| destroy11 | X | destroy11.exe | Added by the DELF-KO TROJAN! | No |
| destroyb11 | X | destroyb11.exe | Added by the DELF-KO TROJAN! | No |
| Desura | N | desura.exe | "Desura is a community driven digital distribution service for gamers, putting the best games, mods and downloadable content from developers at gamers fingertips, ready to buy and play" | No |
| Detector | N | detector.exe | USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software | No |
| DetectorApp | U | DetectorApp.exe | Related to Roxio MyDVD (was Sonic) DVD authoring software | No |
| Disk Essensial Tools | X | detsvc.exe | Added by the SLENFBOT.JL WORM! | No |
| Microsoft Windows Workstation | X | devcode.exe | Added by the RBOT-AWL WORM! | No |
| Dev Gnu Cpp | X | devcpp.exe | Added by the RBOT-RU WORM! | No |
| Device Detector | U | DevDetect.exe | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| Camera Detector | U | DEVDET~*.EXE | ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically | No |
| Device Detector 2 | N | DevDtct2.exe | Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources | No |
| Device Detector 3 | N | DevDtct2.exe | Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources | No |
| Development Environment | X | devenv.exe | Added by the DELBOT-AH WORM! | No |
| Mircosoft Windows Developer Enviroment | X | devenv.exe | Added by an unidentified WORM or TROJAN! | No |
| Mircosoft Windows Developer Enviroment | X | devenv.exe | Added by the RBOT.AUJ BACKDOOR! | No |
| Driver Control Manager v4.6 | X | devetnae.exe | Added by the IRCBOT-AGY WORM! | No |
| Digital Dashboard | N | devgulp.exe | For Compaq PC's. Loads Digital Dashboard options | No |
| SystemDevic | X | devic.exe | Added by the MIMBOT.A WORM! | No |
| Device Hardware | X | devicehnd.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Device IO System | X | deviceio.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Device Manager | X | DeviceManager.exe | Detected by McAfee as RDN/Ransom and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| PhilipsDM | N | DeviceManager.exe | Device manager for Philips portable media players such as the GoGear | No |
| USBDEVICEMANAGER | X | DeviceManager.exe | Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Trojan.Agent.DPT | No |
| win32serv | X | devicer.exe | Added by the CHECKOUT WORM! | No |
| DriverMax | U | devices.exe | Part of the DriverMax driver update tool from Innovative Solutions | No |
| DriverMax_RESTART | U | devices.exe | Part of the DriverMax driver update tool from Innovative Solutions | No |
| System Device | X | devices.exe | Added by the AGENT.AFIF WORM! | No |
| Cmpnt | X | Devices2.exe | Added by the TOMPAI-D TROJAN! | No |
| Device Security Driver | X | devicesec.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Configuration Loader Service | X | devl32.exe | Added by the SDBOT-XY WORM! | No |
| devldr16 | U | devldr16.exe | Associated with some Creative Labs sound cards in Win98/Me. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| devldr16.exe | U | devldr16.exe | Associated with some Creative Labs sound cards in Win98/Me. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices | No |
| Microsoft Synchronization Manager | X | devldr32.exe | Added by a variant of Win32/Rbot. Note - do not confuse with the legitimate Creative Labs devldr32.exe file | No |
| Devlog | ? | devlog.exe | Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required | No |
| devmgmt | X | devmgmt.exe | Detected by Kaspersky as Trojan.Win32.VB.aqvl | No |
| Microsoft Update | X | devmks32.exe | Added by a variant of Win32/Rbot | No |
| Device Microsoft System | X | devsrv.exe | Detected by Trend Micro as WORM_RBOT.AHL | No |
| xdxqa | X | dewa.exe | Added by the SDBOT-YB WORM! | No |
| autorepair | X | dexs.exe | Added by a variant of W32/Sdbot.worm | No |
| Configuration Loader | X | dezi.exe | Added by the SDBOT-OB WORM! | No |
| SNMP Detection Secondary Modules | X | dffcmgag.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.LBR. The file is located in %System% | No |
| dfgdfgdg.exe | X | dfgdfgdg.exe | Detected by McAfee as Ransom!hm and by Malwarebytes Anti-Malware as Trojan.IRCbot | No |
| sAGwzfF8s2kTPQ2Av3TFYIjT7EBTtE | X | dfgdfgdg.exe | Detected by McAfee as Ransom!hm and by Malwarebytes Anti-Malware as Trojan.IRCbot | No |
| Symantec Antivirus professional | X | dfrgfrat.exe | Added by a variant of the FORBOT WORM! | No |
| Distributed File System | X | Dfsvc.exe | Added by the MYFIP.A or MYFIP.K WORMS! | No |
| Hermes Messenger | U | DGDRHE~1.EXE | A LAN messenger alternative to WinPopUp - Digital Dreams Software | No |
| DGJM | ? | DGJM.exe | ?? | No |
| Microsoft Security Pansasagers | X | dgkztsqgn.exe | Added by the RBOT-BBJ WORM! | No |
| dgtstart | X | dgtstart.exe | Detected by Kaspersky as AdWare.Win32.DigitalNames.g | No |
| dguard | U | dguard.exe | Download guard function of eAcceleration Stop-Sign security software - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation | No |
| DealHelperBrwsr | X | dhbrwsr.exe | Detected by Symantec as Adware.DealHelper | No |
| FatPipe | U | DHCP | Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users | No |
| LAN | X | dhcp.exe | Added by the RBOT-GYI WORM! | No |
| Microsoft STS Service | X | DHCP32.exe | Added by the SDBOT-UK WORM! | No |
| dhcpagnt | Y | dhcpagnt.exe | Intel DSL modem driver - leave enabled or you'll have to re-install the drivers | No |
| Windows APCI Verifier | X | dhcpserv.exe | Added by the RBOT-FON WORM! Note - Disables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| DeleteHistoryFree | U | dhf.exe | Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC" | No |
| DHNUXB | ? | DHNUXB.exe | ?? | No |
| DealHelperUpdate | X | DHUpdt.exe | Detected by Symantec as Adware.DealHelper | No |
| DHxaBSbLeDyP.exe | X | DHxaBSbLeDyP.exe | Detected by Sophos as Troj/Agent-QGY | No |
| File1 | X | Dia Claro.htm | Added by the DLOADER-OR TROJAN! | No |
| SWAP | X | Diablo3 swapping.exe | Detected by McAfee as Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| (Default) | X | diagcfg.exe | Added by the GWGIRL BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| DiagnosticConfiguration | X | diagcfg.exe | Added by the GWGIRL BACKDOOR! | No |
| diagent | N | diagent.exe | System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start → Programs | No |
| Diagnostic Agent | X | diagent.exe | Added by the AGOBOT-CW WORM! | No |
| Microsoft® Windows® Operating System | X | diager.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %Templates% | No |
| Diagnostic | X | diagnostic.exe | Detected by Sophos as Troj/Alpha-C | No |
| Installer | X | dial.exe | Malware - detected by Kaspersky as the AGENT.MM TROJAN! | No |
| User23.exe | X | DIAL.exe | This is a trojan trying to disguise itself as User32.dll | No |
| BTopenworld | U | DialBTYahoo.exe | BT Yahoo! internet connection manager | No |
| REGRUN | X | dialer.exe | Adware downloader - detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! | No |
| [various names] | X | dialer423.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| antidialer.co.uk | U | Dialer_Watcher.exe | Dialer_Watcher is an application that allows you to detect dialers on your computer | No |
| Itunes | X | dials.exe | Detected by Kaspersky as the AGENT.MM TROJAN! | No |
| Windows Dialup Service | X | dialup.exe | Detected by Trend Micro as WORM_AGOBOT.AAH | No |
| Diamondview | ? | Diamondview.exe | Manulife Financial Insurance program. Is it required at startup? | No |
| Livre | X | Dibane.bat | Added by the BANEDI VIRUS! | No |
| High Definition DickSprinkles Service | X | dicksprinkles.exe | Detected by Dr.Web as Trojan.DownLoader7.15806 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| disgx | X | didesgx.exe | Added by the SDBOT.BGF WORM! | No |
| Swdaswdw | X | didesgx.exe | Added by the SDBOT.BGF WORM! | No |
| yoink | X | didesgx.exe | Added by the SDBOT.BGF WORM! | No |
| rundll*** | X | die.exe [path] mdll.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| rundll*** | X | die.exe [path] secure.bat | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| rundll*** | X | die.exe [path] secure.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| rundll*** | X | die.exe [path] ttg.exe | Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 | No |
| DietK | U | DietK.exe | Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results" | No |
| DigiCell | U | DigiCell.exe | MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" | No |
| DigiSrv | U | DigiSrv.exe | Related to camera software from DigitalDreams | No |
| DesktopX Widget | U | DigitalMETER.exe | DigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry | Yes |
| DigitalMETER | U | DigitalMETER.exe | DigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits | Yes |
| DigitalNames | X | DigitalNamesStart.exe | DigitalNames spyware variant | No |
| DigiD | X | DigitalSound.exe | TheGuardian malware! | No |
| DesktopX Widget | U | DIGITA~1.EXE | DigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "DigitalMETER.exe" is shown as "DIGITA~1.EXE" | Yes |
| DigitalMETER | U | DIGITA~1.EXE | DigitalMETER widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop. Once started, DigitalMETER.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "DigitalMETER.exe" is shown as "DIGITA~1.EXE" | Yes |
| Digital Protection | X | digprot.exe | Digital Protection rogue security software - not recommended, removal instructions here | No |
| DIGServices | N | DIGServices.exe | Created by Disney but licensed to ESPN for watching videos | No |
| DIGStream | N | digstream.exe | DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically | No |
| iConfigLoader | X | DIIhost.exe | Detected by Symantec as W32.HLLW.Gaobot.AO | No |
| dikkoceruvyn | X | dikkoceruvyn.exe | Detected by McAfee as PWS-FANO!77F138CB9225 and by Malwarebytes Anti-Malware as Trojan.Ransom.Gen | No |
| Diks32 | X | Diks32.exe | Detected by Dr.Web as Trojan.PWS.Banker1.2398 and by Malwarebytes Anti-Malware as Trojan.Banker | No |
| dIlhost.exe | X | dIlhost.exe | Added by the MDROP-DUW TROJAN! Note the uppercase "i" in place of a lower case "L" after the "d" | No |
| Microsoft Internal AntiVirus Systems | X | dIlhost.exe | Added by the RBOT-AEV WORM! | No |
| diloqgohovap | X | diloqgohovap.exe | Detected by McAfee as RDN/Generic Downloader.x!co and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| Dimension | U | Dimension.exe | Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol | No |
| Dino3 | X | dino3.exe | Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result | No |
| Dinst | X | dinst.exe | IMIServer/IEPlugin adware | No |
| dionpis | X | dionpis.exe | Added by the PSW-FF TROJAN! | No |
| Direct X | X | Direct X9.exe | Added by the ZANAYAT.A WORM! | No |
| Directx Startup Drivers | X | direct.exe | Detected by Trend Micro as WORM_CPEX.F. The file is located in %System%\inetsrv | No |
| direct3d.exe | X | direct3d.exe | Added by the CERTIF-F TROJAN! | No |
| DirectX9 | X | direct3d.exe | Added by the AGENT.EAK TROJAN! | No |
| Windows SP4 | X | directCC.exe | Added by the RBOT-ACX WORM! | No |
| Adaptec DirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| AdaptecDirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| DirectCD | N | DirectCD.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start → Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later | No |
| DirectKeyword | X | DirectKeyword.exe | Detected by Malwarebytes Anti-Malware as Adware.K.DirectKeyWord. The file is located in %AppData%\DirectKeyword | No |
| directs.exe | X | directs.exe | Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! | No |
| DIRECTVDSL | U | Directvdsl.exe | Starts DirectTV DSL modem at boot up. Can also be started manually | No |
| directx | X | Directx.exe | Added by the SDBOT.D TROJAN! | No |
| DirectX | X | DirectX.exe | Added by the BLAXE or LOGPOLE WORMS! | No |
| DirectX | X | directx32.exe | Added by the AGOBOT.CG WORM! | No |
| DirectX 32 | X | directx32.exe | Added by a variant of the AGOBOT WORM! | No |
| DirectX Plugin | X | directx32.exe | Added by the KURTAGENT.A TROJAN! | No |
| DirectX 3D Service | X | DirectX3D.exe | Detected by Symantec as Backdoor.Revrs and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| WindowsXP Module | X | DirectX3D.exe | Malware, reportedly a keylogger - see here | No |
| Microsoft Directx | X | directxat.exe | Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF) | No |
| Microsoft Directxsp | X | directxbt.exe | Added by a variant of the RBOT-GHT WORM! | No |
| Microsoft Directx click | X | directxclick.exe | Added by a variant of the RBOT-GHT WORM! | No |
| Microsoft Directx clicks | X | directxclickers.exe | Added by the RBOT-GHT WORM! | No |
| Microsoft Directxspnew | X | directxnew.exe | Added by a variant of the RBOT-GHT WORM! | No |
| Microsoft Directx push | X | directxpushup.exe | Added by a variant of the RBOT-GHT WORM! | No |
| DirectX64 | X | DirectXset.exe | Detected by McAfee as W32/Browney.a.worm | No |
| DirecX | X | DirecX.exe | Added by the AGOBOT-HU BACKDOOR! | No |
| Dirkey | U | Dirkey.exe | Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders | No |
| DirLock | X | DirLock.exe | Added by the AUTORUN-APL WORM! | No |
| DirLocker | X | dirlock.exe | Added by the AUTORUN-AMS WORM! | No |
| SessionMngr | X | dirlock.exe | Added by the DAPROSY WORM! | No |
| dirnvv | X | dirnvv.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.TIB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Winjava xml | X | dirx9.exe | Detected by SUPERAntiSpyware as Trojan.DIRX9.Process. The file is located in %System% | No |
| DisableWinXPWZCS | ? | DisableWinXPWZCS.exe | Associated with Qualcomm Atheros wireless chipsets | No |
| EDFcsn | ? | discfcsn.exe | Related to Hewlett-Packard's Discovery Agent. What does it do and is it required? | No |
| discoveg | ? | discoveg.exe | ?? | No |
| DISCover | ? | DISCover.exe | Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required? | No |
| DiscUpdateManager | N | DiscUpdateMgr.exe | Disc Update Manager for Digital Interactive's DISCover Console. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" | No |
| DiscUpdateManager | N | DiscUpdMgr.exe | Disc Update Manager for Digital Interactive's DISCover Console. "The company's patented Drop 'n' Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players" | No |
| DiscWizardMonitor.exe | N | DiscWizardMonitor.exe | Part of Seagate DiscWizard - their implementation of the Acronis True Image backup software. Provides the interface between the various tasks. When disabled it appears to have no impact with interactive and scheduled backups and image mounting | No |
| disfyqgublyx | X | disfyqgublyx.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| msig | X | disk10.exe | Detected by Sophos as Troj/Banbra-KF | No |
| taskmsgs | X | disk10.exe | Added by the BANCOS-BBW TROJAN! | No |
| MSN32 | X | disk22.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %System% | No |
| Windows (random character) | X | diskcheck.exe | Added by the SINGU.B TROJAN! | No |
| DiskCleanMain | X | DiskClean.exe | DiskClean rogue security software - not recommended, removal instructions here | No |
| Disk Cleaner | U | DiskCleaner.Exe | Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH | No |
| (Default) | X | diskete.exe | Detected by Microsoft as TrojanDownloader:Win32/Banload and by Malwarebytes Anti-Malware as Trojan.Delf. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank | No |
| Diskinf | X | diskinf.exe | Added by the CRYPTER.A TROJAN! | No |
| CrystalDiskInfo | U | DiskInfo.exe | CrystalDiskInfo - a "HDD/SSD utility software which supports S.M.A.R.T. and a part of USB-HDD" | No |
| DISKMON.EXE | ? | DISKMON.EXE | ?? | No |
| diskchk | X | diskmon32.exe | Added by the RBOT-BBI WORM! | No |
| Disknag | N | disknag.exe | Dell program that reminds you to make your backup diskettes | No |
| DiskPiePro | N | DiskPiePro.exe | DiskPie Pro cleaning utility from PC Magazine that provides users with customizable pie charts to find and fix overweight folders, files and disk drives | No |
| Microsoft Service Disk Cycle | X | disksave.exe | Added by the SLENFBOT.II WORM! | No |
| [various names] | X | diskserv.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| Disk Manager | X | diskver.exe | Added by a variant of Win32/Rbot | No |
| Disk_Monitor | U | Disk_Monitor.exe | Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader | No |
| I am not Ranky. I am eTunnel! | X | disney.exe | Added by an unidentified WORM or TROJAN! | No |
| disnisa | X | disnisa.exe | Added by the DORF-AE WORM! | No |
| Dispatcher | X | dispatcher.exe | Added by the DLOADR-AS TROJAN! | No |
| dispenter | X | dispenter.exe | Added by the AGENT-MKK TROJAN! | No |
| APC UPS Status | Y | Display.exe | System Tray access to the APC PowerChute software which controls their range of uninterruptible power supplies (UPS) - to provide unattended shutdown of servers and workstations in the event of an extended power outage and status logging | No |
| Windows Display Coupler | X | display.exe | Added by the IRCBOT-YS TROJAN! | No |
| DisplayFusion | U | DisplayFusion.exe | DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows" | Yes |
| NVIDIA Display | X | DisplayMonitor.exe | Added by the ABI.C WORM! Note - this is not a legitimate nVidia entry | No |
| DisplaySwitch | X | DisplaySwitch.exe | Detected by Sophos as Troj/Ransom-QA and by Malwarebytes Anti-Malware as Trojan.FakeMS.zb | No |
| Disspy | U | disspy.exe | Disspy spyware detection and removal software | No |
| Distiller Assistant 3.01 | N | DISTASST.EXE | From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start → Programs | No |
| Dit | Y | Dit.exe | "Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found. Located in %Windir% | No |
| Dit | X | dit.exe | Added by the LAZAR-A TROJAN! Note - this is located in %System% | No |
| DiTask.exe | N | DiTask.exe | Associated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call) | No |
| Divamon.exe | ? | Divamon.exe | Associated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem - what does it do and is it required? | No |
| DivX Updater | X | DivX.Exe | Added by the NALDEM TROJAN or MASTAK VIRUS! | No |
| Java Update | X | divx.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %ProgramFiles%\Java | No |
| divx | X | divxenc.exe | Added by the SPBOT.B TROJAN! | No |
| DivX Player | X | DivXPlayer.exe | Added by the RBOT.AW BACKDOOR! | No |
| DIVX Video Player | X | DIVXPloyer.exe | Added by an unidentified WORM or TROJAN! | No |
| DivX Update | N | DivXUpdate.exe | Automatic updates for the DivX Plus video software package from DivX, LLC - which includes the free Player, Web Player and Codec Pack and a trial version of the Converter. If disabled, DivXUpdate.exe will run the next time you start one of the components - but will not run on windows start-up | Yes |
| DivXUpdate | N | DivXUpdate.exe | Automatic updates for the DivX Plus video software package from DivX, LLC - which includes the free Player, Web Player and Codec Pack and a trial version of the Converter. If disabled, DivXUpdate.exe will run the next time you start one of the components - but will not run on windows start-up | Yes |
| Cerb | X | DivXx.exe | Added by the KEYLOG-LV TROJAN! | No |
| caidiysetup | X | diynetsetupuni.exe | DIYNet adware | No |
| djebmm350.exe | X | djebmm350.exe | Ebates Moe Money Maker adware | No |
| DJSNetCN | ? | DJSNetCN.exe | "Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required? | No |
| djtopr1150.exe | X | djtopr1150.exe | WebRebates adware | No |
| Server | X | dkdel.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Whimoo. The file is located in %System% | No |
| dKernel | X | dKernel.exe | Added by the DECOY-A WORM! | No |
| DiskeeperSystray | N | DkIcon.exe | Diskeeper defragmentation utility from Condusiv Technologies (was Diskeeeper Corporation and Executive Software) | No |
| DkService | Y | DkService.exe | Part of the Diskeeper defragmentation utility from Condusiv Technologies (was Diskeeeper Corporation and Executive Software). Recommended to leave this enabled, otherwise you could have problems starting it manually. Runs as a service on Windows XP and later | No |
| DKTime | X | dktime.exe | Added by the LUNII TROJAN! | No |
| Debugger Windows Builder | X | dkuowfxs.exe | Detected by Dr.Web as Trojan.DownLoader5.32217 | No |
| Dkware lptt01 | X | dkware.exe | RapidBlaster variant (in a "DonkySoft" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| Dkware ml097e | X | dkware.exe | RapidBlaster variant (in a "DonkySoft" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it | No |
| dkzzixm | ? | dkzzixm.exe | ?? | No |
| Win32 Update | X | dl32.exe | Added by an unidentified WORM or TROJAN! | No |
| DLA | Y | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| DLACTRLW | Y | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| DLACTRLW.EXE | Y | DLACTRLW.EXE | Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas (now Symantec) and others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | Yes |
| DlaTray | N | Dlatray.exe | System Tray access to DLA (Drive Letter Access) on HP PCs - HP's version of DirectCD (by Veritas - now Symantec). From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| HP_dla | N | dlatray.exe | System Tray access to DLA (Drive Letter Access) on HP PCs - HP's version of DirectCD (by Veritas - now Symantec). From HP - "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but won't be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" | No |
| Dell AIO Printer A940 | U | dlbabmgr.exe | System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons | No |
| dlbcserv | N | dlbcserv.exe | Related to Dell Photo Printers and provides additional configuration options for these devices | No |
| Dell AIO Printer A960 | U | dlbfbmgr.exe | System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons | No |
| Dell AIO Printer A920 | U | dlbkbmgr.exe | System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons | No |
| Dell Photo AIO Printer 922 | U | dlbtbmgr.exe | System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons | No |
| dlbtmon.exe | U | dlbtmon.exe | Dell Photo AIO Printer 922 device monitor | No |
| Dell Photo AIO Printer 942 | U | dlbubmgr.exe | System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons | No |
| dlbumon.exe | U | dlbumon.exe | Dell Photo AIO Printer 942 device monitor | No |
| dlbxmon.exe | U | dlbxmon.exe | Dell Photo AIO Printer 962 device monitor | No |
| dlccmon.exe | U | dlccmon.exe | Dell Photo AIO Printer 924 device monitor | No |
| dlcdmon.exe | U | dlcdmon.exe | Dell Photo AIO Printer 944 device monitor | No |
| dlcgmon.exe | U | dlcgmon.exe | Dell Photo AIO Printer 810 device monitor | No |
| dlcimon.exe | U | dlcimon.exe | Dell AIO Printer 946 device monitor | No |
| dlcjmon.exe | U | dlcjmon.exe | Dell Photo AIO Printer 964 device monitor | No |
| dlcqmon.exe | U | dlcqmon.exe | Dell Photo AIO Printer 966 device monitor | No |
| dlcxmon.exe | U | dlcxmon.exe | Dell Photo AIO Printer 926 device monitor | No |
| dlder | X | dlder.exe | Dlder spyware. Also creates a fake "explorer.exe" file and can be installed via versions of Grokster, Lime Wire and KaZaA file-sharing utilities | No |
| dldfmon.exe | U | dldfmon.exe | Dell AIO Printer 948 device monitor | No |
| dldnamon | U | dldnamon.exe | Dell V105 AIO printer device monitor | No |
| dldnmon.exe | U | dldnmon.exe | Dell V105 AIO printer device monitor | No |
| dldomon.exe | U | dldomon.exe | Dell 968 AIO Printer device monitor | No |
| dldtamon | U | dldtamon.exe | Dell V305 AIO Printer device monitor | No |
| dldtmon | U | dldtmon.exe | Dell V305 AIO Printer device monitor | No |
| dldtmon.exe | U | dldtmon.exe | Dell V305 AIO Printer device monitor | No |
| dldwamon | U | dldwamon.exe | Dell V505 AIO printer device monitor | No |
| dldwmon.exe | U | dldwmon.exe | Dell V505 AIO printer device monitor | No |
| dleamon.exe | U | dleamon.exe | Dell V310-V510 Series AIO printer device monitor | No |
| dlebmon.exe | U | dlebmon.exe | Dell P513w AIO wireless printer device monitor | No |
| dlecmon.exe | U | dlecmon.exe | Dell P713w AIO wireless printer device monitor | No |
| dleemon.exe | U | dleemon.exe | Dell V715w AIO wireless printer device monitor | No |
| DLForcerExe | ? | DLForcerEXE.exe | ?? | No |
| Digital Line Detect | N | DLG.exe | Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems | No |
| DLG | N | DLGCHBW.exe | Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates | No |
| Data LifeGuard LifeLine Lite installer | N | DLGLI.EXE | Backweb installer - see here | No |
| dlhost | X | dlhost.exe | Added by the EXPHOOK-A TROJAN! | No |
| Windows System Tray | X | dlhost.exe | IamBigBrother spyware | No |
| NetworkSetup | N | dlink.exe | D-Link System Tray icon | No |
| DLKJhghfdhg | X | DLKJhghfdhg.exe | Detected by McAfee as RDN/Generic PWS.y!e and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| hkey | X | dll | MOLEULTR-A malware | No |
| police | X | dll | MOLEULTR-A malware | No |
| AMINA | X | dll.exe | Detected by McAfee as Generic.dx!bhqr and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| CLSID | X | dll.exe | FirstEnter - Switch dialer and hijacker variant, see here | No |
| HKCU | X | dll.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\windowss | No |
| HKCU | X | dll.exe | Detected by McAfee as Generic.dx!bhqr and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| HKLM | X | dll.exe | Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\windowss | No |
| mstwain32 | X | DLL.EXE | Detected by Kaspersky as Trojan-Dropper.Win32.Delf.gdj and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| dll32 | X | dll32.exe | Detected by Kaspersky as Trojan-Downloader.Win32.Banload.bej. The file is located in %System% | No |
| System32Dll | X | DLL32SYS.EXE | Added by the SPYBOT-CZ WORM! | No |
| dllcache.exe | X | dllcache.exe | Added by the VISPAT.A WORM! | No |
| netmon | X | dllcache.exe | Detected by Sophos as Troj~Bckdr-RAA and by Malwarebytes Anti-Malware as Worm.Autorun.MSOL | No |
| Windows Dynamic Library Cache | X | dllcache.exe | Added by the INJECT-HT TROJAN! | No |
| NoDriveTypeAutoRun | X | dllcache32.exe | Added by the SPUNST TROJAN! | No |
| DllCacherv2 | X | dllcachev2.exe | Added by the LATEDA TROJAN! | No |
| Winsock2 driver | X | dllcfg32.exe | Added by the SPYBOT.AG WORM! | No |
| Live Menu | N | Dllcmd32.exe | eFax Send button for eFax Messenger Plus. Available via Start → Programs Disabling instructions available here | No |
| MSN Update | X | dllcon.exe | Added by the RBOT-EA WORM! | No |
| Dlldmt | X | dlldmt.exe | Added by the GEMA TROJAN! | No |
| dllhelp | X | dllhelp.exe | Added by the STARTPAGE.DQ hijacker | No |
| Win32 Configuration | X | dllhelp.exe | Added by the SDBOT.UL WORM! | No |
| dllhelp | X | dllhlp.exe | Added by the DOWNLOADER-HI TROJAN! | No |
| System Rescue | X | dllhosl.exe | Detected by Microsoft as TrojanSpy:Win32/Ranbyus.G and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| DLL32 | X | dllhost.dll | Added by the SUCLOVE.A WORM! | No |
| DllHost | X | dllhost.exe | Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Inf | No |
| Gilat SOM Enumerator | Y | dllhost.exe | For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system | No |
| Microsoft Driver Setup | X | dllhost.exe | Detected by Sophos as W32/Autorun-AOZ. Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\drivers | No |
| WinMngn | X | dllhost.exe | Detected by Sophos as Troj/Sivion-A. Note - this is not the legitimate dllhost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\system | No |
| DLL Service Manager | X | dllhost16.exe | Added by the RPCBOT.F BACKDOOR! | No |
| Index Service | X | dllhost32.exe | Added by a variant of WORM_AGOBOT.GEN. The file is located in %System% | No |
| Microsoft Autorun4 | X | dllhost32.exe | Detected by Symantec as W32.Ogleon.A | No |
| Windows DLL Host | X | dllhost32.exe | Added by an unidentified WORM or TROJAN! | No |
| Windows Update | X | dllhostup.exe | Detected by Sophos as Troj/Bancban-NB and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| dllhostxp.exe | X | dllhostxp.exe | Browser hijacker and adware downloader | No |
| DLLHost | X | dllhst.exe | Added by the DELBOT-AC WORM! | No |
| Dllhst3g | X | dllhst3g.exe | Detected by Malwarebytes Anti-Malware as Trojan.TDref.Gen. The file is located in %Windir% | No |
| DllHst | X | dllhst3g.exe /waitservice | Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate dllhst3g.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers | No |
| [random CLSID] | X | dllhsts.exe | Detected by Microsoft as Trojan:Win32/Ransom.EJ | No |
| 96e72d757b94bf0979ffd7625b311090 | X | dlllhost.exe | Detected by Dr.Web as Trojan.DownLoader8.17228 and by Malwarebytes Anti-Malware as Trojan.MSIL | No |
| Upme | X | dllman.exe | Added by the SDBOT.ALX WORM! | No |
| Windows Online Updater | X | dllman.exe | Added by the RBOT-TE WORM! | No |
| dlite | X | dllmanager.exe | Added by the WOOTBOT.DN WORM! | No |
| NvCplScan | X | dllmanager.exe | Added by the FORBOT.R WORM! | No |
| Windows Plug and Play Service 32 BIT | X | dllmanager.exe | Added by the RBOT-CGK WORM! | No |
| Microsoft Windows DLL Services Configuration | X | dllmanager32.exe | Detected by Sophos as W32/Sdbot-BTU | No |
| Microsoft Connection Manager | X | dllmanger.exe | Added by the RBOT.RG WORM! | No |
| DLL32 | X | dllmem32.exe | Added by the KWBOT.E WORM! | No |
| Microsoft DLL Host Service | X | dllmemhost.exe | Added by the SLENFBOT.BM WORM! | No |
| Microsoft DLL Manager | X | dllmgr.exe | Added by the SDBOT-KJ WORM! | No |
| Module Loader | U | DLLML.exe | Creative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixing | No |
| AudioDrvEmulator | U | DLLML.exe AudDrvEm.dll | Creative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixing. This instance is related to an Audio Emulator function | No |
| RCSystem | U | DLLML.exe RCSystem | Creative DLL Module Loader for the Sound Blaster range of internal and external soundcards. Used to load modules such as remote control or mixing. This instance appears to be related to a Remote Control function | No |
| DLL Manager | X | dllmngr32.exe | Added by the RBOT.AAT BACKDOOR! | No |
| Microsoft DLL Monitor | X | dllmon32.exe | Added by the AGENT.WP WORM! | No |
| Microsoft DLL Monitor | X | dllmon64.exe | Added by the SLENFBOT.DY WORM! | No |
| Microsoft DLL Monitor | X | dllmonitor.exe | Added by the SLENFBOT.DR WORM! | No |
| Microsoft Dll Printer Manager | X | dllpt.exe | Added by the SDBOT.BIH WORM! | No |
| HKCU | X | Dllrecover.exe | Detected by Sophos as Mal/MSIL-FW and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| HKLM | X | Dllrecover.exe | Detected by Sophos as Mal/MSIL-FW and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen | No |
| Policies | X | Dllrecover.exe | Detected by Sophos as Mal/MSIL-FW and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen | No |
| Dllreg | X | dllreg.exe | Added by the CRYPTER.A TROJAN! | No |
| run= | X | dllreg.exe | Added by the DUMARU-L TROJAN! | No |
| Windows 32-bit DLL Integrity Verifier | X | dllrun.exe | Added by Remote Storm - a remote control tool that is a network application that allows users to manage and control PCs or networks from a remote location | No |
| Microsoft Windows Services Edt | X | dllrun32.exe | Added by the RBOT-GAF WORM! | No |
| Microsoft DLL Authentification | X | dllsecure.exe | Added by the SLENFBOT.BN WORM! | No |
| Microsoft DLLSet32 | X | dllset32.exe | Added by the RBOT.OZ WORM! | No |
| Microsoft DLL Source | X | dllsrc.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| RegScan | X | DLLSRV32.EXE | Added by the AGOBOT.AEW WORM! | No |
| DLLService32 | X | dllsvc32.exe | Added by the AGOBOT.VX WORM! | No |
| MS DLL Library Manager | X | dllsys64.exe | Detected by GFI as Trojan.Ranky. The file is located in %System% | No |
| Dllbin32 | X | dllsysbin.exe | Added by the SLINBOT.FU BACKDOOR! | No |
| DLLUPDATE32 | X | dllupdate32.exe | Detected by Trend Micro as WORM_AGOBOT.IA | No |
| [empty] | X | dllvirtual.dll | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No |
| [empty] | X | dllvirtual.exe | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No |
| [empty] | X | dllvirtual.js | Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field | No |
| Dial22 | X | dlm.exe | Adult content dialler | No |
| Dial33 | X | dlm.exe | Adult content dialler | No |
| DLM.exe | N | DLM.exe | IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser | No |
| igndlm.exe | N | DLM.exe | IGN Download Manager for managing downloads from FilePlanet.com | No |
| DLink System Tray | U | dlnetst.exe | Related to D-Link DGE-530T PCI card for servers and workstations | No |
| MSConfig | X | dlnf.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% | No |
| msvccc66 | X | dload.exe | Added by a variant of Win32/Rbot | No |
| Cliente DLO | Y | DLOClientu.exe | Part of the backup suites from Veritas - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| DLO Agent | Y | DLOClientu.exe | Part of the backup suites from Veritas - Backup Exec and NetBackup. Both have now been replaced by their Symantec equivalents since they acquired VERITAS in 2005 | No |
| Symantec Backup Exec Desktop Agent | Y | DLOClientu.exe | Part of Symantec's Backup Exec backup software | No |
| Symantec NetBackup Desktop Agent | Y | DLOClientu.exe | Part of Symantec's NetBackup backup software | No |
| DLPSP | U | DLPSP.EXE | Dell laser printer status monitor | No |
| dlRB | X | dlRB.vbs | Detected by Malwarebytes Anti-Malware as Script.Reboot.Agent. The file is located in %System% | No |
| li-speed**** | X | dlres.exe | Adult web-dialler - **** is random | No |
| dlsp2mx | X | dlsp2mx.exe | Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx" | No |
| DLT | ? | dlt.exe | ?? | No |
| dluca | X | dluca.exe | Added by the DLUCA.C TROJAN! | No |
| dluxde | X | dluxde.exe | All-In-One-Telcom (adult content dialler) variant | No |
| Dluxjp | X | Dluxjp.exe | Added by the DLUCA.D TROJAN! | No |
| dm***.exe [* = random char] | X | dm***.exe [* = random char] | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| DualMatching | X | dm.exe | Detected by Symantec as Trojan.ADH and by Malwarebytes Anti-Malware as Adware.AdKong. The file is located in %ProgramFiles%\dm | No |
| Auto Update | X | dma.exe | Added by the RBOT-AVO WORM! | No |
| DMAScheduler | N | DMAScheduler.exe | Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems | No |
| DMC | X | dmc.exe | Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! | No |
| Crusty | X | dmcpl.exe | Added by the RUSTY WORM! | No |
| ATKMEDIA | U | DMEDIA.EXE | Driver for the media buttons on the front of some Asus laptops, such as Forward,back,stop,pause etc | No |
| InControl Desktop Manager | N | DMHKEY.EXE | For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start → Programs | No |
| DMILDR | N | dmildr.exe | Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start → Programs | No |
| dmime | X | dmime.exe | Malware installed by different rogue security software including SpyKillerPro | No |
| DMISL | N | DMISL.EXE | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| DMISLAPP | N | DMISLAPP.exe | DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information | No |
| iktc | X | dmiy.exe | Added by the AGENT-RDY TROJAN! | No |
| dmjay | ? | dmjay.exe | ?? | No |
| DMHotKey | U | DMLoader.exe | HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1 | No |
| dmloader | X | dmloader.exe | Added by a variant of Win32/Rbot | No |
| DSService | X | dmrss.exe | Added by the AGOBOT-XX WORM! | No |
| DriverMagicLogon | U | dmschedule.exe | Part of DriverMagic - "the easiest way to locate device drivers" | No |
| DM_server | X | dmserver.exe | Comet Cursor adware | No |
| PlaySys | X | dmsplay.exe | Detected by Dr.Web as Trojan.DownLoader6.61248 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Dmsvc32 | X | Dmsvc32.exe | Detected by Trend Micro as WORM_AGOBOT.ABU | No |
| Windows driver update | X | dmsvc32.exe | Added by the SDBOT-GP BACKDOOR! | No |
| Dmtdll | X | dmtdll.exe | Added by the GEMA TROJAN! | No |
| DmwClient | U | dmwclient.exe | DMW "anti-cheating" software for online gaming | No |
| DMXLauncher | U | DMXLauncher.exe | Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files | No |
| dm[3 random letters].exe | X | dm[3 random letters].exe | Added by the RUINDEM TROJAN! | No |
| DM mgr | X | dm_mgr.exe | Added by the JITTAR TROJAN! | No |
| Windows Data Serivce | X | dn.exe | Added by the AGENT-NK MALWARE! | No |
| Dnar | N | Dnar.exe | Installed on some Dell workstations and DMI related. Tries to access the internet and is known to not be required - but what does it do? | No |
| Dancer | U | DncLE.exe | Part of Microsoft Plus! Digital Media Edition - see here | No |
| dndsioc | X | dndsioc.exe | Added by the ONLINEGAMES.ALLM TROJAN! | No |
| distributed.net client | U | DNETC.EXE | Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses | No |
| Microsoft Update Protection | X | dnetc.exe | Detected by Dr.Web as Trojan.DownLoader8.31919. Note - this entry loads from the Windows Startup folder and the file is located in %ProgramFiles%\dnetc | No |
| Windows Update Files | X | dnetc.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %ProgramFiles%\microsoft hardware | No |
| DNHelper32 | X | DNHlp32.exe | Added by an unidentified WORM or TROJAN! | No |
| wpqggej | X | dnierjk.exe | Added by the FANBOT-F WORM! | No |
| DNS2GoClient | ? | dns2goclient.exe | DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required? | No |
| winhelp | X | dns32.exe | Added by a variant of Win32/Rbot | No |
| dnscleaner | X | dnscleaner.exe | CoolWebSearch parasite variant | No |
| DNSE | X | DNSE.exe | Part of rogue security tools, including WinAntiVirus Pro 2007, PcTurboPro and SystemDoctor | No |
| Microsoft System Service | X | dnservice.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| DNSCacheBoost | X | dnsping.exe | Added by the DNSBUST-A TROJAN! | No |
| DNS Service | X | dnsresolver.exe | Added by the RBOT-PQ WORM! | No |
| Domain Name Resolve Service | X | dnsresolver.exe | Added by the KIMAN.A WORM! | No |
| Dns Resolver | X | dnsrslve.exe | Detected by Sophos as W32/Rbot-WS | No |
| NAV Auto Protect | X | dnsserv.exe | Added by the SDBOT.AQZ WORM! | No |
| DNS Service | X | dnssvc.exe | Added by the DELBOT-Z WORM! | No |
| SiS Dns | X | dnssvc.exe | Added by the DLOADER-UE TROJAN! | No |
| ntupdate | X | dnsvc.exe | Added by the SDBOT-TC WORM! | No |
| dnswin | X | dnswin.exe | Added by the AGENT.CE BACKDOOR! | No |
| Dns Server | X | dnswn.exe | Detected by Trend Micro as WORM_RBOT.APK | No |
| DNXVC | ? | dnxvc.exe | ?? | No |
| doc | X | doc.exe | Added by the AGOBOT-BJ WORM! | No |
| BayMgr | U | DockApp.exe | Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices | No |
| Document Manager | U | docmgr.exe | Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption" | No |
| DocTor | X | Doctor.exe | Detected by Trend Micro as WORM_DOTOR.A | No |
| NDoctorCom | X | DoctorComLaunch.exe | DoctorCom rogue security software - not recommended, removal instructions here | No |
| DoctorSecurityMain | X | DoctorSecurity.exe | DoctorSecurity rogue security software - not recommended, removal instructions here | No |
| DoctorV | X | DoctorVLaunch.exe | DoctorV rogue security software - not recommended, removal instructions here | No |
| Document | X | Document.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %MyDocuments% | No |
| msword | X | docx.exe | Added by the CODOX-A WORM! | No |
| Microsoft UpMachine | X | doezs.exe | Detected by Trend Micro as WORM_RBOT.BCT | No |
| Doing | ? | doing.exe | ?? | No |
| doit.exe | X | doit.exe | Added by the FORBOT-EK WORM! | No |
| dolkeavukzag | X | dolkeavukzag.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here | No |
| DolphinsScreenServerSvc | U | DolphinsScreenServer.exe | Screensaver for the Miami Dolphins NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supported | No |
| dom | X | dom.exe | Detected by Sophos as Troj/Agent-VGA and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Domino | N | Domino.EXE | Vimicro based webcam driver - as used by both internal (laptop) and external webcams from Vimicro themselves, A4tech, Canon and others | No |
| don't see | U | don't see.exe | Don't See! French parental control software by Remy Delefosse | No |
| don | X | don.exe | Detected by Dr.Web as Trojan.DownLoader6.60182 and by Malwarebytes Anti-Malware as Trojan.Agent.Gen | No |
| Windows Firewall | X | done2.exe | Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData% | No |
| Don't Panic | U | dontpanicdemodp.exe | 30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" | No |
| donx | X | donx.exe | Detected by Symantec as Infostealer.Donx and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| doopp | X | doop32.exe | Detected by Sophos as Troj/Agent-TKD | No |
| WindowsServer | X | door.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir%\Web | No |
| Dopus | U | dopus.exe | Directory Opus - a file manager from GPSoft | No |
| Directory Opus Desktop Dblclk | Y | dopusrt.exe | Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more" | No |
| doqmalnapoqs | X | doqmalnapoqs.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% | No |
| wersds | X | doriot.exe | Added by the JECT.C TROJAN! | No |
| wersds.exe | X | doriot.exe | Detected by Sophos as Troj/BagleDl-A | No |
| wpds.exe | X | doriot.exe | Added by the SMALL-KY TROJAN! | No |
| doro-search | X | doro-searchUp.exe | Detected by Malwarebytes Anti-Malware as Adware.Nieguide. The file is located in %ProgramFiles%\doro-search | No |
| DoroServer | N | DoroServer.exe | Doro PDF Writer from The SZ Development. All what you need for creating pdf files | No |
| WIN32 DDOSSER | X | dos.exe | Added by the KELVIR.F WORM! | No |
| Window Loader | X | Dos32.exe | Detected by Symantec as W32.HLLW.Gaobot.AO | No |
| dos | X | dos64.exe | Adware downloader trojan | No |
| doscp | X | doscp.exe | Added by the TATERF-AH WORM! | No |
| Auto Start | X | dosin.exe | Added by the SDBOT-GO BACKDOOR! | No |
| Configuration Loader | X | dosrun32.exe | Detected by Symantec as W32.HLLW.Gaobot.AO | No |
| Windows DOS | X | dosw.exe | Added by the SALAY-A WORM! | No |
| Dot1XCfg | X | Dot1XCfg.exe | Added by the AGOBOT.EA TROJAN! | No |
| doublevaccine | X | doublevaccineu.exe | DoubleVaccine rogue security software - not recommended. One of the OneScan family of rogue scanner programs | No |
| Dowmingzu | X | Dowmingzu.dll.vbs | Added by the SOLOW-E WORM! | No |
| down | X | down.exe | Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\programdata | No |
| Down2Home | U | Down2Home.exe | Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred" | No |
| DownNow | X | downite.exe | Added by the SDBOT.BOA WORM! | No |
| Download Windows 32 64 Bit Gratis Full Version Full Speed | X | Download Windows 32 64 Bit Gratis Full Version Full Speed.exe | Detected by Malwarebytes Anti-Malware as Trojan.Downloader.AI. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| 883760087203c8f5444f9b964f8172ae | X | download.exe | Detected by Malwarebytes Anti-Malware as Trojan.Facebook. The file is located in %UserTemp% | No |
| DealHelperDown | X | download.exe | Detected by Symantec as Adware.DealHelper | No |
| Eac Download | X | download.exe | Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here | No |
| DGStart | X | downloadgetupgrade.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %AppData%\DownLoadGet | No |
| DGup2Start | X | downloadgetuphp.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %AppData%\DownLoadGet | No |
| Download Plus | X | DownloadPlus.exe | DownloadPlus adware | No |
| eBot | N | DownloadWizard.exe | eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start → Programs | No |
| Download Wonder | N | DownloadWonder.exe | Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features | No |
| Digital River eBot | N | downlo~1.exe | Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here | No |
| MicrosoftUpdate | X | downnew.exe | Detected by Sophos as Troj/Tanto-D and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| downs | X | downs.exe | Added by the BCKDR-MNR TROJAN! | No |
| Downs | X | DownsCK.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %ProgramFiles%\Downs | No |
| Downxz | X | Downxz.bat | Detected by Symantec as W32.Mydoom.W@mm | No |
| Dsi | X | dp-******.exe | Added by an unidentified adware where ****** are random characters | No |
| Dsi | X | dp-him.exe | Added by the MULTIDR-AH TROJAN! | No |
| Don't Panic! | U | DP.EXE | Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite" | No |
| DpAgent | Y | dpagent.exe | Part of the DigitalPersona range of fingerprint authentication applications - which are use to replace passwords with fingerprint recognition. Included on some Dell laptop models (such as the Vostro 1720) for example | No |
| DPAgnt | N | DPAgnt.exe | digitalPersona fingerprint scanner | No |
| DPASUpdate | Y | DPASAutoUpdate.exe | Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| DPAS | Y | DPASNT.exe | DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1 | No |
| DOPCNOW | X | dpc32.exe | Detected by McAfee as Generic PWS.yk and by Malwarebytes Anti-Malware as Trojan.Agent.DPC | No |
| Dpcnav | Y | dpcnav.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| DPConfig | N | DPConfig.exe | Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed | No |
| dpcproxy | X | dpcproxy.exe | Added by the GOLDENP-A TROJAN! | No |
| DPCProxyLoadOnStartup | Y | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| Dpcstart | Y | dpcstart.exe | DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access | No |
| Disk Panel Configuration | X | dpcsvc.exe | Added by the IRCBOT.BSQ BACKDOOR! | No |
| dpi | X | dpi.exe | Delfin PromulGate adware | No |
| dplaysvr | X | dplaysvr.exe | Detected by Dr.Web as Trojan.DownLoader5.44620 | No |
| NDPS | U | DPMW32.EXE | Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature | No |
| dpnsvr32 | X | dpnsvr32.exe | Detected by Sophos as Troj/AOLPass-B | No |
| Don't Panic Pop-Up Stopper | U | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| dpps2 | U | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| Pop-Up Stopper | U | dpps2.exe | Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group | No |
| Edzy AntiVirus | X | dppsfa.exe | Added by a variant of Win32/Rbot | No |
| dps | X | dps.exe | SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover" | No |
| DTRSFRNFYM | X | dpserialo.exe | Detected by Malwarebytes Anti-Malware as Adware.SanctionedMedia. The file is located in %System% | No |
| dptracker | N | dptracker.exe | CamTrack webcam software that enhances the way people video chat | No |
| XSRBYJSF | X | dpwsock5.exe | Detected by Dr.Web as Trojan.DownLoader8.24053 and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| Microsoft Update | X | dqbxhupdt | Added by a variant of the SDBOT WORM! See here | No |
| ddqdsxnfqs | X | dqddss.exe | Added by the SDBOT.AEL WORM! | No |
| ffeqfqs | X | dqddss.exe | Added by the SDBOT-SG WORM! | No |
| dr-info | X | dr-inforun.exe | Detected by McAfee as Downloader.a!tq and by Malwarebytes Anti-Malware as Rogue.DrInfo | No |
| DivX MediaPlayer 7.0 | X | Dr.DivX.exe | Added by the ALADINZ.G BACKDOOR! | No |
| Speedtouch USB Diagnostics | U | Dragdiag.exe | For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) | No |
| DragDrop | N | DragDrop.exe | Toshiba CD/DVD burning utility - see here | No |
| Drag'n Drop CD | N | DragDrop.exe | Toshiba CD/DVD burning utility - see here | No |
| Drag'n Drop CD+DVD | N | DragDrop.exe | Toshiba CD/DVD burning utility - see here | No |
| EleFunAnimatedWallpaper | U | Dragon-Fly.exe | Dragon-Fly animated wallpaper from | No |
| DrAntispy | X | DrAntispy.exe | DrAntiSpy rogue security software - not recommended, removal instructions here | No |
| Windows Update Draven | X | draven.exe | Detected by Trend Micro as WORM_SDBOT.AXB and by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| DrBoan | X | DrBoan.exe | dr.Boan rogue security software - not recommended, removal instructions here | No |
| run= | X | DRDOOM.EXE | Added by the SEMAPI-A WORM! | No |
| Drag-to-Disc | N | DrgToDsc.exe | System Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menu | Yes |
| DrgToDsc | N | DrgToDsc.exe | System Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menu | Yes |
| RoxioDragToDisc | N | DrgToDsc.exe | System Tray access to Roxio Drag-to-Disc - part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly and available via the Start menu | Yes |
| Dr. Guard | X | drguard.exe | Dr. Guard rogue security software - not recommended, removal instructions here | No |
| KE9801 | U | DriBat32.exe | KE9801 multimedia keyboard driver - required if you use the multimedia keys | No |
| dried.exe | ? | dried.exe | ?? | No |
| Microsoft Update | X | drive.exe | Added by the BIFROSE-PN WORM! | No |
| DriveIcons | U | DriveIcon.exe | Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers | No |
| audiodriver | X | driver.exe | Detected by Dr.Web as Win32.HLLW.Autoruner.55901 and by Malwarebytes Anti-Malware as Trojan.Fakealert | No |
| drv | X | driver.exe | Added by the AUTORUN.ZZ WORM! | No |
| Rising Driver | X | driver.exe | Added by the SILLYFD-TL WORM! | No |
| [various names] | X | driver32.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| [various names] | X | driver64.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| MicrosoftKs | X | Drivers.bat | Added by the SHUTDOWN-F TROJAN! | No |
| win32 | X | drivers.vbs | Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Trojan.Agent.VBGen | No |
| AXIS Print System DriverScanner | U | DriverScanner.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| AXIS Print System DriverServer | U | DriverServer.exe | Part of AXIS Print System from AXIS Communications - "adds printer discovery, printer driver installation printing on Windows platforms. Printing is enabled by AXIS Print Monitor, which is one of the components. Another component in AXIS Print System is AXIS IP Installer." Now discontinued | No |
| DriveSelect | N | driveselect.exe | DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start → Programs | No |
| DriveSitter | U | DriveSitter.exe | "DriveSitter is a deluxe hard disk drive diagnostic and background monitoring tool. Based on the well proven S.M.A.R.T. (Self-Monitoring Analysis and Reporting Technology), it reliably detects and forecasts up to 70% of all HDD crashes before they occur!" | No |
| Modulo_administrativo | X | drivesom.exe | Added by the VB.WWI TROJAN! | No |
| Nero DriveSpeed | N | DriveSpeed.exe | Utility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drives | No |
| DRIVES~1 | N | DRIVES~1.EXE | Utility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drives | Yes |
| DriveSpeed Application | N | DRIVES~1.EXE | Utility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drives | Yes |
| Nero DriveSpeed | N | DRIVES~1.EXE | Utility included with some Nero digital media suites (CD/DVD burning, authoring, etc) which allows the user to set the reading speed an spin down time of a CD/DVD drive on-the-fly - typically to avoid read errors on discs with surface scratches and to reduce the noise on high-speed drives | Yes |
| Systems Service | X | drivex.exe | Added by a variant of Win32/Rbot | No |
| Drive Xpert | U | DriveXpert.exe | Hard drive management utility included with some ASUS motherboards. "Without drivers or BIOS setups, the ASUS exclusive Drive Xpert is ideal for anyone who needs to secure data on their hard drives or enhance hard drive performances without the hassles of complicated configurations" | No |
| Teth | X | drle.exe | PurityScan adware | No |
| (Default) | X | Drm.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Bot. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %AppData% | No |
| drm | X | drm.exe | Detected by Kaspersky as Trojan.Win32.Swisyn.bpqf and by Malwarebytes Anti-Malware as Trojan.VBInject | No |
| DRM Upgrade | X | drmupgd.exe | Added by the IRCBOT.AWU BACKDOOR! | No |
| Drmupgds | X | Drmupgds.exe | Maxfiles adware | No |
| Dropbox | N | Dropbox.exe | System Tray access to the Dropbox online storage service which provides 2GB of space for free for you to save, sync and share files | Yes |
| [random name] | X | dropped.exe | Added by the VERTEXBOT BACKDOOR! | No |
| vnet | X | dropped.exe | Detected by McAfee as Generic.bfr!do and by Malwarebytes Anti-Malware as Trojan.Agent.AI | No |
| DropRum.exe | X | DropRum.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.FXD. The file is located in %LocalAppData%\FFoxDost | No |
| DrPcFree | X | DrPFUpdate.exe | Detected by Dr.Web as Trojan.DownLoader5.24152 | No |
| DrProtection | X | DrProtection.exe | DrProtection rogue security software - not recommended | No |
| 0003d449 | X | drprov32.exe | Added by the WEBPREFI-B TROJAN! | No |
| WSAConfiguration | X | drrss.exe | Added by a variant of the AGOBOT WORM! | No |
| STManager | N | drst.exe | Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here | No |
| MicrosoftDriverService32 | X | drsys32.exe | Added by the IRCBOT.AKX BACKDOOR! | No |
| Explorer | X | drv.exe | Added by the SMALL-FD TROJAN! | No |
| syspath | X | drv.exe | Added by the SOBER WORM! | No |
| drvddll.exe | X | drvddll.exe | Added by the BEAGLE.AP WORM! | No |
| Drvddll_exe | X | drvddll.exe | Added by the BEAGLE.X WORM! | No |
| DLLCONFIG32 | X | drvdsk32.exe | Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot | No |
| DrvIcon | U | DrvIcon.exe | Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar' | No |
| DrvListnr | ? | DrvListnr.exe | Analog Devices SoundMax integrated soundcard related. What does it do and is it required? | No |
| drvlsnr | U | drvlsnr.exe | Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly | No |
| main_module | X | drvmmx32.exe | Detected by Kaspersky as Trojan-Downloader.Win32.Dila | No |
| DrvMon.exe | U | DrvMon.exe | Alcor drive monitor software | No |
| drvnetw | X | drvnetw.exe | Added by the BROGGER-B TROJAN! | No |
| drvr32h | X | drvr32h.exe | Added by an unidentified VIRUS, WORM or TROJAN! | No |
| drvrmanager | X | drvrquery32.exe | Added by the BOOHOO WORM! | No |
| avidrv | X | drvsc.exe | Detected by Kaspersky as the AGENT.PH TROJAN! | No |
| drvsys.exe | X | drvsys.exe | Added by the BEAGLE.W WORM! | No |
| [default] | X | DrWatson32.exe | Added by the DREMN TROJAN! | No |
| DrWatson | X | drwatson_.exe | Added by the LOHAV-S TROJAN! | No |
| DrWatson | X | drwatson_32.exe | Added by the LOHAV-S TROJAN! | No |
| Sync Server | X | drwatsoon.exe | Added by the WATSOON.A TROJAN! | No |
| DrWeb Antivirus | X | DRWEBAV.EXE | Added by an unidentified WORM or TROJAN! | No |
| Drwebscheduler | Y | Drwebscd.exe | DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem | No |
| DrWindows | N | DrWindows.exe | Dr.Windows is "a harmless joke/prank/trick program that will periodically display funny joke error messages to unsuspecting users" | No |
| COM+ Event System | X | DRWTSN16.EXE | Added by the LOVGATE.AB WORM! | No |
| DR_S | X | DR_S.exe | IstBar adware | No |
| ds | X | ds.exe | Added by the SPYMON TROJAN! | No |
| dsa | X | dsa.exe | Homepage hijacker - redirecting to downseek.com | No |
| DASDS VSAVdjs | X | dsabdw.exe | Added by the SDBOT-RE WORM! | No |
| Answer Problem | X | dSAFsqs.exe | Added by the SDBOT-SC WORM! | No |
| DellSupport | U | DSAgnt.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| dsadlsa14 | X | dsakfsak14.exe | Added by the ONLINEG-P TROJAN! | No |
| Windows Service Agent | X | dsass.exe | Added by the RBOT.MIRCO.BNG WORM! | No |
| DSB | X | DSB.exe | EnergyPlugin adware | No |
| dsbua.exe | X | dsbua.exe | Detected by Dr.Web as Trojan.Disabler.84 and by Malwarebytes Anti-Malware as Trojan.Agent. The file location varies | No |
| Desktop Service Centre | N | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| dsc | X | dsc.exe | Added by the AGENT-SYC TROJAN! | No |
| OptusNet Desktop Service Centre | N | DSC.exe | OptusNet DSL or Dial-Up connection software | No |
| dscactivate | U | dsca.exe | Dell Support Agent offers additional support and update features for your Dell computer or laptop | No |
| DS Clock | U | dsclock.exe | Digital desktop clock including synchronization with atomic servers - see here | No |
| DSentry | N | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| DVDSentry | N | DSentry.exe | Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts | No |
| Absolute Shield | U | dseraser.exe | Absolute Shield Evidence Eliminator - internet history eraser | No |
| rCron | X | dservice.exe | PageOn1 - Switch dialer and hijacker variant, see here | No |
| Windows Reg Services | X | dservice.exe | Added by the PRORAT-D TROJAN! | No |
| daskaskfsak6 | X | dsfids6.exe | Added by the ONLINEG-J TROJAN! | No |
| Sharing and Mapping Software | Y | DShmap.exe | Intel AnyPoint internet sharing software. Now discontinued | No |
| SIDEBAR | N | dsidebar.exe | "Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control" | No |
| Dskcompat | X | Dskcompat.exe | Added by the GEMA TROJAN! | No |
| DSKEY | U | DsKey.exe | Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers | No |
| DSLagentexe | Y | DSLagent.exe | Used in conjunction with USB connected ADSL modems from Eicon Networks (now Dialogic). Required for a permanent ADSL connection | No |
| YAMAHA DS-XG Launcher | N | dslaunch.exe | System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups | No |
| ASDPLUGIN | X | dsldbaccess.exe | AsdPlug premium rate adult content dialer | No |
| ASDPLUGIN | X | dslgeaccess.exe | AsdPlug premium rate adult content dialer | No |
| DropSpam Lifestyle | X | dslifestyle.exe | Detected by McAfee as Adware-DropSpam | No |
| DSLMON | Y | DSLMON.exe | Sagem based DSL modem related - apparently needed to detect the modem | No |
| DSLSTATEXE | U | dslstat.exe | System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) | No |
| AvSer | X | dsm.exe | Added by the SERFLOG.B WORM! | No |
| DsmSer | X | dsm.exe | Added by the SERFLOG.B WORM! | No |
| rollbk | X | dsm.exe | Added by the SERFLOG.B WORM! | No |
| dsmsys | X | dsmsys.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir% | No |
| adi DSndUp | Y | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| DSndUp | Y | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| SpkrCnfg | Y | DSndUp.exe | Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards. It's exact purpose is unknown at the present time but from the filename it's probably used to configure the default or generic speaker arrangement for the system it's used on | Yes |
| dso32 | X | dsoqq.exe | Detected by Sophos as W32/Taterf-AO | No |
| DSSSGENS | ? | dssagens.exe | ?? | No |
| DSS | X | dssagent.exe | Registration reminder for Mattel Interactive (Broderbund) applications and games. Spyware as it sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info | No |
| HARRRRR | X | dssdfdfd.exe | Detected by McAfee as BackDoor-EKP and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| DsSearchBarOS | X | DsSearchBar.exe | Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %ProgramFiles%\Downs\DsSearchBar | No |
| [various names] | X | dstart2.exe | Adware - detected by Kaspersky as the SMALL.ALW TROJAN! | No |
| Windows Service | X | dstart4.exe | Added by an unidentified TROJAN! The file is located in %System% | No |
| DAEMON Tools Pro | N | DTAgent.exe | System Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot | Yes |
| DAEMON Tools Pro Agent | N | DTAgent.exe | System Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot | Yes |
| DTAgent | N | DTAgent.exe | System Tray access to DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot | Yes |
| DT 11Mbps WLAN PC Card Station | U | DTCARDMonitor.exe | 11Mbps PC Card based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| SkinClock | U | DTClock.exe | Desktop Tray Clock by Drive Software - "highly customizable, feature-rich clock that takes the place of the standard Windows clock on your system tray" | No |
| DT HPW | U | DTHtml.exe | HP My Display from HP. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| DT Task | U | DTHtml.exe | Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface." Also licensed and renamed by manufacturers such as Gateway (EzTune), HP (HP My Display), Hyundai ImageQuest (ImageTune), LG (forteManager) and ViewSonic (PerfectSuite™ Plus) | No |
| EzTune | U | dthtml.exe | EzTune from Gateway. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| forteManager | U | dthtml.exe | forteManager from LG. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| ImageTune | U | dthtml.exe | ImageTune from Hyundai ImageQuest. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| PerfectSuite | U | dthtml.exe | PerfectSuite™ from ViewSonic. Rebranded version of Display Tune from Portrait Displays, Inc. - which "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface" | No |
| Iomega Backup Scheduler | N | dtiom98.exe | Used by Iomega drives. Details of its purpose can be found here. Available via Start → Programs | No |
| DAEMON Tools Lite | N | DTlite.exe | Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature set | Yes |
| DTlite | N | DTlite.exe | Daemon Tools Lite - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot. This version is free for personal use and has a limited feature set | Yes |
| EDLoader | N | DTLoader.exe | Effective Desktop from MiniStars Software - desktop management software no longer being supported | No |
| atuvp | U | dtor.exe | EZKeylogger keystroke logger/monitoring program - remove unless you installed it yourself! | No |
| [various names] | X | DTOURS.exe | Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page | No |
| DAEMON Tools Pro Agent | N | DTProAgent.exe | System Tray access to an older version of DAEMON Tools Pro - used to create an image of a CD/DVD/Blu-ray disc and mount the created image-file (.iso, .bin, etc) to a virtual CD/DVD/Blu-ray drive. The original can be stored in a safe place and the loading times are significantly reduced as the virtual drive is much faster. Required if you use the automount feature to reload images on a reboot | No |
| DT 11Mbps WLAN USB Station | U | DTUSBMonitor.exe | 11Mbps USB based wireless LAN connection monitor - possibly from Deutsche Telekom | No |
| WinFastDTV | U | DTVSchdl.exe | Scheduler for LeadTech WinFast DTV digital TV products | No |
| DirectX For Microsoft Windows | X | dtxservice.exe | Added by the PROGENT TROJAN! | No |
| DualVaccine | X | DualVaccine.exe | DualVaccine rogue security software - not recommended, removal instructions here | No |
| No-IP DUC | U | DUC20.exe | Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available | No |
| duck | X | duck.exe | Added by the AGOBOT-AVG WORM! | No |
| Direct Update | U | DUControl.exe | DirectUpdate dynamic DNS updater | No |
| DU Meter | N | DUMeter.exe | Hagel Technologies internet bandwidth monitor | No |
| Dumeter Services | X | dumeter.exe | Added by the SDBOT-AEQ WORM! | No |
| NWEReboot | ? | dummy.exe | ?? | No |
| dumprep | X | dump-k.exe | Added by the BUZUS-U WORM! | No |
| Dump | X | Dump.exe | Added by the ZIMUSE WORM! | No |
| dumprep | X | dump.exe | Added by the CODOX-A WORM! | No |
| KERNELFAULTEX | X | dumpkernel.exe | Detected by McAfee as Downloader.a!d2y! and by Malwarebytes Anti-Malware as Trojan.Agent | No |
| vmreg | X | dumpre.exe | Detected by Dr.Web as Trojan.Siggen3.64173 and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| dumprep 0 -k | N | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| kernelfaultcheck | N | dumprep 0 -k | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| dumprep 0 -u | N | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| UserFaultCheck | N | dumprep 0 -u | Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out | No |
| DUN_SERVICES3 | X | dun3.exe | Added by the SOKIRON TROJAN! | No |
| CVHOST | X | Dung.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData% | No |
| dunniscezugx | X | dunniscezugx.exe | Detected by McAfee as Downloader.a!dc3 and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| WindowsUpdateDirect | X | dupadirect.exe | Added by the DUPA-C TROJAN! | No |
| WindowsUpdate | X | [path to file] | Added by the DUPA-B TROJAN! | No |
| DoUWantIt | N | duwi.exe | DoUWantIt - online shopping assistant. Start it manually | No |
| DUX Start | X | DUX.exe | Detected by Malwarebytes Anti-Malware as Trojan.Keylogger. The file is located in %CommonAppData%\XOQCUE | No |
| duxurlarfakk | X | duxurlarfakk.exe | Detected by McAfee as Downloader.gen.a and by Malwarebytes Anti-Malware as Trojan.Agent.US | No |
| Driver Control Manager v5.1 | X | dvadescetr.exe | Added by the AGENT-OVL TROJAN! | No |
| Device Security | X | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| Device Security Manager | X | dvcsecure.exe | Added by a variant of the IRCBOT BACKDOOR! See here | No |
| DVD43 | U | DVD43.exe | DVD43 is a small tool that overrides CSS copy-protection found on DVD movies | No |
| dvd43 | N | DVD43_Tray.exe | DVD43 is a small tool that overrides CSS copy-protection found on DVD movies | No |
| DVD@ccess | N | DVDAccess.exe | Part of DVD Studio Pro from Apple Inc. - "The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer" | No |
| DVDAgent | ? | DVDAgent.exe | Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required? | No |
| Modulo_Ad_Autorizador | X | DVDAgent.exe | Added by the VB.WWI TROJAN! | No |
| DVDBitSet | U | DVDBitSet.exe | DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used | No |
| DVD Check | ? | DVDCheck.exe | Related to an old Intervideo (now Corel) program. What does it do and is it required in startup? | No |
| DVDCheck | ? | DVDCheck.exe | Related to an old Intervideo (now Corel) program. What does it do and is it required in startup? | No |
| WatchDog | ? | DVDCheck.exe | Related to an old Intervideo (now Corel) program. What does it do and is it required in startup? | No |
| Dvdcompat | X | Dvdcompat.exe | Added by the GEMA TROJAN! | No |
| DVDFab Passkey | N | DVDFabPasskey.exe | "DVDFab Passkey by Fengtao Software Inc. - "is a great DVD/Blu-ray decrypter which is powerful to remove almost all known DVD and Blu-ray copy protections to decrypt any protected DVD/Blu-ray and allows you to watch them freely, or use any other software to access and edit the movie content as you like" | No |
| DVDXGhost | N | DVDGhost.EXE | DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" | No |
| DVDLauncher | N | DVDLauncher.exe | Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion | No |
| UltraDVDMon | ? | DVDMon.exe | UltraDVD DVD player software - is it required? | No |
| [random name] | X | dvdplay.exe | PurityScan adware | No |
| DvdPlayer | X | DvdPlayer.exe | Detected by Dr.Web as Trojan.KillProc.23363 | No |
| DVDTray | N | DVDTray.exe | HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware | No |
| DVD Upgrade | X | dvdupgd.exe | Added by a variant of the IRCBOT BACKDOOR! | No |
| DVDUpgrade | N | DVDUpgrd.exe | Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start → Programs | No |
| DVDXGhost | U | DVDXGhost.EXE | DVD X Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk" | No |
| Microsoft Time Manager | X | dveldr.exe | Added by the RBOT-HQ WORM! | No |
| Java Update | X | DVhVSMebyisyuHXYtv.exe | Detected by McAfee as Generic Dropper!fhv | No |
| Windows Automatic Updates | X | dvldr.exe | Added by the RBOT.MF WORM! | No |
| messnger | X | Dvldr32.exe | Added by the DELODER.A WORM! | No |
| AidemHotKey | ? | DVMAIN.EXE | Keyboard related | No |
| Dvp95 | Y | Dvp95.exe | Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine | No |
| dvpapi9x | Y | DVPAPI9X.exe | Part of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium and are now Commtouch) | No |
| LoadDvpApi9x | Y | DVPAPI9X.exe | Part of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium and are now Commtouch) | No |
| DvpInitExe | Y | Dvpinit.exe | Part of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium and are now Commtouch) | No |
| Dvprpt | Y | Dvprpt.exe | Part of Commtouch Command Antivirus (was Authentium) | No |
| Dvraudio | X | dvraudio.exe | Added by the GEMA TROJAN! | No |
| DriverConf | X | dvrconf.exe | Added by the AGOBOT-IY WORM! | No |
| Dvrvideo | X | dvrvideo.exe | Added by the GEMA TROJAN! | No |
| DVSync | U | dvsync.exe | DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC | No |
| D_V_T | U | dvt.exe | DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment" | No |
| D_V_T | ? | dvt.exe | Installation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry | No |
| DvVideo32 | X | dvvid32.exe | Added by the TINY.FD TROJAN! | No |
| MSConfig | X | dvynjmsr.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% | No |
| DataViz Inc Messenger | N | DvzIncMsgr.exe | Installed with DataViz Documents to Go - which "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| DataViz Messenger | N | DvzMsgr.exe | Installed with DataViz Documents to Go - which "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts" | No |
| DownloadWare | X | dw.exe | DownloadWare adware | No |
| dw | X | dw.exe | DownloadWare adware | No |
| MediaLoads | X | dw.exe | DownloadWare adware | No |
| MediaLoads Installer | X | dw.exe | DownloadWare adware | No |
| sstata | X | dwdas.exe | Added by the DASDA TROJAN! | No |
| DamedWare Services | X | dwdrce.exe | Added by the RBOT-AOJ WORM! | No |
| {**-**-**-**-**} | X | dwdsregt.exe | ZenoSearch adware variant where ** are random characters | No |
| {1C-CC-C5-54-ZN} | X | dwdsregt.exe | ZenoSearch adware | No |
| {B7-7D-D0-08-ZN} | X | dwdsregt.exe | Added by the AGENT-GBC TROJAN! | No |
| DownloadWare Engine | X | Dwe.exe | DownloadWare adware | No |
| dwgrun | X | dwgrun.bat | Added by the DWGUN.A VIRUS! | No |
| DWHeartbeatMonitor | ? | DWHeartbeatMonitor.exe | Installed alongside the Desktop Weather by The Weather Channel - which provides current temperature, conditions, alerts, etc. Exact purpose unknown at present | No |
| dwintl | X | dwintl.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%\3083 | No |
| dwintl.dll | X | dwintl.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%\3083 | No |
| WindowsTranslator | U | DWinTrsl.exe | Micropower Delta Translator English < > Portuguese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet" | No |
| WindowsTranslator_Espanhol | U | DWinTrsl.exe | Micropower Delta Translator - Spanish < > Portuguese (Brazilian) version - "an automatic, bi-directional machine translation software system that quickly and automatically translates multiple pages, paragraphs, sentences, phrases or just individual words in documents, letters, memos, faxes, reports, manuals, booklets, publications, spreadsheets, e-mail and even web pages as you browse the Internet" | No |
| Driver Wizard | N | DWLauncher.exe | Driver Wizard driver update tool | No |
| D-Link AirPlus G+ Wireless Adapter Utility | U | DWLGTI.EXE | D-Link DWL-G520+ AirPlus G+ Wireless LAN PCI Adapter configuration utility | No |
| a | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserProfile%\Desktop | No |
| b | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserProfile%\Start Menu\Programs | No |
| c | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %MyDocuments% | No |
| d | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserProfile%\Favorites | No |
| dwm | X | dwm.exe | Detected by Malwarebytes Anti-Malware as Spyware.Password. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %AppData% | No |
| dwm | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| dwm | X | dwm.exe | Detected by Sophos as Mal/Agent-WS. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserTemp% | No |
| dwms | X | dwm.exe | Detected by McAfee as RDN/Sdbot.bfr!c and by Malwarebytes Anti-Malware as Backdoor.IRCBot. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %WinTemp%\Cookies | No |
| e | X | dwm.exe | Detected by Dr.Web as Trojan.DownLoader6.5550. Note - this is not the legitimate Desktop Window Manager (dwm.exe) process from Windows 7/Vista which loads as a service and is found in %System%. This one is located in %UserProfile%\Start Menu | No |
| ezfts | X | dwm32.exe | Detected by Malwarebytes Anti-Malware as Trojan.Agent.PS. The file is located in %AppData%\Microsoft\DLL - see here | No |
| PSDRV | X | dwm32.exe | Detected by McAfee as RDN/Generic.dx!xw and by Malwarebytes Anti-Malware as Trojan.Agent.PS | No |
| DigitalWizard Monitor | N | dwMon.exe | InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content | No |
| Sys32bits | X | dwmsys.exe | Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.VIT. The file is located in %Root%\twain_32\wiatwain\wiatwain | No |
| dwmw.exe | X | dwmw.exe | Detected by McAfee as RDN/Generic.tfr and by Malwarebytes Anti-Malware as Backdoor.Agent.DC | No |
| dwn | X | dwn.exe | Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts | No |
| Policies | X | dwn.exe | Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %Root%\Database\Microsoft\Windows\dwn | No |
| Creative Media Blaster | X | dwrdsyetp.exe | Detected by Dr.Web as Trojan.PWS.Siggen1.911 | No |
| DWPersistentQueuedReporting | U | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | No |
| DWQueuedReporting | U | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| dwtrig20 | U | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| Watson Subscriber for SENS Network Notifications | U | dwtrig20.exe | Used to launch Microsoft Error Reporting (DW20.exe) - if, for example, there have been an error downloading malware definition updates for Windows Defender - which gives the user the chance to send the error report to Microsoft to improve their software | Yes |
| apps | X | dx2u12.exe | Detected by Kaspersky as Virus.Win32.Virut.ce and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System% | No |
| DxLoad | X | DX3DRndr.exe | Added by the GIBE.B WORM! | No |
| RunmeAtStartup | X | dx5.exe | Detected by Microsoft as TrojanDownloader:Win32/Bulilit.A | No |
| RunmeAtStartup | X | dx8.exe | Detected by Malwarebytes Anti-Malware as Trojan.ChinAd. The file is located in %Root%\Documents and Settings | No |
| Dx8compat | X | Dx8compat.exe | Added by the GEMA TROJAN! | No |
| DirectX9 Diag | X | dx9diag.exe | Added by the RBOT-ALT WORM! | No |
| DeluxeCommunications | X | Dxc.exe | Deluxe Communications adware - successor to SurfSideKick | No |
| Direct X Direct3D | X | dxd3d.exe | Added by a variant of W32/Sdbot.worm | No |
| dxdiags.exe | X | dxdiags.exe | Added by the CERTIF-G TROJAN! | No |
| DxDialog | X | dxdlg32.exe | Added by the VB-CXT TROJAN! | No |
| dxdllreg | N | dxdllreg.exe | Registers with Windows the DLL (Dynamic Link Library) files that are part of Microsoft DirectX9. Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it after a manual installation or after a new application is installed that also installs DirectX9. This entry should only appear once and can cause boot error messages if it remains so remove it | Yes |
| DXDllRegExe | N | dxdllreg.exe | Registers with Windows the DLL (Dynamic Link Library) files that are part of Microsoft DirectX9. Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it after a manual installation or after a new application is installed that also installs DirectX9. This entry should only appear once and can cause boot error messages if it remains so remove it | Yes |
| dxmsrv | X | dxmsrv.exe | Added by an unidentified WORM or TROJAN! | No |
| Direct X Opengl | X | dxopengl.exe | Added by a variant of the RBOT-CJ WORM! | No |
| Service Manager | X | dxsound.exe | Detected by McAfee as Proxy-Gric | No |
| Dxsty | X | Dxsty.exe | Added by the GEMA TROJAN! | No |
| DirectX Video Driver | X | dxterm5.exe | Added by the WILAB-A TROJAN! | No |
| Dxupdate.exe | X | Dxupdate.exe | Added by the MAFEG WORM! | No |
| dxvid | X | dxvid.exe | Added by the DLUCA-Y TROJAN! | No |
| fddddHOME | X | dxxatp.exe | Added by the RANKY.AA TROJAN! | No |
| Dynamic DHCP | X | dydhcp.exe | Added by the RINBOT.B BACKDOOR! | No |
| STARTUP | X | dylan.exe | Detected by McAfee as RDN/Spybot.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent | No |
| DynDNS Updater | U | DynDNS.exe | Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org | No |
| Symantec Antivirus professional | X | dyndns.exe | Added by a variant of the FORBOT WORM! | No |
| Dynamic Dns Binary | X | dynitora.exe | Added by the RBOT-WT WORM! | No |
| DynHttp Dns Binary | X | dynizari.exe | Added by the RBOT.AUO WORM! | No |
| DynSite | U | DynSite.exe | DynSite - dynamic DNS client, also called an automatic IP updater | No |
| Dynu Basic Client | U | dynubas.exe | Dynu online dynamic IP update client. Useful when using a dial up modem | No |
| DynDNS Updater | U | DynUpPs.exe | DynDNS Updater from Dynamic Network Services - "is a lightweight application designed to keep hostnames in DynDNS' free and paid DNS services up-to-date with your current IP address. This allows one to run Web or e-mail services at home, even on a dynamic IP address" | No |
| boqamah | X | dytevevi.exe | Added by the SDBOT-UH WORM! | No |
| disgx | X | dywwif.exe | Added by the SDBOT.BGF WORM! | No |
| Swdaswdw | X | dywwif.exe | Added by the SDBOT.BGF WORM! | No |
| yoink | X | dywwif.exe | Added by the SDBOT.BGF WORM! | No |
| DZKillMe | ? | DZSAVEME.EXE | ?? | No |
| Windows Reg Services | X | d_service.exe | Detected by Microsoft as Backdoor:Win32/Prorat | No |
If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).
"Status" key:
Variables:
DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.
WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.
To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.
As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.
There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program
NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.
SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.
Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved
| Privacy Policy | Site Map | Home |