Windows startup programs - Database search

Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st May, 2013
32700 items listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
From Registry Editor (Start → Run → regedit): Name, Data
From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
O4 entries from Trend Micro's HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

420 results found for K

Startup Item or Name	Status	Command or Data	Description	Tested
k14rsystemupdater	X	k14rsystemupdater.exe	Detected by McAfee as RDN/Generic.dx!o and by Malwarebytes Anti-Malware as Trojan.Clicker.M	No
ker1nel32	X	k1ernel32.dlI	Detected by McAfee as BackDoor-RP and by Malwarebytes Anti-Malware as Trojan.Delf	No
K2ps_full.task	X	K2ps_full.exe	Added by the JUNTADOR.K TROJAN!	No
K6CPU.EXE	N	K6CPU.EXE	Authenticates CPU as K6 in system properties	No
K7SysMon	Y	K7SysMon.Exe	K7 Computing internet security software - system monitor	No
K7SystemTray	Y	K7SysTry.exe	K7 Computing internet security software - System Tray access/notifications	No
K7TSStart	Y	K7TSecurity.exe	K7 Computing internet security software	No
Launch K9	U	K9.exe	K9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time"	No
anhtaaa	X	kacsde.exe	Added by the FRETHOG-B TROJAN!	No
KADxMain	U	KADxMain.exe	System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops	No
Windows Service Agent	X	kafdprs.exe	Added by the IRCBOT.HDE BACKDOOR!	No
Kagwang	X	kagwang.exe	Detected by Sophos as W32/AutoRun-XU	No
kak	X	kak.hta	Detected by Microsoft as Trojan:JS/Kak.gen. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows starts	No
Kalender	U	Kalender.exe	UK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events"	No
Kalibump	U	Kalibump.exe	Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy	No
kalvsys	X	kalv**32.exe [ = random char]	Detected by Symantec as Trojan.Elitebar	No
kamsoft	X	kamsoft.exe	Detected by Trend Micro as WORM_AUTORUN.BKK	No
fklw32	X	kansas.exe	Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes Anti-Malware as Backdoor.Agent	No
HKCU	X	kansas.exe	Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen	No
HKLM	X	kansas.exe	Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen	No
KanSen	X	KanSen.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%\Microsoft	No
KanSen.exe	X	kansen.exe	Detected by Dr.Web as Trojan.DownLoader7.870	No
4abe0ecee729a9606fbe96765b6f9ff4	X	kar.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%	No
Microsoft Security Monitor Process	X	kar.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
[various names]	X	Kargo.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
karto	X	karto.exe	Detected by Malwarebytes Anti-Malware as Adware.KorAd.Gen. The file is located in %AppData%\kartomizer	No
KartSvr	X	KartSvr.exe	Detected by Dr.Web as Trojan.Siggen3.9504 and by Malwarebytes Anti-Malware as Trojan.Backdoor.SVR	No
Connect Kasamba	U	Kasamba.exe	"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"	No
msennger	X	kasber.exe	Detected by Trend Micro as TROJ_BOTIRC.A and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
Kasper Antivirus	X	KASPERANTIVIRUS.EXE	Added by a variant of the SPYBOT WORM!	No
KasperskyAv	X	kaspersky.exe	Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virus	No
Windows Messenger Service	X	kaspersky.exe	Detected by Trend Micro as WORM_MYTOB.HY	No
Kaspersky Antivirus	X	KasperskyAV.exe	Added by a variant of Win32/Rbot	No
KasperskyAVEng	X	Kasperskyaveng.exe	Added by the NETSKY.V WORM!	No
kaspersky32	X	kasperskyLabs32.exe	Added by the RBOT-GOT WORM!	No
Microsoft	X	kasperskyLive32.exe	Added by the RBOT-GRT WORM!	No
AntiVirus	X	kaspery.exe	Added by a variant of Win32/Rbot	No
KAT	X	KAT.vbs	Added by the SOAD-D WORM!	No
Systray	X	KAT.vbs	Added by the SOAD-D WORM!	No
KatMouse	U	KatMouse.exe	KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc	No
AVP32	X	KAV.exe	Added by the AUTORUN.BCYC WORM!	No
kav	X	kav.exe	Added by the DOGROBOT TROJAN! Note - this is not a valid old version of Kaspersky AV and is located in %System%	No
KAVPersonal50	Y	Kav.exe	Kaspersky Anti-Virus Personal 5.0	No
kviurs	X	kav.exe	Added by the SILLYFDC.BBJ WORM!	No
Protocol Settings	X	kav.exe	Detected by Trend Micro as WORM_RBOT.APZ	No
NvCplScan	X	kav32.exe	Detected by Sophos as W32/Forbot-EW	No
kavir	X	kavir.exe	Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example	No
Kavirs	X	Kavirs.exe	Added by the AGENT-OJC TROJAN!	No
Kavirs1	X	Kavirs1.exe	Added by the AGENT-OPY TROJAN!	No
Lsass	X	kavmm.exe	Added by unidentified malware. Note - do no confuse with the legitimate Kaspersky file described here which is normally located in a sub-folder of %ProgramFiles%\Kaspersky Lab. The one is located in %Root%	No
kava	X	kavo.exe	Detected by Sophos as Troj/Lineag-GLG and by Malwarebytes Anti-Malware as Trojan.Agent	No
Kaspersky Anti-Hacker	Y	KAVPF.exe	Kaspersky Anti-Hacker personal firewall - no longer available	Yes
KavPFW	Y	KavPFW.exe	KingSoft Personal Firewall	No
KavStart	Y	KAVStart.exe	KingSoft Personal Firewall	No
kavsvc	Y	kavsvc.exe	Kaspersky antivirus	No
WIn32S Java DLL	X	kavsvx.exe	Added by the AGOBOT-RZ WORM!	No
KAZAA	N	kazaa.exe	KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it	No
Kazaa lptt01	X	kazaa.exe	RapidBlaster variant (in a "kazaa" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid KaZaA file sharing program which has the same executable name	No
Kazaa ml097e	X	kazaa.exe	RapidBlaster variant (in a "kazaa" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this is not the valid KaZaA file sharing program which has the same executable name	No
kazaalite	N	kazaalite.exe	Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms	No
KaZooM	N	KaZooM.Exe	KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"	No
InternalSystray	X	Kazza.exe	Added by the OPTIXPRO.12.C BACKDOOR! Note - unlike the valid KaZaA executable, this is located in %System%	No
KB00650640.exe	X	KB00650640.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. The file is located in %AppData%	No
KB00674719.exe	X	KB00674719.exe	Added by malware, such as the INJECT-RA, ZBOT-BFC and AGENT-UIN TROJANS and CRIDEX-A WORM!	No
KB01403756.exe	X	KB01403756.exe	Detected by Malwarebytes Anti-Malware as Trojan.Inject. The file is located in %AppData%	No
KB674719.exe	X	KB674719.exe	Added by the RORPIAN-U WORM!	No
KB891711	Y	KB891711.exe	Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup	No
KB918547	Y	KB918547.EXE	Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only	No
KB991869.exe	X	KB991869.exe	Added by the DWNLDR-JGZ TROJAN!	No
KBD	U	KBD.EXE	Multimedia keyboard manager. Required if you use the multimedia keys	No
rugdvvr	X	kbd101O.exe	Added by the AGENT-TOS TROJAN!	No
FLMK08KB	U	KbdAp32A.exe	Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard	No
FLMTRUSTKB	U	KbdAp32A.exe	Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard	No
LWBKEYBOARD	U	KbdAp32A.exe	Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard	No
OFFICEKB	U	kbdap32a.EXE	Keyboard utility for a Micro Innovations brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard	No
QjNEMzI1RUM1RTM5MzMwRU	X	KBDC_2.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile%	No
OTFBNTc1Njg1QjgzRjcwNk	X	kbddms.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserProfile%	No
Kbddrv32	X	kbddrv32.exe	Added by the CRYPTER.A TROJAN!	No
Kbddrvinf	X	kbddrvinf.exe	Added by the CRYPTER.A TROJAN!	No
RDFCNUQzMTAzNEFERDk0QT	X	KBDMdms.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile%	No
kbdmgr	X	kbdmgr.exe	Detected by Microsoft as Backdoor:Win32/Zegost.AD. Note - this entry loads from the Windows Startup folder	No
NjkyQUEzNEVCRkI0NUNEMz	X	kbdmwma.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile%	No
Kbdrvinf	X	kbdrvinf.exe	Added by the CRYPTER.A TROJAN!	No
KBD	U	KbdStub.EXE	Key Watcher from HP - watches for Multimedia Keys on HP keyboards	No
QUNGMzk1OUJCOTg1QjYxNk	X	kbdWMV.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
KbEkKJuBmaVdP	X	KbEkKJuBmaVdP.exe	Added by the FAKEAV-DIM TROJAN!	No
QUNGMzk1OUJCOTg1QjYxNk	X	kbfde.exe	Detected by Dr.Web as Trojan.DownLoader6.60462 and by Malwarebytes Anti-Malware as Trojan.Agent	No
M0I2NTU3ODQwNUYyMEVEM0	X	KBiphl.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakePDF. The file is located in %UserProfile%	No
WinServiceUpdate	X	kbmsjeto.exe	Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %UserProfile%	No
TypingSatellite	N	KBOOST.exe	TypingMaster background utility that collects typing errors and builds up customised typing lessons for your needs	No
KBOXUserExtension	?	KBOXUserExtension.exe	Related to the Dell KACE KBOX asset management products	No
KBR95674904.exe	X	KBR95674904.exe	Added by the BCKDR-RHB BACKDOOR!	No
XP HOT FIS	X	kbx.exe	Added by the FORBOT-GS WORM!	No
KB[random numbers]	X	KB[random numbers].exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.KB. The file is located in %LocalAppData%\KB[random numbers]	No
KB[random numbers].exe	X	KB[random numbers].exe	Detected by Trend Micro as BKDR_CRIDEX.CHX and by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %AppData% or a sub-folder	No
Malware Destructor	X	KB[random numbers].exe	Malware Destructor 2011 rogue security software - not recommended, removal instructions here	No
KCeasy	N	KCeasy.exe	KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella	No
cpqek	U	kcpqek.exe	For Compaq PC's. Easy Access button support for the keyboard	No
Kcrner	X	Kcrner.exe	Added by the LINEAG-AIL TROJAN!	No
g98o	X	kctqfqff.exe	Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.VB. The file is located in %System%	No
Windows Update	X	kdb34894234.exe	Detected by Symantec as Trojan.Syginre and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
KDGJBRVYXQCV	X	KDGJBRVYXQCV.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
MicroSoft ssadssjdhasjadas3s1	X	kdjfsdklfjsl.exe	Added by the SDBOT.AEX WORM!	No
Mabochine Deybug Malnager	X	kdm.exe	Added by the SDBOT-SD WORM!	No
Keyspan Digital Media Remote	U	KDMRdmn.exe	Remote control driver for Keyspan Digital Media Remote devices	No
Kernel Video Driver	X	kdvhost.exe	Detected by Ikarus as Backdoor.Rbot. The file is located in %System%	No
Microzoft_Ofiz	X	KdzEregli.exe	Added by the AMUS.A WORM!	No
KeApplet	X	ke64dyshrmlfu.exe	Detected by Sophos as Troj/ZBot-AXH and by Malwarebytes Anti-Malware as Trojan.Agent	No
KeApplet	X	ke64jlnfhw.exe	Detected by Kaspersky as Backdoor.Win32.Agent.bqin and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp%	No
Keenvalue	X	Keenvalue.exe	KeenVal adware	No
KeePass	U	KeePass.exe	Open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions	Yes
KeePass 2 PreLoad	U	KeePass.exe	Part of version 2.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions. Preloads parts KeePass into memory - not required if you have also enabled the program to run at startup (Options → Integration)	Yes
KeePass Password Safe	U	KeePass.exe	Version 1.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions	Yes
KeePass Password Safe 1.*	U	KeePass.exe	Version 1.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions. Vista/7 MSConfig and Windows Defender entry where 1.* represents the version number	Yes
KeePass Password Safe 2	U	KeePass.exe	Version 2.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions	Yes
KeepCop	X	KeepCop.exe	KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family	No
KeepCop.exe	X	KeepCop.exe	KeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID family	No
Java Update	X	keeper.exe	Added by the AGENT-DIS TROJAN!	No
cvhnykzx	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
deryheruxc	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
dsfghjgj	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
hfdtubvnx	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
hgkytwe	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
ilortgdg	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
KeepSafe	Y	keepsafe.exe	KeepSafe from Stardock Corporation - "the intermediate step needed to secure data between backups. It saves your important files in real-time as you work on them"	Yes
TXMouie	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
vcbbjf	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
xcfdhtyjkx	X	keepSafe.exe	Added by the KILLAV.KAX TROJAN! Note - this is not the legitimate KeepSafe from Stardock Corporation which shares the same filename and is normally located in a %ProgramFiles%\Stardock subfolder. This one is found in %System%	No
kegimnoceasa	X	kegimnoceasa.exe	Detected by McAfee as RDN/Downloader.a!g and by Malwarebytes Anti-Malware as Trojan.Agent.US	No
keiop	X	keiop.exe	Added by the VB-ERU TROJAN!	No
kelelist	X	kelelist.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%\kelelisprotector	No
KERNET	X	kellogs.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
WIRENET	X	kellogs.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
Logitech SetPoint	U	KEM.exe	Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys	No
KEMailKb	U	KEMailKb.EXE	Multimedia keyboard/keypad manager. Required if you use the additional keys	No
Kemet	?	kemet.exe	??	No
keniz	X	keniz.exe	Added by the AUTORUN-AZL WORM!	No
Windows Task Manager Emulator	X	kennewr.exe	Added by the SPYBOT-FA WORM!	No
KeNotify	U	KeNotify.exe	Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc	No
keqeliqzemec	X	keqeliqzemec.exe	Detected by Malwarebytes Anti-Malware as Trojan.Ransom.Gen. The file is located in %UserProfile%	No
kerbudurywea	X	kerbudurywea.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile%	No
kERe	X	kERe.exe	Added by the BRONTOK-BT WORM!	No
Microsoft Update Emulator	X	kern-mxe.exe	Added by a variant of Win32/Rbot	No
kernel32	X	kern32.exe	Detected by Trend Micro as WORM_BADTRANS.A	No
Win32Updater	X	KERNAL32.EXE	Added by the SPYBOT-OK WORM!	No
Windows Kernel 64	X	kernal64.exe	Added by the YIMP-B WORM!	No
Kerne0223	X	Kerne0223.exe	Added by the LEGMIR-ZA TROJAN!	No
load	X	Kerne121.exe	Added by the LINEAGE-ON TROJAN!	No
load	X	Kerne1211.exe	Added by the LINEAGE-DY TROJAN!	No
load=	X	Kerne14.exe	Added by the LINEAGE-BA TROJAN!	No
Plob	X	kernel.com	Added by the OPTIXPRO.12 BACKDOOR!	No
kernel32	X	kernel.dli	Added by the NETDEVIL.B TROJAN!	No
Kernel32	X	Kernel.dll	Detected by McAfee as VBS/Redlof@M	No
default	X	kernel.exe	Added by the SALUNI TROJAN!	No
kernel	X	kernel.exe	Detected by Total Defense as Matcash CF. The file is located in %ProgramFiles%\kernel	No
Kernel_32	X	Kernel.exe	Detected by Malwarebytes Anti-Malware as Trojan.Inject. The file is located in %Windir%\Isp_32	No
Microsoft Windows	X	Kernel.exe	Added by the EDIBARA-A VIRUS!	No
Microsoft Windows	X	Kernel.vbs	Added by the EDIBARA-A VIRUS!	No
kernel12.exe	X	kernel12.exe	Added by an unidentified WORM or TROJAN!	No
Win32G	X	Kernel32.com	Added by the ESTRELLA TROJAN!	No
kernel32	X	kernel32.dlI	Added by the NETDEVIL.15 TROJAN!	No
Kernell32	X	Kernel32.dll.exe	Detected by McAfee as W32/Acinti.worm	No
kernel32	X	kernel32.dll.vbs	Added by the WEKODE-A WORM!	No
32-bit Windows Kernel	X	Kernel32.exe	Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
InternalSystray	X	kernel32.exe	Detected by Trend Micro as BKDR_OPTIX.12B	No
Kernel Level Application	X	Kernel32.exe	Detected by Dr.Web as Trojan.PWS.Stealer.379	No
Kernel32	X	Kernel32.exe	Added by a number of VIRUSES, WORMS and TROJANS!	No
LoadWindowsFile	X	Kernel32.exe	Added by the DELF.B BACKDOOR!	No
Microsoft Windows System Kernel	X	kernel32.exe	Added by a variant of the IRCBOT TROJAN!	No
Mstask	X	kernel32.exe	Added by the STAP-C WORM!	No
rundll32	X	kernel32.exe	Added by the STAP-C WORM!	No
Windoes Kernel	X	kernel32.exe	Added by the KICKIN.A (or CYDOG.C) WORM!	No
Windows	X	Kernel32.exe	Added by the TENDOOLF.A WORM!	No
WSAConfiguration	X	kernel32.exe	Added by the AGOBOT-KV WORM!	No
system	X	kernel32.ini	Detected by Trend Micro as WORM_SILLYFDC.CJ	No
Win32 Kernel core component	X	Kernel32.pif	Added by the MOKS VIRUS!	No
Kernel32	X	Kernel32.win	Added by the GAGGLE.D or GAGGLE.E WORMS!	No
Distributed File System	X	kernel32dll.exe	Added by the MYFIP-C or MYFIP.K WORMS!	No
Kernel32	X	kernel32s.exe	Added by the BCKDR-CIC BACKDOOR!	No
rundll32	X	kernel33.exe	Added by the STAP-D WORM!	No
Microsoft Kernel Patch	X	kernel3ox.exe	Added by the RBOT-UJ WORM!	No
Kernel 64x support	X	kernel64.exe	Detected by Sophos as Troj/Vidlo-E and by Malwarebytes Anti-Malware as Trojan.Mixus	No
System	X	kernel8.exe	Added by the DLOADR-AOL TROJAN!	No
DefencerGBA	X	KernelBases.exe	Detected by Microsoft as TrojanSpy:Win32/Banker.YX. The file is located in %System%	No
DefencerGBA	X	KernelBases.exe	Detected by Malwarebytes Anti-Malware as Spyware.Banker. The file is located in %UserProfile%\AppData\LocalFiles	No
filename process	X	kerneldll.exe	Added by the AGOBOT-PO WORM!	No
KernelFaultCheck32	X	KernelFaultCheck32.exe	Detected by Dr.Web as Trojan.Siggen5.4841	No
Plob	X	kerneli.com	Added by the OPTIXPRO.12 BACKDOOR!	No
System	X	kernels1118.exe	Added by a variant of W32/Sdbot.worm	No
SystemTools	X	kernels1118.exe	Added by a variant of W32/Sdbot.worm	No
Service System	X	kernels32.exe	Detected by Sophos as Troj/Bancos-DA and by Malwarebytes Anti-Malware as Trojan.Banker	No
System	X	kernels32.exe	Detected by Sophos as Troj/Dloader-FC and by Malwarebytes Anti-Malware as Trojan.FakeAlert	No
SystemTools	X	kernels32.exe	Detected by Sophos as Troj/Dloader-FC	No
System	X	kernels64.exe	Added by the VIXUP-S TROJAN!	No
System	X	kernels8.exe	Detected by Trend Micro as TROJ_TIBS.AI	No
SystemTools	X	kernels8.exe	Added by the FNG TROJAN!	No
System	X	kernels88.exe	Detected by Sophos as Troj/Tibs-PP and by Malwarebytes Anti-Malware as Trojan.Agent	No
SystemTools	X	kernels88.exe	Detected by Sophos as Troj/Tibs-PP and by Malwarebytes Anti-Malware as Trojan.Agent	No
IMEKernel32	X	Kernelsys32.exe	Detected by Symantec as W32.HLLW.GOP@mm	No
Kernelw	X	Kernelw32.exe	Added by the INDOR.E WORM!	No
System	X	kernelwind32.exe	Detected by Total Defense as Vxidl FT and by Malwarebytes Anti-Malware as Trojan.FakeAlert	No
System	X	kernelwind64.exe	Detected by Trend Micro as TROJ_DLOADER.DJD and by Malwarebytes Anti-Malware as Trojan.Downloader	No
KernelRuntime	X	kernel_runtime.exe	Added by the MYTOB-JO WORM!	No
KRNL	X	Kernl32.exe	Detected by Kaspersky as Backdoor.Win32.Zomby.b	No
Laz	X	Kernn.exe	Detected by Sophos as Troj/Bancos-LN	No
MicroSoft Toolbar	X	key.exe	Added by the RBOT-AEW WORM!	No
KeyAccess	Y	keyacc32.exe	KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"	No
AidemHotKey	?	KEYAPP.EXE	Keyboard related	No
Keybdcntl	X	keybdcntl.exe	Added by the GEMA TROJAN!	No
[various names]	X	keybdll.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
keyboard	X	keyboard.exe [ = number]	Detected by Kaspersky as the VB.ZG TROJAN!	No
(Default)	X	KEYBOARD.exe	Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
KeyBoard	U	Keyboard.exe	Labtec keyboard utility	No
Microsoft Taskmanager Updater	X	keyboard.exe	Added by the RBOT-ALU WORM!	No
Microsoft Windows Keyboard service	X	keyboard.exe	Added by the RBOT-CRF WORM!	No
NLS Keyboard	X	keyboard.exe	Added by a variant of the SPYBOT WORM!	No
ntgy	X	keyboarda.exe	Detected by Dr.Web as Trojan.DownLoader8.18852 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Xvtpiqbe	X	keyboardo.exe	Detected by Dr.Web as Trojan.DownLoader9.10873	No
keyboard_enum	X	keyboard_enum.exe	Added by the BDOOR-GP BACKDOOR!	No
Srv32Win	X	KeyCaptor.exe	KeyCaptor surveillance software. Uninstall this software unless you put it there yourself	No
keyhook	U	keyhook.exe	Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys	Yes
SiS Compatible Super VGA Keyboard Daemon	U	keyhook.exe	Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys	Yes
SiS Windows KeyHook	U	keyhook.exe	Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys	Yes
WinEssential	X	Keyhost.exe	Detected by Symantec as Adware.Jraun	No
VC_Log	U	keylog.exe	PaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourself	No
ABC	U	keylogger.exe	Keystroke logger/monitoring program - remove unless you installed it yourself!	No
HomeKeyLogger	U	KeyLogger.exe	SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself	No
1Win32Cfg	U	Keyloggerpro.exe	Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!	No
CherryKeyMan	U	KeyMan.exe	Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys	No
keymap	U	keymap.exe	System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game	No
TaskMgr	X	keymayker.exe	Added by the LDPINCH-EP TROJAN!	No
Microsoft System Checkup	X	Keymgr.exe	Added by the DONK.M WORM!	No
KeyPang	X	keypang.exe	Detected by Malwarebytes Anti-Malware as Adware.Korad. The file is located in %ProgramFiles%\KeyPang	No
KeyPatrol	Y	KeyPatrol.exe	KeyPatrol - keylogger detector using both behavioral and pattern-matching algorithms. Part of the original anti-malware program by PestPatrol, Inc. Acquired by CA where it became eTrust PestPatrol Anti-Spyware and then CA Anti-Spyware - which is now included in CA AntiVirus Plus	Yes
Keyboard Lauchpad	U	Keys.exe	Keyboard Launchpad from Stardock Corporation - "can create keyboard short-cuts for your programs, saved clipboards, URLs, system commands, and more." Required if you want to use the custom keyboard shortcuts. Also part of the Object Desktop suite	Yes
MicroUpdate	X	keys.exe	Detected by Dr.Web as Trojan.DownLoader6.51768 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %System%\Updater	No
Stardock Keyboard Launchpad	U	Keys.exe	Keyboard Launchpad from Stardock Corporation - "can create keyboard short-cuts for your programs, saved clipboards, URLs, system commands, and more." Required if you want to use the custom keyboard shortcuts. Also part of the Object Desktop suite	Yes
KeyScrambler	Y	keyscrambler.exe	KeyScrambler from QFX Software Corporation - "encrypts your keystrokes deep in the kernel, foiling keylogging attacks with scrambled, undecipherable data"	Yes
keyserv	X	keyserv.exe	KeyThief spyware	No
ChromeMark	?	keysh.exe	Related to this. Don't know what keysh.exe does though and if it's required	No
KLog	U	Keyspy.exe	KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!	No
pskl	U	keyspy.exe	KeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself!	No
Keyboard Status	?	KeyStat.exe	Multimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStat	No
Toshiba Key State	U	KEYSTATE.EXE	Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start → Programs	No
keystroke	U	keystroke.exe	QuickLaunch surveillance software. Uninstall this software unless you put it there yourself	No
Key Text	N	KeyText.exe	Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start → Programs	No
WinEssential	X	keyword.exe	Adware.Jraun variant	No
keywordfindagent	X	keywordfindagent.exe	Detected by McAfee as Generic.tfr!ck and by Malwarebytes Anti-Malware as Adware.Kraddare	No
KeywordSearchUpdater	X	keywordfindagent.exe	Detected by McAfee as Generic.tfr!ck and by Malwarebytes Anti-Malware as Adware.Kraddare	No
[various names]	X	KeywordFinder.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
keywordpop.exe	X	keywordpop.exe	Detected by Dr.Web as Trojan.DownLoader7.20458 and by Malwarebytes Anti-Malware as Adware.KorAd	No
KeywordSearchUpdater	X	KeywordSearchUpdater.exe	Keyword Search adware	No
keywordtabhper	X	keywordtabhper.exe	Detected by McAfee as Generic Downloader.x!g2g and by Malwarebytes Anti-Malware as Adware.KeywordTab.K	No
keywordtabopen	X	keywordtabopen.exe	Detected by McAfee as Generic Downloader.x!g2g and by Malwarebytes Anti-Malware as Adware.KeywordTab.K	No
keywordtab	X	keywordtabup.exe	Detected by McAfee as Generic Downloader.x!g2g and by Malwarebytes Anti-Malware as Adware.KeywordTab.K	No
KeywordYac	X	KeywordYacUpdate.exe	Detected by Malwarebytes Anti-Malware as Adware.Korad. The file is located in %ProgramFiles%\KeywordYac	No
Service System	X	kgbfsm344.exe	Detected by Sophos as Troj/Bancos-FS	No
suapafjj	X	kgejbaytssd.exe	Added by the AGENT-MXH TROJAN!	No
kgjdi27	X	kgjdie27.exe	Added by the SDBOT.AP BACKDOOR!	No
KGSM	X	KGSM.exe	Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %System%	No
Winsock2 driver	X	kgzgjkpcw.exe	Added by the SDBOT.T TROJAN!	No
SETPOINT Logitech Inc	X	KHALMNP.exe	Added by the RBOT-AAX WORM!	No
Kernel and Hardware Abstraction Layer	U	KHALMNPR.EXE	Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPoint	Yes
KHALMNPR	U	KHALMNPR.EXE	Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPoint	Yes
Logitech Hardware Abstraction Layer	U	KHALMNPR.EXE	Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPoint	Yes
Logitech SetPoint	U	KHALMNPR.EXE	Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPoint	Yes
khanchoUpdate	X	khanag.exe	Detected by Dr.Web as Trojan.DownLoader6.25995 and by Malwarebytes Anti-Malware as Adware.Kraddare	No
khancho	X	khanup.exe	Detected by Dr.Web as Trojan.DownLoader6.25995 and by Malwarebytes Anti-Malware as Adware.FunPop.K	No
KHATARNAK Loader	X	KHATARNAK.exe	Detected by Trend Micro as WORM_AUTORUN.ACO	No
load	X	KHATRA.exe	Added by the ORBINA-A WORM!	No
nwiz	X	KHATRA.exe	Added by the ORBINA-A WORM!	No
PHIME2002A	X	KHATRA.exe	Detected by Microsoft as Worm:Win32/Abfewsm.A	No
Taskman	X	KHATRA.exe	Added by the AUTORUN-AKR WORM!	No
VMware Tools	X	KHATRA.exe	Detected by Sophos as W32/Autoit-BP	No
VMware User Process	X	KHATRA.exe	Added by the AUTOIT.K TROJAN!	No
Xplorer	X	KHATRA.exe	Detected by Sophos as W32/AutoRun-AKR and by Malwarebytes Anti-Malware as Trojan.FakeFolder	No
khooker	N	khooker.exe	SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required	No
SiS KHooker	N	khooker.exe	SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required	No
4oD	U	KHost.exe	Part of the Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. As used by earlier versions of the UK's 4oD (4 on Demand) service	No
kdx	N	KHost.exe	Part of the Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. As used by earlier versions of UK on-demand services such as Sky Anytime, BBC iPlayer and 4od (4 on-demand)	No
(Default)	X	kiarash test.exe	Detected by Dr.Web as Trojan.MulDrop4.28932 and by Malwarebytes Anti-Malware as Trojan.Agent.TPL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
Kryptel Component Start	U	Kicker.exe	Kryptel encryption software	No
KICKMON.EXE	U	KICKMON.EXE	KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required	No
KiesPreload	?	Kies.exe	Part of the SAMSUNG Kies mobile device management software	No
KiesAirMessage	U	KiesAirMessage.exe	Supports the Kies Air feature from Samsung - which "is a mobile application which enables Wi-Fi mobile-to-device connections and browser-based management. You can use Kies Air without PC software or a USB connection"	No
Kies	U	KiesHelper.exe	Installed with the SAMSUNG Kies mobile device management software. Preloads part of Kies into memory to speed up the loading time of the main program and exits after running. Tested without a supported device on a system with more than 1GB of memory it took twice as long for Kies to start with this entry disabled	Yes
KiesHelper	U	KiesHelper.exe	Installed with the SAMSUNG Kies mobile device management software. Preloads part of Kies into memory to speed up the loading time of the main program and exits after running. Tested without a supported device on a system with more than 1GB of memory it took twice as long for Kies to start with this entry disabled	Yes
KiesPDLR	?	KiesPDLR.exe	Part of the SAMSUNG Kies mobile device management software	No
Kies TrayAgent	N	KiesTrayAgent.exe	SAMSUNG Kies mobile device management software which also allows you to view apps in full screen on your PC, no matter what network you're on. Allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Only required if you want to autostart Kies when your device is connected	Yes
KiesTrayAgent	N	KiesTrayAgent.exe	SAMSUNG Kies mobile device management software which also allows you to view apps in full screen on your PC, no matter what network you're on. Allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Only required if you want to autostart Kies when your device is connected	Yes
kiGUicd	X	kiGUicd.exe	Detected by McAfee as RDN/Generic Dropper!e and by Malwarebytes Anti-Malware as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
MicroUpdate	X	KIKO.exe	Detected by Dr.Web as Trojan.DownLoader6.25616 and by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %Root%\MRTCD	No
kill	X	kill.cpl	Detected by Malwarebytes Anti-Malware as Trojan.Agent.CPL. The file is located in %LocalAppData%	No
Scvbost	X	kill.Exe	Detected by Malwarebytes Anti-Malware as Backdoor.DarkKomet. The file is located in %Temp%\killer - see here	No
[various names]	X	killall.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
KillAndClean	X	KillAndClean.exe	KillAndClean rogue spyware remover - not recommended, removal instructions here	No
EasyFace Agent	U	KillAutoAP.exe	EasyFace™ by MSI - "integrated face registration, face tracking, and face detection technology" for both internal and external webcams which allows the user to login via face recognition	No
Dlload	X	killer.exe	Added by the KILLAV-FK TROJAN!	No
cartao	X	killing.exe	Added by the DLOADER-QN TROJAN!	No
Kill Popup	U	KillPopup.exe	KillPopup - pop-up stopper	No
System Startup	X	kimochi.exe	Added by the SPYBOT.AII WORM!	No
kimochiz.exe	X	kimochiz.exe	Added by the MDROP-BB TROJAN!	No
Kinberlink	N	Kinberlink.exe	Kinberlink network messaging. Available via Start → Programs	No
kinglotto	X	kinglottoUp.exe	Detected by Malwarebytes Anti-Malware as Adware.Nieguide. The file is located in %ProgramFiles%\kinglotto	No
kingrsps.exe	X	kingrsps.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %Root%	No
KINPle Update Check	X	KinPleStart.exe	Detected by Emsisoft as Backdoor.Win32.Webdor!IK and by Malwarebytes Anti-Malware as Spyware.KinPlayer. The file is located in %ProgramFiles%\KinPle	No
DSFGWR	X	kiuht.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Root%\fsefds	No
FGHRSDR	X	kiuht.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Root%\fsefds	No
INTEFS	X	kiuht.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %Root%\fsefds	No
kizzeqoflilj	X	kizzeqoflilj.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile%	No
kjEenXNPEgLSP	X	kjEenXNPEgLSP.exe	Added by the FAKEAV-MD TROJAN!	No
faslkakj11	X	kjgagklj11.exe	Added by the LEGMIE-ARE TROJAN!	No
Windows Defender	X	KJHEAPC69E.exe	Detected by McAfee as Generic.dx!bd3y and by Malwarebytes Anti-Malware as Trojan.Agent.Gen. Note - this is not the legitimate Microsoft Windows Defender whose filename is MSASCui.exe and the file is located in %AppData%	No
Microsoft Update	X	Kkk.exe	Added by the RBOT-AHL WORM!	No
kkkore	X	kkkore.exe	Detected by Malwarebytes Anti-Malware as Trojan.QHost.K. The file is located in %Windir%	No
KKM Service	X	kkm.exe	Added by the NANPY-I WORM!	No
Kkwkwu	X	Kkwkwu.exe	Detected by Malwarebytes Anti-Malware as Worm.Dorkbot. The file is located in %AppData%	No
kkw_run.exe	U	kkw_run.exe	Kensington KeyboardWorks - keyboard software. Not required unlessyou use any special features	No
Windows Update	X	klass.exe	Detected by Sophos as Troj/Bifrose-ZH and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
LayoutM	U	KLayMgr.exe	Keyboard manager for Chicony keyboards - required if you use any of the special or function keys	No
RKLG Startup	U	klg.exe	Local Keylogger Pro keystroke logger/monitoring program - remove unless you installed it yourself!	No
KlipFolio	U	KlipFolio.exe	Klipfolio Dashboard KPI (Key Performance Indicator) software which helps organizations evaluate their success or the success of a particular activity in which they're engaged	No
KLM	U	KLM.exe	MSI Keyboard LED Manager for supported laptop models (such as the GT70) which have keyboards with multi-colored LED backlighting - allowing you to pick a color, lighting mode and section of the keyboard	No
cdmmslpo	X	klpllsm.exe	Added by the TEDIJINI-A TROJAN!	No
WinAC v4	X	klsuicbn.exe	Added by the FORBOT-CS WORM!	No
BtcMaestro	U	KMaestro.exe	Multimedia keyboard manager. Required if you use the multimedia keys	No
KeyMaestro	U	kmaestro.exe	Multimedia keyboard manager. Required if you use the multimedia keys	No
keymatch	X	kmagt.exe	Detected by Malwarebytes Anti-Malware as Adware.KorAd. The file is located in %AppData%\keymatch	No
gWt	X	kmiqdeimiufb.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.WTG. The file is located in %System%	No
Bitocmet	X	KMPlayir.exe	Detected by Trend Micro as TROJ_VB.FPW	No
f73d8fea88579bcf83d51be1f8408f87	X	KMS.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp%	No
Intel(Ms)	X	kms.exe	Detected by Dr.Web as Trojan.Siggen5.23631 and by Malwarebytes Anti-Malware as Backdoor.Agent.ITN	No
kmw_run.exe	U	kmw_run.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features	No
kmw_show.exe	U	kmw_show.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features	No
WinSrv	X	kn0x.exe	Detected by Trend Micro as WORM_HOBBIT.F	No
Tablet Human Hardware Themes Class Center	X	knfjpkjv.exe	Detected by McAfee as RDN/Downloader.a!g and by Malwarebytes Anti-Malware as Trojan.Agent	No
Disk Knight	X	Knight.exe	Added by the AUTORUN-H WORM!	No
KNK Start	X	KNK.exe	Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Trojan.STRGen	No
Windows Service Ag3nt	X	knpcoq.exe	Added by the SDBOT.EZX TROJAN!	No
Pdll	X	Knucker.C.vbs	Detected by Malwarebytes Anti-Malware as Worm.VBS. The file is located in %System%	No
Knupper	X	Knupper	Detected by McAfee as RDN/Generic.bfr!e and by Malwarebytes Anti-Malware as Backdoor.Agent	No
KODAK Software Updater	N	Kodak Software Updater.exe	Software updater for Kodak Easyshare digital cameras	No
KodakCCS	Y	KodakCCS.exe	Kodak DC File System Driver	No
Windows	X	kohaLqha.exe	Added by the NUSUMP-C WORM!	No
King_ko	X	koking.exe	Added by the AUTORUN-BMU WORM!	No
rn4d	X	kolder.exe dirote.exe	Added by the MAROON.A BACKDOOR! Both files are located in %System%\d0e0t1	No
msnupdt	X	kolie.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa	No
Bron-Spizaetus-5118REPM	X	komodo-6321422.exe	Added by the BRONTOK-R WORM!	No
Pujangga	X	KOMPTI.exe	Added by the PITKOM-A TROJAN!	No
Warga KompTi	X	KOMPTI.exe	Added by the PITKOM-A TROJAN!	No
Konni Symbol Autostart	N	KonniSymbol.exe	Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5	No
cnet	N	kontiki.exe	Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for c\|net	No
GameSpot	N	kontiki.exe	Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for GameSpot	No
kontiki	N	kontiki.exe	Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops	No
zdnet	N	kontiki.exe	Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for ZDNet	No
kotechprotect	X	kotechprotect_up.exe	Kotech-Protect rogue security software - not recommended, removal instructions here	No
F1XJGGIM31EB	X	KP4UMB72.exe	Detected by McAfee as RDN/Generic.bfr!m and by Malwarebytes Anti-Malware as Backdoor.Agent	No
BLMC3Mouse-KPDrv4XP	Y	KPDrv4XP.exe	Multimedia USB mouse driver. Required if you use the additional buttons	No
KPDrv4XP	Y	KPDrv4XP.exe	Multimedia keyboard/keypad/mouse driver. Required if you use the additional keys	No
KXT01_KPDrv4XP	Y	KPDrv4XP.exe	Multimedia USB keyboard driver. Required if you use the additional keys	No
USBKBDrv	Y	KPDrv4XP.EXE	Multimedia keyboard/keypad driver. Required if you use the additional keys	No
USB-TenKey USBKPDrv	Y	KPDRV4XP.EXE	Multimedia USB keypad driver. Required if you use the additional keys	No
Zippy USBKPDrv	Y	KPDRV4XP.EXE	Zippy multimedia USB keypad driver. Required if you use the additional keys	No
Kperfect	X	KPerfect.exe	Detected by Dr.Web as Trojan.DownLoader5.24152	No
KavPFW	Y	KPFW32.EXE	Kingsoft Personal Firewall	No
KPFW32.EXE	Y	KPFW32.EXE	KingSoft Personal Firewall	No
KPFWSvc.EXE	Y	KPFWSvc.EXE	KingSoft Personal Firewall	No
KPNAssistentUpdater	N	KPNAssistentUpdater.exe	Updater for the KPN Assistant self-help support tool for KPN broadband users (provided by Support.com (aka SupportSoft or Tioga))	No
Microsoftctfmon	X	kr.exe	Detected by Dr.Web as Trojan.DownLoader6.9905 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Kr0n1C	X	Kr0n1C.exe	Detected by Sophos as W32/Brontok-BO	No
krag	X	krag.exe	Added by the AGENT-FOW WORM!	No
Kraidman	U	Kraidman.exe	"Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops	No
MJCXREYWRURCOTI0MJNFMK	X	kratrwrk.exe	Detected by McAfee as PWS-Zbot.gen.po and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
KREC32	U	krec32.exe	KBMonitor keystroke logger/monitoring program - remove unless you installed it yourself!	No
Microsoft Document	X	krisp.exe	Added by the SDBOT-RQ WORM!	No
System	X	krln32.exe	Malware installed by different rogue security software including SpyKillerPro	No
startkey	X	krnl.exe	Added by the BIFROSE-S TROJAN!	No
Kernel32	X	krnl32.exe	Added by the EPON WORM!	No
krnl386	X	krnl386.exe	Detected by Kaspersky as Trojan.Win32.VB.aqvl	No
Kernel Manager	X	krnlmgr.exe	Added by the JUNY.A TROJAN!	No
Krnlmod	U	Krnlmod.exe	Keystroke logger/monitoring program - remove unless you installed it yourself!	No
krnlinit	X	krnlx86.exe	Detected by Dr.Web as BackDoor.IRC.Mishko.52 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Windows Service Agent	X	krqbs.exe	Added by the IRCBRUTE.AZ TROJAN!	No
RUI4QKYXRDLEQZRERTUXNJ	X	krzngtjw.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %UserProfile%	No
Ksjhdfx	X	Ksjhdfx.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%	No
MSRegScan	U	KSPDemo.exe	KeyStalker PRO surveillance software. Uninstall this software unless you put it there yourself	No
Ksrv32	X	Ksrv32.exe	Added by the AGOBOT-PI WORM!	No
KClient	U	kstatus.exe	KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet	No
MSConfig	X	ksum.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
Nvidia Startup Manager	X	ksvc32.exe	Detected by Sophos as Troj/Agent-IWD	No
KSVSvc.exe	X	KSVSvc.exe	Detected by Trend Micro as TSPY_ONLINEG.CTM	No
Microsoft AntiSpyware	X	KT06.pif	Added by a variant of the IRCBOT BACKDOOR!	No
KTAX Auto Loader	X	ktax.exe	Added by the SDBOT-MZ WORM!	No
ktchnsnk	U	ktchnsnk.exe	HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted	No
KTPWare	Y	ktp.exe	Related to KTP Ware TSR Enhancements from ELANTECH	No
Start RF Wireless Keyboard	Y	ktrexe.exe	Yuanxun Electronics RF wireless keyboard driver	No
Rakyat_Kelaparan	X	Kuli.exe	Added by the SILLYFDC.BDM WORM!	No
Kuma_Tray	N	Kuma_tray.exe	System Tray access to free games from Kuma	No
Optimize Windows	X	Kuntilanak.exe	Added by the SILLYFDC WORM!	No
RPCall_WIN2K	X	Kurawas.exe	Added by the BHARAT.A WORM!	No
UUSeei	X	Kuwoi.exe	Detected by Trend Micro as TROJ_VB.FPW	No
kvasoft	X	kva8wr.exe	Detected by Trend Micro as WORM_ONLINEG.ICC	No
KvmSecure.exe	X	KvmSecure.exe	KvmSecure rogue security software - not recommended, removal instructions here	No
Kerio VPN Client	U	kvpnclient.exe	Kerio VPN Client	No
Kvsc3	X	Kvsc3.exe	Added by the PWS-ANM TROJAN!	No
AeTWEnNoIZyaIiUYGtHGEdWktj	X	kVsEoYPVDuCgJx.exe	Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %System% - see here	No
FGHDFYFJ	X	KVVRIA96Y5.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%	No
KeyWallet	U	KWallet.exe	"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"	No
KwSvScan	X	kwsvscan.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%\My UserPrograms	No
KiweeHook	N	kwtbaim.exe	Kiwee toolbar - allows emoticons, winks, text and greetings to be added to conversations. Note - can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see here	No
KX509	U	kx509_kfwk5.exe	Kerberos Secure Authentication for Windows	No
kxesc	Y	kxetray.exe	System Tray access to and notifications for Kingsoft security products	No
kX Mixer	N	kxmixer.exe	Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards	No
KXT01_Keyboard	U	KXT01KB.EXE	Multimedia USB keyboard manager. Required if you use the additional keys	No
kxva	X	kxvo.exe	Added by the AUTORUN-DY WORM!	No
MSN	X	kys7r.exe	Added by the AUTORUN-AR WORM!	No
KY Control Settings	X	KYSVCCD.EXE	Detected by Trend Micro as WORM_SDBOT.BHJ	No
KYK Control Settings	X	KYSVCXD.EXE	Added by a variant of Win32/Rbot	No
kytqetorjans	X	kytqetorjans.exe	Detected by Malwarebytes Anti-Malware as Trojan.Cutwail. The file is located in %UserProfile%	No
Supports RAS Connections	X	kznytwg.EXE	Detected by Sophos as Troj/Agent-AASM and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

Variables:

%System% - refers to the System folder; by default this is
- C:\Windows\System32 (7/Vista/XP)
- C:\Winnt\System32 (2K)
- C:\Windows\System (Me/9x)
%Windir% - refers to the Windows installation folder; by default this is
- C:\Windows (7/Vista/XP/Me/9x)
- C:\Winnt (2K)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
%CommonFiles% - refers to the Common Program Files folder; typically the path is C:\Program Files\Common Files
%Root% - refers to the highest directory level on a hard drive - i.e., C:\, D:\
%UserProfile% - refers to the current user's profile folder; by default this is
- C:\Users\{user} (7/Vista)
- C:\Documents and Settings\{user} (XP/2K)
%AllUsersProfile% - refers to the common profile folder for all users; by default this is
- C:\Users\All Users (7/Vista)
- C:\Documents and Settings\All Users (XP/2K)
%AppData% - refers to the current user's Application Data folder; by default this is
- C:\Users\{user}\AppData\Roaming (7/Vista)
- C:\Documents and Settings\{user}\Application Data (XP/2K)
%CommonAppData% - refers to the common Application Data folder for all users; by default this is
- C:\ProgramData (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Application Data (XP/2K)
%LocalAppData% - refers to the current user's Local Application Data folder; by default this is
- C:\Users\{user}\AppData\Local (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Application Data (XP/2K)
%MyDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\{user}\Documents (7/Vista)
- C:\Documents and Settings\{user}\My Documents (XP/2K)
%CommonDocuments% - refers to the common Documents folder; by default this is
- C:\Users\Public\Documents (7/Vista)
- C:\Documents and Settings\All Users\Documents (XP/2K)
%UserTemp% - refers to the current user's Temp folder; by default this is
- C:\Users\{user}\AppData\Local\Temp (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Temp (XP/2K)
%WinTemp% - refers to the Windows Temp folder; typically the path is C:\Windows\Temp
%Temp% - refers to either or both of the %UserTemp% and %WinTemp% folders where the location isn't specified, or %Root%\Temp
%Templates% - refers to the current user's Templates folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Templates (7/Vista)
- C:\Documents and Settings\{user}\Templates (XP/2K)
%UserStartup% - refers to the current user's Startup folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista)
- C:\Documents and Settings\{user}\Start Menu\Programs\Startup (XP/2K)
%AllUsersStartup% - refers to the All User Startup folder; by default this is
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (XP/2K)
%Recycled% - refers to the Recyled Bin; by default this is
- %Root%\$RECYCLE.BIN (7/Vista)
- %Root%\RECYCLER (XP)

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Site Map

Home