Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 10/8/7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 31st March, 2017
51245 listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

567 results found for K

Startup Item or Name Status Command or Data Description Tested
tytytytryXk.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %LocalAppData%No
KotimeXk071m.exeDetected by Intel Security/McAfee as W32/Spybot.worm!g and by Malwarebytes as Trojan.Agent.E. The file is located in %MyDocuments%No
k14rsystemupdaterXk14rsystemupdater.exeDetected by Intel Security/McAfee as RDN/Generic.dx!o and by Malwarebytes as Trojan.ClickerNo
ker1nel32Xk1ernel32.dlIDetected by Intel Security/McAfee as BackDoor-RP and by Malwarebytes as Trojan.DelfNo
K2ps_full.taskXK2ps_full.exeAdded by the JUNTADOR.K TROJAN!No
K4IHEO1JF80F.exeXK4IHEO1JF80F.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %AppData%No
Key64Xk64.exeDetected by Malwarebytes as Ransom.CryptoMix. The file is located in %AppData%\[random]No
K6CPUNK6CPU.EXEAuthenticates CPU as K6 in system propertiesNo
K6CPU.EXENK6CPU.EXEAuthenticates CPU as K6 in system propertiesNo
K7SysMonYK7SysMon.ExeK7 Computing internet security software - system monitorNo
K7SystemTrayYK7SysTry.exeK7 Computing internet security software - System Tray access/notificationsNo
K7TSStartYK7TSecurity.exeK7 Computing internet security softwareNo
Launch K9UK9.exeK9 by Robert Keir - "an email filtering application that works in conjunction with your regular POP3 email program and automatically classifies incoming emails as spam (junk email) or non-spam without the need for maintaining dozens of rules or constant updates to be downloaded. It uses intelligent statistical analysis that can result in extremely high accuracy over time"No
CelebSauce Browser Plugin LoaderUkabrmon.exeCelebSauce toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CelebSauce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
CelebSauce Browser Plugin Loader 64Ukabrmon64.exeCelebSauce toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CelebSauce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
anhtaaaXkacsde.exeDetected by Sophos as W32/Frethog-BNo
kader.exeXkader.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.FR. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
KADxMainUKADxMain.exeSystem Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptopsNo
Windows Service AgentXkafdprs.exeDetected by Kaspersky as Backdoor.Win32.IRCBot.hde and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
KagwangXkagwang.exeDetected by Sophos as W32/AutoRun-XUNo
kak.htaXkak.htaDetected by Microsoft as Trojan:JS/Kak.gen. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows startsNo
adadaXkaka.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
KakaoTalkNKakaoTalk.exeKakao Talk by Kakao Corp - messaging service which allows you to "Keep in touch with anyone, anywhere, anytime"No
KalenderUKalender.exeUK's Kalender "helps you organizing your dates and tasks and reminds you of upcoming events"No
kalvsysXkalv***32.exe [* = random char]Detected by Symantec as Trojan.ElitebarNo
windowsWordXKamasutra.exeDetected by Dr.Web as Win32.HLLW.Autoruner2.13964 and by Malwarebytes as Worm.AutoRun.ENo
CelebSauce EPM SupportUkamedint.exeCelebSauce toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CelebSauce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itYes
kamsoftXkamsoft.exeDetected by Trend Micro as WORM_AUTORUN.BKK and by Malwarebytes as Trojan.AgentNo
kanefXkanef.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
HKLMXkansas.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Backdoor.HMCPol.GenNo
fklw32Xkansas.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Backdoor.AgentNo
HKCUXkansas.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Backdoor.HMCPol.GenNo
KanSenXKanSen.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %AppData%\MicrosoftNo
KanSen.exeXkansen.exeDetected by Dr.Web as Trojan.DownLoader7.870No
kapefXkapef.exeDetected by Malwarebytes as Worm.AutoRun. The file is located in %UserProfile% - see hereNo
kapeskay.2.0Xkapeskay.2.0.comDetected by Dr.Web as Trojan.DownLoader11.49059 and by Malwarebytes as Trojan.Banker.KPNo
KareM.vbsMr-Morocco.vbsXKareM.vbsMr-Morocco.vbsDetected by Intel Security/McAfee as RDN/Generic.dx!dhg and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
[various names]XKargo.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
kartoXkarto.exeDetected by Malwarebytes as Adware.KorAd.Gen. The file is located in %AppData%\kartomizerNo
KartSvrXKartSvr.exeDetected by Dr.Web as Trojan.Siggen3.9504 and by Malwarebytes as Trojan.Backdoor.SVRNo
Connect KasambaUKasamba.exe"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"No
msenngerXkasber.exeDetected by Trend Micro as TROJ_BOTIRC.A and by Malwarebytes as Backdoor.IRCBotNo
Kasper AntivirusXKASPERANTIVIRUS.EXEAdded by a variant of the SPYBOT WORM!No
KasperskyAvXkaspersky.exeAdded by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virusNo
Windows Messenger ServiceXkaspersky.exeDetected by Trend Micro as WORM_MYTOB.HYNo
KasperskyXKaspersky.exe.lnkDetected by Intel Security/McAfee as RDN/Generic.bfr!fy and by Malwarebytes as Backdoor.Agent.DCENo
Kaspersky AntivirusXKasperskyAV.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
KasperskyAVEngXKasperskyaveng.exeAdded by the NETSKY.V WORM!No
kaspersky32XkasperskyLabs32.exeDetected by Sophos as W32/Rbot-GOTNo
MicrosoftXkasperskyLive32.exeDetected by Sophos as W32/Rbot-GRT and by Malwarebytes as Trojan.Agent.MSGenNo
AntiVirusXkaspery.exeAdded by a variant of Backdoor:Win32/RbotNo
CelebSauce Search Scope MonitorUkaSrchMn.exeCelebSauce toolbar (now retired) - powered by the Ask Partner Network toolbars by IAC Applications (was Mindspark). Detected by Malwarebytes as PUP.Optional.MindSpark. The file is located in %ProgramFiles%\CelebSauce\bar\*.bin - where * represents a number or letter. If bundled with another installer or not installed by choice then remove itNo
kasualSpushkin123XKasual.exe.exeDetected by Malwarebytes as Trojan.Agent.KS. The file is located in %UserTemp%No
Dannywest69XKasual.exe.exeDetected by Malwarebytes as Trojan.Agent.KS. The file is located in %UserTemp%No
SystrayXKAT.vbsDetected by Sophos as VBS/Soad-DNo
KatMouseUKatMouse.exeKatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etcNo
AVP32XKAV.exeAdded by the AUTORUN.BCYC WORM!No
kavXkav.exeAdded by the DOGROBOT TROJAN! Note - this is not a valid old version of Kaspersky AV and is located in %System%No
KAVPersonal50YKav.exeOld version of Kaspersky antivirusNo
kviursXkav.exeAdded by the SILLYFDC.BBJ WORM!No
Protocol SettingsXkav.exeDetected by Trend Micro as WORM_RBOT.APZNo
NvCplScanXkav32.exeDetected by Sophos as W32/Forbot-EWNo
kavirXkavir.exeAdded by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an exampleNo
KavirsXKavirs.exeDetected by Sophos as Troj/Agent-OJC and by Malwarebytes as Trojan.AgentNo
Kavirs1XKavirs1.exeDetected by Sophos as Troj/Agent-OPY and by Malwarebytes as Trojan.DownloaderNo
LsassXkavmm.exeAdded by unidentified malware. Note - do no confuse with the legitimate Kaspersky file described here which is normally located in a sub-folder of %ProgramFiles%\Kaspersky Lab. The one is located in %Root%No
kavaXkavo.exeDetected by Sophos as Troj/Lineag-GLG and by Malwarebytes as Trojan.AgentNo
Kaspersky Anti-HackerYKAVPF.exeKaspersky Anti-Hacker personal firewall - no longer availableYes
KavPFWYKAVPFW.exeKingsoft Personal FirewallNo
KavStartYKAVStart.exePart of Kingsoft Internet SecurityYes
Kingsoft Antivirus Security CenterYKAVStart.exePart of Kingsoft Internet SecurityYes
Kingsoft Internet SecurityYKAVStart.exePart of Kingsoft Internet SecurityYes
kavsvcYkavsvc.exeOld version of Kaspersky antivirusNo
WIn32S Java DLLXkavsvx.exeDetected by Sophos as W32/Agobot-RZNo
KAZAANkazaa.exeKaZaA peer-to-peer (P2P) file-sharing program which can include adware such as Cy-door. As KaZaA is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. No longer availableNo
Kazaa lptt01Xkazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this entry replaces the legitimate KaZaA executable in %ProgramFiles%\kazaaNo
KaZaA Media DesktopNkazaa.exeKaZaA peer-to-peer (P2P) file-sharing program which can include adware such as Cy-door. As KaZaA is a peer-to-peer (P2P) file-sharing client used to distribute large amounts of data between multiple users make sure you have good, up-to-date virus protection and check any downloads. No longer availableNo
Kazaa ml097eXkazaa.exeRapidBlaster variant (in a "kazaa" folder in Program Files). A dedicated "RapidBlaster Killer" removal tool used to be available but quality anti-malware tools will now remove it. Note - this entry replaces the legitimate KaZaA executable in %ProgramFiles%\kazaaNo
Kazaa LiteNKAZAALITE.EXEKazaalite file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanismsNo
KaZooMNKaZooM.ExeKaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"No
InternalSystrayXKazza.exeDetected by Symantec as Backdoor.OptixPro.12.c and by Malwarebytes as Trojan.Agent.E. Note - this is not the legitimate KaZaA executable which is normally located in %ProgramFiles%\Kazaa - this one is located in %System%No
KB00650640.exeXKB00650640.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
KB00674719.exeXKB00674719.exeDetected by Sophos as Troj/Inject-RA and by Malwarebytes as Trojan.Agent.GenNo
KB00954719.exeXKB00954719.exeDetected by Sophos as Troj/Mdrop-EIN and by Malwarebytes as Trojan.Agent.GenNo
KB01403756.exeXKB01403756.exeDetected by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData%No
AccessoriesXKB14061848304.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %ProgramFiles%\Windows NT\AccessoriesNo
Windows 7 SP2 InstallerXKB2310947.vbsDetected by Sophos as Troj/Agent-ALZO and by Malwarebytes as Trojan.Agent.WSINo
KB674719.exeXKB674719.exeAdded by the RORPIAN-U WORM!No
KB891711YKB891711.EXEInstalled by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startupNo
KB918547YKB918547.EXEBug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me onlyNo
KB991869.exeXKB991869.exeAdded by the DWNLDR-JGZ TROJAN!No
KBDUKBD.EXEMultimedia keyboard manager. Required if you use the multimedia keysNo
rugdvvrXkbd101O.exeAdded by the AGENT-TOS TROJAN!No
LWBKEYBOARDUKbdAp32A.exeKeyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
FLMK08KBUKbdAp32A.exeKeyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
FLMTRUSTKBUKbdAp32A.exeKeyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
OFFICEKBUkbdap32a.EXEKeyboard utility for a Micro Innovations brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboardNo
QjNEMzI1RUM1RTM5MzMwRUXKBDC_2.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
OTFBNTc1Njg1QjgzRjcwNkXkbddms.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %UserProfile%No
Kbddrv32Xkbddrv32.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
KbddrvinfXkbddrvinf.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
RDFCNUQzMTAzNEFERDk0QTXKBDMdms.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
kbdmgrXkbdmgr.exeDetected by Microsoft as Backdoor:Win32/Zegost.AD. Note - this entry loads from the Windows Startup folderNo
TjdfXKBDMLT48C.exeDetected by Malwarebytes as Adware.SanctionedMedia. The file is located in %Windir%\SysWOW64No
NjkyQUEzNEVCRkI0NUNEMzXkbdmwma.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
KbdrvinfXkbdrvinf.exeDetected by Trend Micro as TROJ_CRYPTER.ANo
jet5tmsgXkbdscr40.exeDetected by Sophos as Troj/Wonton-NN and by Malwarebytes as Trojan.Agent.WNNo
KBDUKbdStub.EXEKey Watcher from HP - watches for Multimedia Keys on HP keyboardsNo
kbdswXkbdsw.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!im and by Malwarebytes as Backdoor.Agent.ENo
QUNGMzk1OUJCOTg1QjYxNkXkbdWMV.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%No
KbEkKJuBmaVdPXKbEkKJuBmaVdP.exeAdded by the FAKEAV-DIM TROJAN!No
QUNGMzk1OUJCOTg1QjYxNkXkbfde.exeDetected by Dr.Web as Trojan.DownLoader6.60462 and by Malwarebytes as Trojan.AgentNo
M0I2NTU3ODQwNUYyMEVEM0XKBiphl.exeDetected by Malwarebytes as Trojan.FakePDF. The file is located in %UserProfile%No
WinServiceUpdateXkbmsjeto.exeDetected by Malwarebytes as Backdoor.IRCBot. The file is located in %UserProfile%No
TypingSatelliteNKBOOST.exeTypingMaster background utility that collects typing errors and builds up customised typing lessons for your needsNo
KBOXUserExtension?KBOXUserExtension.exeRelated to the Dell KACE KBOX asset management productsNo
KBR95674904.exeXKBR95674904.exeAdded by the BCKDR-RHB BACKDOOR!No
XP HOT FISXkbx.exeDetected by Sophos as W32/Forbot-GSNo
AutoUpdater_[numbers]XKB[6 numbers].exeDetected by Malwarebytes as Trojan.Agent.KBE. The file is located in %System% - see an example hereNo
KB[7 numbers]XKB[7 numbers].exeDetected by Malwarebytes as Backdoor.Agent.KB. The file is located in %LocalAppData%\KB[7 numbers]No
Windows Explorer ControlerXKB[random digits].exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile% - see examples here and hereNo
KB[random numbers].exeXKB[random numbers].exeDetected by Trend Micro as BKDR_CRIDEX.CHX and by Malwarebytes as Trojan.Agent.Gen. The file is located in %AppData% or a sub-folderNo
Malware DestructorXKB[random numbers].exeMalware Destructor 2011 rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.MalwareDestructorNo
Windows KBXkb_[16 characters].exeDetected by Malwarebytes as Backdoor.Agent.E. The file is located in %AppData% - see an example hereNo
kcatex.zipXkcatex.zipDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
KCeasyNKCeasy.exeKCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and GnutellaNo
cpqekUkcpqek.exeFor Compaq PC's. Easy Access button support for the keyboardNo
KcrnerXKcrner.exeDetected by Sophos as Troj/Lineag-AILNo
g98oXkctqfqff.exeDetected by Malwarebytes as Trojan.Backdoor.VB. The file is located in %System%No
Windows UpdateXkdb34894234.exeDetected by Symantec as Trojan.SyginreNo
KDGJBRVYXQCVXKDGJBRVYXQCV.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
MicroSoft ssadssjdhasjadas3s1Xkdjfsdklfjsl.exeAdded by the SDBOT.AEX WORM!No
KdjSaS011arbaaaXKdjSaS011arbaaaa.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Recycled%\{SID}No
KdjSaS011arhXKdjSaS011arh.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Recycled%\{SID} - see an example hereNo
KdjSaS01aXKdjSaS01a.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %Recycled%\{SID} - see an example hereNo
Mabochine Deybug MalnagerXkdm.exeAdded by the SDBOT-SD WORM!No
Keyspan Digital Media RemoteUKDMRdmn.exeRemote control driver for Keyspan Digital Media Remote devicesNo
Kernel Video DriverXkdvhost.exeDetected by Ikarus as Backdoor.Rbot. The file is located in %System%No
KDWinXKDWin.exeDetected by Kaspersky as Worm.Win32.AutoRun.va. The file is located in %ProgramFiles%No
KdwinXkdwin.exeDetected by Malwarebytes as Trojan.MSIL. The file is located in %ProgramFiles%\aNo
KDWinXKDWin.exeDetected by Sophos as W32/Autome-A. The file is located in %Root%No
Microzoft_OfizXKdzEregli.exeAdded by the AMUS.A WORM!No
KeAppletXke64dyshrmlfu.exeDetected by Sophos as Troj/ZBot-AXH and by Malwarebytes as Trojan.AgentNo
KeAppletXke64jlnfhw.exeDetected by Kaspersky as Backdoor.Win32.Agent.bqin and by Malwarebytes as Trojan.Agent. The file is located in %UserTemp%No
keahohaqyfvyXkeahohaqyfvy.exeDetected by Intel Security/McAfee as RDN/Spybot.bfr!g and by Malwarebytes as Trojan.Agent.USNo
KeenvalueXKeenvalue.exeKeenVal adwareNo
KeePassUKeePass.exeOpen source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versionsYes
KeePass 2 PreLoadUKeePass.exePart of version 2.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions. Preloads parts of KeePass into memory - not required if you have also enabled the program to run at startup (Options → Integration)Yes
KeePass Password SafeUKeePass.exeVersion 1.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versionsYes
KeePass Password Safe 1.*UKeePass.exeVersion 1.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versions. 7/Vista MSConfig and Windows Defender entry where 1.* represents the version numberYes
KeePass Password Safe 2UKeePass.exeVersion 2.x of the open source KeePass Password Safe password manager by Dominik Reichl - "which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file." See the comparison page for the differences between versionsYes
KeepCopXKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
KeepCop.exeXKeepCop.exeKeepCop rogue security software - not recommended, removal instructions here. A member of the AntiAID familyNo
Java UpdateXkeeper.exeDetected by Sophos as Troj/Agent-DIS and by Malwarebytes as Backdoor.BifroseNo
Java VersionXkeeper.exeDetected by Dr.Web as Trojan.Siggen6.23973 and by Malwarebytes as Trojan.Agent.VRSGenNo
Keep My SearchUkeepmysearch.exeDetected by Malwarebytes as PUP.Optional.KeepMySearch. The file is located in %AppData%\KeepMySearch\keepmysearch\[version]. If bundled with another installer or not installed by choice then remove it, removal instructions hereNo
hfdtubvnxXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
hgkytweXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
deryheruxcXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
ilortgdgXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
dsfghjgjXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
KeepSafeYkeepsafe.exeKeepSafe from Stardock Corporation - "the intermediate step needed to secure data between backups. It saves your important files in real-time as you work on them"Yes
xcfdhtyjkxXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
vcbbjfXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
TXMouieXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
cvhnykzxXkeepSafe.exeDetected by Trend Micro as TROJ_KILLAV.KAX and by Malwarebytes as Trojan.Agent. Note - this is not the legitimate KeepSafe from Stardock Corporation which has the same filename and is normally located in a %ProgramFiles%\Stardock sub-folder. This one is located in %System%No
kegimnoceasaXkegimnoceasa.exeDetected by Intel Security/McAfee as RDN/Downloader.a!g and by Malwarebytes as Trojan.Agent.USNo
check48Xkeibetsu.shiteita.aijo.comDetected by Dr.Web as Win32.HLLW.Autoruner1.58968 and by Malwarebytes as Worm.AutoRun.ENo
keiopXkeiop.exeDetected by Sophos as Troj/VB-ERUNo
kekXkek.exeDetected by Trend Micro as TROJ_DROPPER.WHA and by Malwarebytes as Trojan.AgentNo
PoliciesXKekSec.exeDetected by Malwarebytes as Backdoor.Agent.PGen. The file is located in %ProgramFiles%\LargeNo
kelelistXkelelist.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%\kelelisprotectorNo
KERNETXkellogs.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
WIRENETXkellogs.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %AppData%No
Logitech SetPointUKEM.exeKeyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keysNo
KEMailKbUKEMailKb.EXEMultimedia keyboard/keypad manager. Required if you use the additional keysNo
kenizXkeniz.exeDetected by Sophos as W32/AutoRun-AZL and by Malwarebytes as Worm.AutoRunNo
Windows Task Manager EmulatorXkennewr.exeDetected by Sophos as W32/Spybot-FANo
KeNotifyUKeNotify.exeToshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etcNo
keqeliqzemecXkeqeliqzemec.exeDetected by Malwarebytes as Trojan.Ransom.Gen. The file is located in %UserProfile%No
kerbuduryweaXkerbudurywea.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
kEReXkERe.exeAdded by the BRONTOK-BT WORM!No
Microsoft Update EmulatorXkern-mxe.exeAdded by a variant of Backdoor:Win32/Rbot. The file is located in %System%No
InternalSystrayXkern.exeDetected by Dr.Web as Trojan.AVKill.8007 and by Malwarebytes as Trojan.Agent.ENo
kernel32Xkern32.exeDetected by Trend Micro as WORM_BADTRANS.ANo
Sorvices2Xkerna132.exeDetected by Dr.Web as Trojan.Siggen5.61210 and by Malwarebytes as Backdoor.Agent.ENo
Win32UpdaterXKERNAL32.EXEAdded by the SPYBOT-OK WORM!No
Windows Kernel 64Xkernal64.exeDetected by Sophos as W32/Yimp-BNo
KernalDriversXKernalModule.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!he and by Malwarebytes as Backdoor.Agent.DCENo
KernallDriversXKernalModule.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
Kerne0223XKerne0223.exeDetected by Sophos as Troj/LegMir-ZANo
loadXKerne121.exeDetected by Sophos as Troj/Lineage-ON. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Kerne121.exe" (which is located in %System%)No
loadXKerne1211.exeDetected by Sophos as Troj/Lineage-DY. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Kerne1211.exe" (which is located in %System%)No
loadXKerne14.exeDetected by Sophos as Troj/Lineage-BA. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Kerne14.exe" (which is located in %System%)No
kernel moduleXkernel module.exeDetected by ESET as Win32/Spy.Bizzana.A and by Malwarebytes as Trojan.AgentNo
kernel-modeXkernel-mode.exeDetected by Dr.Web as Trojan.DownLoad1.58300 and by Malwarebytes as Trojan.Agent.ENo
StraHXkernel-mode.vbsDetected by Dr.Web as Trojan.DownLoad1.58300 and by Malwarebytes as Trojan.Agent.ENo
PlobXkernel.comDetected by Trend Micro as BKDR_OPTIXPRO.12No
kernel32Xkernel.dliDetected by Symantec as Backdoor.NetDevil.B and by Malwarebytes as Trojan.AgentNo
Kernel32XKernel.dllDetected by Intel Security/McAfee as VBS/Redlof@MNo
(Default)Xkernel.exeDetected by Malwarebytes as Trojan.AccountHunter. The file is located in %System%No
MicroKerNelXkernel.exeDetected by Dr.Web as Trojan.MulDrop4.17729 and by Malwarebytes as Backdoor.Agent.ENo
defaultXkernel.exeAdded by the SALUNI TROJAN!No
KernelXKernel.exeDetected by Malwarebytes as Trojan.Agent.E. The file is located in %LocalAppData%No
kernelXkernel.exeDetected by Total Defense as Matcash CF. The file is located in %ProgramFiles%\kernelNo
Kernel_32XKernel.exeDetected by Malwarebytes as Trojan.Inject. The file is located in %Windir%\Isp_32No
Microsoft WindowsXKernel.exeDetected by Sophos as VBS/Edibara-A and by Malwarebytes as Backdoor.IRCBotNo
KernelSystemXkernel.vbsDetected by Dr.Web as Trojan.MulDrop5.48667No
Microsoft WindowsXKernel.vbsDetected by Sophos as VBS/Edibara-A and by Malwarebytes as Backdoor.IRCBotNo
kernel12.exeXkernel12.exeAdded by an unidentified WORM or TROJAN!No
horseXkernel16.exeDetected by Dr.Web as Trojan.Siggen6.17628 and by Malwarebytes as Backdoor.Agent.ENo
KERNEL32.DLLXKernel32 .exeDetected by Sophos as W32/Kenny-ANo
Win32GXKernel32.comDetected by Symantec as W32.EstrellaNo
kernel32XKernel32.dliDetected by Symantec as Backdoor.Netdevil.15 and by Malwarebytes as Trojan.AgentNo
Kernell32XKernel32.dll.exeDetected by Intel Security/McAfee as W32/Acinti.wormNo
kernel32Xkernel32.dll.vbsDetected by Sophos as Wekode-A and by Malwarebytes as Trojan.AgentNo
32-bit Windows KernelXKernel32.exeDetected by Malwarebytes as Backdoor.IRCBotNo
ShellXKernel32.exeDetected by Sophos as Troj/MSIL-UF and by Malwarebytes as Backdoor.Agent.E. Note - this entry adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" entry. The value data points to "Kernel32.exe" (which is located in %AppData%)No
rundll32Xkernel32.exeDetected by Sophos as W32/Stap-CNo
Windoes KernelXkernel32.exeDetected by Symantec as W32.HLLW.Kickin.A@mmNo
Microsoft Windows System KernelXkernel32.exeDetected by Malwarebytes as Trojan.MWF.Gen. The file is located in %System%No
InternalSystrayXkernel32.exeDetected by Trend Micro as BKDR_OPTIX.12B and by Malwarebytes as Trojan.Agent.ENo
LoadWindowsFileXKernel32.exeDetected by Symantec as Backdoor.Delf.B and by Malwarebytes as Backdoor.AgentNo
WSAConfigurationXkernel32.exeDetected by Sophos as W32/Agobot-KV and by Malwarebytes as Trojan.Agent.TraceNo
Win32-mcXkernel32.exeDetected by Dr.Web as Trojan.DownLoader11.22990 and by Malwarebytes as Trojan.Agent.WNNo
Windows KernelXKernel32.exeDetected by Trend Micro as WORM_CYDOG.CNo
WindowsXKernel32.exeDetected by Trend Micro as WORM_TENDOOLF.ANo
Kernel Level ApplicationXKernel32.exeDetected by Dr.Web as Trojan.PWS.Stealer.379No
Kernel32XKernel32.exeAdded by a number of VIRUSES, WORMS and TROJANS!No
MstaskXkernel32.exeDetected by Sophos as W32/Stap-CNo
1VB6.0 Enterprise Edtion KeygenXKernel32.exeDetected by Dr.Web as Trojan.Siggen6.896 and by Malwarebytes as Riskware.Tool.CKNo
systemXkernel32.iniDetected by Trend Micro as WORM_SILLYFDC.CJNo
Win32 Kernel core componentXKernel32.pifAdded by the MOKS VIRUS!No
Kernel32XKernel32.winAdded by the GAGGLE.D or GAGGLE.E WORMS!No
kernel32dllXkernel32dll.exeDetected by Dr.Web as Trojan.PWS.Banker1.2789 and by Malwarebytes as Trojan.AgentNo
Distributed File SystemXkernel32dll.exeDetected by Sophos as W32/Myfip-CNo
Microsoft_FIPSXkernel32k.jsDetected by Dr.Web as Trojan.Siggen3.37225 and by Malwarebytes as Backdoor.AgentNo
Kernel32Xkernel32s.exeDetected by Sophos as Troj/Bckdr-CIC and by Malwarebytes as Trojan.AgentNo
rundll32Xkernel33.exeDetected by Sophos as W32/Stap-DNo
VMware [UserName] processXkernel34.exeDetected by Dr.Web as Trojan.DownLoader6.3051 and by Malwarebytes as Trojan.AgentNo
Microsoft Kernel PatchXkernel3ox.exeAdded by the RBOT-UJ WORM!No
Kernel 64x supportXkernel64.exeDetected by Sophos as Troj/Vidlo-E and by Malwarebytes as Trojan.MixusNo
SystemXkernel8.exeDetected by Sophos as Troj/Dloadr-AOLNo
DefencerGBAXKernelBases.exeDetected by Microsoft as TrojanSpy:Win32/Banker.YX and by Malwarebytes as Trojan.Banker. The file is located in %System%No
DefencerGBAXKernelBases.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %UserProfile%\AppData\LocalFilesNo
filename processXkerneldll.exeDetected by Sophos as W32/Agobot-PONo
KernelFaultCheck32XKernelFaultCheck32.exeDetected by Dr.Web as Trojan.Siggen5.4841No
PlobXkerneli.comDetected by Trend Micro as BKDR_OPTIXPRO.12No
KernelDriversXKernelModule.exeDetected by Malwarebytes as Backdoor.Bot.E. The file is located in %AppData%No
SystemToolsXkernels1118.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
SystemXkernels1118.exeAdded by a variant of W32/Sdbot.worm. The file is located in %System%No
SystemToolsXkernels32.exeDetected by Sophos as Troj/Dloader-FCNo
Service SystemXkernels32.exeDetected by Sophos as Troj/Bancos-DA and by Malwarebytes as Trojan.BankerNo
SystemXkernels32.exeDetected by Sophos as Troj/Dloader-FC and by Malwarebytes as Trojan.FakeAlertNo
SystemXkernels64.exeDetected by Sophos as Troj/Vixup-S and by Malwarebytes as Trojan.KeyLoggerNo
SystemXkernels8.exeDetected by Trend Micro as TROJ_TIBS.AINo
SystemToolsXkernels88.exeDetected by Sophos as Troj/Tibs-PP and by Malwarebytes as Trojan.AgentNo
SystemXkernels88.exeDetected by Sophos as Troj/Tibs-PP and by Malwarebytes as Trojan.AgentNo
IMEKernel32XKernelsys32.exeDetected by Symantec as W32.HLLW.GOP@mmNo
KernelwXKernelw32.exeDetected by Symantec as W32.HLLW.Indor.E@mmNo
SystemXkernelwind32.exeDetected by Malwarebytes as Trojan.FakeAlert. The file is located in %System%No
SystemXkernelwind64.exeDetected by Trend Micro as TROJ_DLOADER.DJD and by Malwarebytes as Trojan.DownloaderNo
KernelRuntimeXkernel_runtime.exeAdded by the MYTOB-JO WORM!No
KRNLXKernl32.exeDetected by Kaspersky as Backdoor.Win32.Zomby.b. The file is located in %System%No
LazXKernn.exeDetected by Sophos as Troj/Bancos-LNNo
kesshar.exeXkesshar.exeDetected by Dr.Web as Trojan.DownLoader11.26762 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
kesypjederofXkesypjederof.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
ketangtp.exeXKEtangtp.exeDetected by Malwarebytes as Trojan.FlyStudio. The file is located in %ProgramFiles%\xuebaNo
MicroSoft ToolbarXkey.exeDetected by Sophos as W32/Rbot-AEWNo
KeyAccessYkeyacc32.exeKeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"No
AidemHotKey?KEYAPP.EXEKeyboard relatedNo
KeybdcntlXkeybdcntl.exeDetected by Sophos as Troj/Crypter-E and by Total Defense as Win32.GemaNo
[various names]Xkeybdll.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
keyboardXkeyboard*.exe [* = number]Detected by Kaspersky as the VB.ZG TROJAN!No
(Default)XKEYBOARD.exeDetected by Trend Micro as WORM_AUTORUN.BUK. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Microsoft Windows Keyboard serviceXkeyboard.exeAdded by the RBOT-CRF WORM!No
Microsoft Taskmanager UpdaterXkeyboard.exeDetected by Sophos as W32/Rbot-ALUNo
KeyBoardUKeyboard.exeLabtec keyboard utilityNo
NLS KeyboardXkeyboard.exeAdded by a variant of the SPYBOT WORM!No
ntgyXkeyboarda.exeDetected by Dr.Web as Trojan.DownLoader8.18852 and by Malwarebytes as Trojan.AgentNo
XvtpiqbeXkeyboardo.exeDetected by Dr.Web as Trojan.DownLoader9.10873Yes
keyboard_enumXkeyboard_enum.exeDetected by Sophos as Troj/Bdoor-GPNo
Srv32WinXKeyCaptor.exeKeyCaptor surveillance software. Uninstall this software unless you put it there yourselfNo
keycast.exeXkeycast.exeDetected by Dr.Web as Trojan.DownLoader10.8659 and by Malwarebytes as Adware.KeyCastNo
KeyConfigurationUKeyConfigurationTool.exeFunction(Fn)/special key configuration utility for owners of Fujitsu Siemens computersNo
keygen.vbsXkeygen.vbsDetected by Intel Security/McAfee as Generic Dropper and by Malwarebytes as Trojan.Agent.VBS. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
keyhookUkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
SiS Compatible Super VGA Keyboard DaemonUkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
SiS Windows KeyHookUkeyhook.exeHotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeysYes
WinEssentialXKeyhost.exeDetected by Symantec as Adware.JraunNo
VC_LogUkeylog.exePaqKeylog is a surveillance software program that logs keystrokes and can run in stealth mode. Uninstall this software unless you put it there yourselfNo
HomeKeyLoggerUKeyLogger.exeSpyKeySpy surveillance software. Uninstall this software unless you put it there yourselfNo
ABCUkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself!No
KeyLoggerHook.exeXKeyLoggerHook.exeDetected by Dr.Web as Trojan.Siggen6.9054 and by Malwarebytes as Trojan.KeyLogger. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
1Win32CfgUKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!No
CherryKeyManUKeyMan.exeMultimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keysNo
keymapUkeymap.exeSystem Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the gameNo
VolKeyUkeymap.exeSystem Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the gameNo
TaskMgrXkeymayker.exeDetected by Sophos as Troj/LdPinch-EPNo
Microsoft System CheckupXKeymgr.exeDetected by Symantec as W32.HLLW.Donk.M and by Malwarebytes as Worm.DonkNo
KeyPangXkeypang.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\KeyPangNo
KeyPatrolYKeyPatrol.exeKeyPatrol - keylogger detector using both behavioral and pattern-matching algorithms. Part of the original anti-malware program by PestPatrol, Inc. Acquired by CA where it became eTrust PestPatrol Anti-Spyware and then CA Anti-Spyware - which is now included in CA AntiVirus PlusYes
Keyboard LauchpadUKeys.exeKeyboard Launchpad from Stardock Corporation - "can create keyboard short-cuts for your programs, saved clipboards, URLs, system commands, and more." Required if you want to use the custom keyboard shortcuts. Also part of the Object Desktop suiteYes
MicroUpdateXkeys.exeDetected by Dr.Web as Trojan.DownLoader6.51768 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %System%\UpdaterNo
Stardock Keyboard LaunchpadUKeys.exeKeyboard Launchpad from Stardock Corporation - "can create keyboard short-cuts for your programs, saved clipboards, URLs, system commands, and more." Required if you want to use the custom keyboard shortcuts. Also part of the Object Desktop suiteYes
KeyScramblerYkeyscrambler.exeKeyScrambler from QFX Software Corporation - "encrypts your keystrokes deep in the kernel, foiling keylogging attacks with scrambled, undecipherable data"Yes
keyservXkeyserv.exeKeyThief spywareNo
ChromeMark?keysh.exeThe file is located in %ProgramFiles%\MULTIMEDIA\ChromeSpace\BinNo
psklUkeyspy.exeKeyboardLogger keystroke logger/monitoring program - remove unless you installed it yourself!No
KLogUKeyspy.exeKeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!No
Keyboard Status?KeyStat.exeMultimedia keyboard manager for Medion desktop and notebook PCs? Located in %ProgramFiles%\Medion\KeyStatNo
Toshiba Key StateUKEYSTATE.EXEDisplays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start → ProgramsNo
keystrokeUkeystroke.exeQuickLaunch surveillance software. Uninstall this software unless you put it there yourselfNo
KeyTextNKeyText.exeKeyText from MJMSoft Design - utility to automate repetitive keyboard tasksNo
WinEssentialXkeyword.exeAdware.Jraun variantNo
keywordfindagentXkeywordfindagent.exeDetected by Intel Security/McAfee as Generic.tfr!ck and by Malwarebytes as Adware.KraddareNo
KeywordSearchUpdaterXkeywordfindagent.exeDetected by Intel Security/McAfee as Generic.tfr!ck and by Malwarebytes as Adware.KraddareNo
[various names]XKeywordFinder.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
KeywordMapXkeywordmap.exeDetected by Malwarebytes as Adware.PopAd. The file is located in %AppData%\keywordmapNo
keywordpop.exeXkeywordpop.exeDetected by Dr.Web as Trojan.DownLoader7.20458 and by Malwarebytes as Adware.KorAdNo
KeywordSearchUpdaterXKeywordSearchUpdater.exeKeyword Search adwareNo
keywordtabhperXkeywordtabhper.exeDetected by Intel Security/McAfee as Generic Downloader.x!g2g and by Malwarebytes as Adware.KeywordTab.KNo
keywordtabopenXkeywordtabopen.exeDetected by Intel Security/McAfee as Generic Downloader.x!g2g and by Malwarebytes as Adware.KeywordTab.KNo
keywordtabXkeywordtabup.exeDetected by Intel Security/McAfee as Generic Downloader.x!g2g and by Malwarebytes as Adware.KeywordTab.KNo
KeywordYacXKeywordYacUpdate.exeDetected by Malwarebytes as Adware.Korad. The file is located in %ProgramFiles%\KeywordYacNo
KFCXKFC.exeDetected by Malwarebytes as Trojan.Injector. The file is located in %UserProfile%No
Service SystemXkgbfsm344.exeDetected by Sophos as Troj/Bancos-FSNo
suapafjjXkgejbaytssd.exeDetected by Sophos as Troj/Agent-MXHNo
kgjdi27Xkgjdie27.exeAdded by the SDBOT.AP BACKDOOR!No
KGShareAppUKGShare_App.exeInstalled with some Kodak digital cameras the "KODAK Share Button App makes it easy to share pictures and videos on FACEBOOK Social Network, FLICKR Service, YouTube Service, and via e-mail"No
KGSMXKGSM.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System%No
Winsock2 driverXkgzgjkpcw.exeAdded by the SDBOT.T TROJAN!No
SETPOINT Logitech IncXKHALMNP.exeDetected by Sophos as W32/Rbot-AAXNo
Logitech Hardware Abstraction LayerUKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
Logitech SetPointUKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
KHALMNPRUKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
Kernel and Hardware Abstraction LayerUKHALMNPR.EXEPart of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice, trackballs, etc). When using SetPoint to adjust the mouse sensitivity it is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, this entry sets the Windows setting to 0 so it doesn't affect the one you set in SetPoint and then unloads. A separate instance of KHALMNPR.EXE loads via the main Setpoint.exe program to control communication between your radio/bluetooth wireless mouse/keyboard and SetPointYes
chromeXkhan sexy smile.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor and by Malwarebytes as Trojan.Agent.DINo
khanchoUpdateXkhanag.exeDetected by Dr.Web as Trojan.DownLoader6.25995 and by Malwarebytes as Adware.KraddareNo
khanchoXkhanup.exeDetected by Dr.Web as Trojan.DownLoader6.25995 and by Malwarebytes as Adware.FunPop.KNo
KHATARNAK LoaderXKHATARNAK.exeDetected by Trend Micro as WORM_AUTORUN.ACONo
TaskmanXKHATRA.exeDetected by Sophos as W32/AutoRun-AKR and by Malwarebytes as Worm.Agent.AutoIt. Note - this entry adds a HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" entry which loads the file "KHATRA.exe" (which is located in %System%)No
PHIME2002AXKHATRA.exeDetected by Microsoft as Worm:Win32/Abfewsm.ANo
nwizXKHATRA.exeDetected by Sophos as W32/Orbina-ANo
XplorerXKHATRA.exeDetected by Sophos as W32/AutoRun-AKR and by Malwarebytes as Trojan.FakeFolderNo
VMware ToolsXKHATRA.exeDetected by Sophos as W32/Autoit-BPNo
VMware User ProcessXKHATRA.exeDetected by Sophos as W32/Autoit-BP. The file is located in %System%No
loadXKHATRA.exeDetected by Sophos as W32/Orbina-A. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "KHATRA.exe" (which is located in %System%)No
khookerNkhooker.exeSiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't requiredNo
SiS KHookerNkhooker.exeSiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't requiredNo
4oDUKHost.exePart of the Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. As used by earlier versions of the UK's 4oD (4 on Demand) serviceNo
kdxNKHost.exePart of the Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. As used by earlier versions of UK on-demand services such as Sky Anytime, BBC iPlayer and 4od (4 on-demand)No
(Default)Xkiarash test.exeDetected by Dr.Web as Trojan.MulDrop4.28932 and by Malwarebytes as Trojan.Agent.TPL. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blankNo
Kryptel Component StartUKicker.exeKryptel encryption softwareNo
KICKMON.EXEUKICKMON.EXEKeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't requiredNo
KiesPreload?Kies.exePart of the SAMSUNG Kies mobile device management softwareNo
KiesAirMessageUKiesAirMessage.exeSupports the Kies Air feature from Samsung - which "is a mobile application which enables Wi-Fi mobile-to-device connections and browser-based management. You can use Kies Air without PC software or a USB connection"No
KiesUKiesHelper.exeInstalled with the SAMSUNG Kies mobile device management software. Preloads part of Kies into memory to speed up the loading time of the main program and exits after running. Tested without a supported device on a system with more than 1GB of memory it took twice as long for Kies to start with this entry disabledYes
KiesHelperUKiesHelper.exeInstalled with the SAMSUNG Kies mobile device management software. Preloads part of Kies into memory to speed up the loading time of the main program and exits after running. Tested without a supported device on a system with more than 1GB of memory it took twice as long for Kies to start with this entry disabledYes
KiesPDLR?KiesPDLR.exePart of the SAMSUNG Kies mobile device management softwareNo
hombuXKiesSetup74.exeDetected by Dr.Web as Trojan.DownLoader11.36127 and by Malwarebytes as Backdoor.Agent.IMNNo
Kies TrayAgentNKiesTrayAgent.exeSAMSUNG Kies mobile device management software which also allows you to view apps in full screen on your PC, no matter what network you're on. Allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Only required if you want to autostart Kies when your device is connectedYes
KiesTrayAgentNKiesTrayAgent.exeSAMSUNG Kies mobile device management software which also allows you to view apps in full screen on your PC, no matter what network you're on. Allows you (amongst other options) to backup your devices contents to your PC, use it to connect to the internet, transfer files and synchronize contacts, etc. Only required if you want to autostart Kies when your device is connectedYes
kiGUicd.exeXkiGUicd.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!e and by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
MicroUpdateXKIKO.exeDetected by Dr.Web as Trojan.DownLoader6.25616 and by Malwarebytes as Backdoor.Agent.DC. The file is located in %Root%\MRTCDNo
killXkill.cplDetected by Malwarebytes as Trojan.Agent.CPL. The file is located in %LocalAppData%No
ScvbostXkill.ExeDetected by Malwarebytes as Backdoor.DarkKomet. The file is located in %Temp%\killer - see hereNo
ProkillXkill.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cxt and by Malwarebytes as Trojan.Agent.KLINo
ISMMXkill.exeDetected by Intel Security/McAfee as RDN/Generic.dx!cxt and by Malwarebytes as Trojan.Agent.KLINo
PAGLEXkill.exeDetected by Intel Security/McAfee as RDN/Generic.dx!c2i and by Malwarebytes as Trojan.Agent.KLINo
CONFIGURA0TION LOA0DERXKill11ng.exeDetected by Intel Security/McAfee as RDN/Spybot.worm!s and by Malwarebytes as Trojan.Agent.ENo
[various names]Xkillall.exeFake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original pageNo
KillAndCleanXKillAndClean.exeKillAndClean rogue spyware remover - not recommended, removal instructions hereNo
EasyFace AgentUKillAutoAP.exeEasyFace™ by MSI - "integrated face registration, face tracking, and face detection technology" for both internal and external webcams which allows the user to login via face recognitionNo
killerXkiller.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!hw and by Malwarebytes as Backdoor.Agent.KLRNo
DlloadXkiller.exeDetected by Sophos as Troj/KillAV-FK and by Malwarebytes as Trojan.AgentNo
cartaoXkilling.exeDetected by Sophos as Troj/Dloader-QNNo
Kill PopupUKillPopup.exeKillPopup - pop-up stopperNo
System StartupXkimochi.exeAdded by the SPYBOT.AII WORM!No
kimochiz.exeXkimochiz.exeDetected by Sophos as Troj/Mdrop-BBNo
KinberlinkNKinberlink.exe"Kinberlink network messaging solution is a compliment to any home/office. For simple point and click text messaging, Kinberlink is a must. Unlike all the others Kinberlink does not bog you down with tons of settings and crazy servers to log onto. Kinberlink simply allows you to message back and forth between people on your home/office network, without disturbing them while they are in meetings or on the phone." Superseded by Softros LAN MessengerNo
kingch.vbsXkingch.vbsDetected by Malwarebytes as Trojan.Injector. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts, see hereNo
kinglottoXkinglottoUp.exeDetected by Malwarebytes as Adware.Nieguide. The file is located in %ProgramFiles%\kinglottoNo
kingrsps.exeXkingrsps.exeDetected by Malwarebytes as Trojan.Agent.AI. The file is located in %Root%No
KINPle Update CheckXKinPleStart.exeDetected by Emsisoft as Backdoor.Win32.Webdor!IK and by Malwarebytes as Spyware.KinPlayer. The file is located in %ProgramFiles%\KinPleNo
Log Offline UPnP Defender Foundation Proxy PrintXkiplpyjbql.exeDetected by Malwarebytes as Spyware.Password. The file is located in %System%No
kiryquwufvubXkiryquwufvub.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!jv and by Malwarebytes as Trojan.Agent.USNo
kiszxa.exeXkiszxa.exeDetected by Dr.Web as Trojan.Siggen6.5875 and by Malwarebytes as Backdoor.Agent.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
kiszxc.exeXkiszxc.exeDetected by Dr.Web as Trojan.DownLoader11.23185 and by Malwarebytes as Trojan.Agent.E. Note - the file is located in %AllUsersStartup% and its presence there ensures it runs when Windows startsNo
KittensXkittens.exeDetected by Dr.Web as Trojan.DownLoader10.47052 and by Malwarebytes as Trojan.Downloader.ENo
FGHRSDRXkiuht.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Root%\fsefdsNo
DSFGWRXkiuht.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Root%\fsefdsNo
INTEFSXkiuht.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %Root%\fsefdsNo
kixearassuxvXkixearassuxv.exeDetected by Malwarebytes as Trojan.Downloader.KB. The file is located in %UserProfile% - see hereNo
kizzeqofliljXkizzeqoflilj.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile%No
kjEenXNPEgLSPXkjEenXNPEgLSP.exeAdded by the FAKEAV-MD TROJAN!No
kjfkjdgXkjfkjdg.exeDetected by Intel Security/McAfee as RDN/Generic BackDoor!bbr and by Malwarebytes as Backdoor.Agent.DCENo
Windows Defender Anti-VirusXkjfvrakluupmr.exeDetected by Intel Security/McAfee as Generic.bfr!dy and by Malwarebytes as Backdoor.BotNo
faslkakj11Xkjgagklj11.exeDetected by Sophos as Troj/LegMir-ARENo
Windows DefenderXKJHEAPC69E.exeDetected by Intel Security/McAfee as Generic.dx!bd3y and by Malwarebytes as Trojan.Agent.GenNo
kjhkgkjXkjhkgkj.exeDetected by Dr.Web as Trojan.PWS.Banker1.11532 and by Malwarebytes as Trojan.BankerNo
KARMAXKkaris.exeDetected by Malwarebytes as Spyware.Imminent. The file is located in %AppData%\Default FolderNo
Microsoft UpdateXKkk.exeDetected by Sophos as W32/Rbot-AHL and by Malwarebytes as Backdoor.BotNo
kkkoreXkkkore.exeDetected by Malwarebytes as Trojan.QHost.K. The file is located in %Windir%No
KKM ServiceXkkm.exeDetected by Sophos as W32/Nanpy-INo
KkwkwuXKkwkwu.exeDetected by Malwarebytes as Worm.Dorkbot. The file is located in %AppData%No
kkw_run.exeUkkw_run.exeKensington KeyboardWorks - keyboard software. Not required unlessyou use any special featuresNo
Windows UpdateXklass.exeDetected by Sophos as Troj/Bifrose-ZH and by Malwarebytes as Trojan.FakePDFNo
LayoutMUKLayMgr.exeKeyboard manager for Chicony keyboards - required if you use any of the special or function keysNo
kleosXkleads.exeDetected by Malwarebytes as HackTool.Flooder. The file is located in %Temp%No
[4 characters]Xklg.exeDetected by Malwarebytes as Trojan.KeyLogger.KBO. The file is located in %Temp%No
svchosstXklg.exeDetected by Intel Security/McAfee as RDN/Generic PWS.y!ri and by Malwarebytes as Trojan.Agent.SVCENo
RKLG StartupUklg.exeLocal Keylogger Pro keystroke logger/monitoring program - remove unless you installed it yourself!No
KlipFolioUKlipFolio.exeKlipfolio Dashboard KPI (Key Performance Indicator) software which helps organizations evaluate their success or the success of a particular activity in which they're engagedNo
KLMUKLM.exeMSI Keyboard LED Manager for supported laptop models (such as the GT70) which have keyboards with multi-colored LED backlighting - allowing you to pick a color, lighting mode and section of the keyboardNo
cdmmslpoXklpllsm.exeDetected by Sophos as Troj/Tedijini-ANo
System32XKlrxPbKJ.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
WinAC v4Xklsuicbn.exeAdded by the FORBOT-CS WORM!No
KeyMaestroUkmaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
BtcMaestroUKMaestro.exeMultimedia keyboard manager. Required if you use the multimedia keysNo
keymatchXkmagt.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\keymatchNo
KERNELMGRXkmgr.exeDetected by Intel Security/McAfee as RDN/Generic Dropper!vh and by Malwarebytes as Trojan.Downloader.MSDNo
gWtXkmiqdeimiufb.exeDetected by Malwarebytes as Trojan.Agent.WTG. The file is located in %System%No
BitocmetXKMPlayir.exeDetected by Trend Micro as TROJ_VB.FPWNo
Intel(Ms)Xkms.exeDetected by Dr.Web as Trojan.Siggen5.23631 and by Malwarebytes as Backdoor.Agent.ITNNo
kmw_run.exeUkmw_run.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
kmw_show.exeUkmw_show.exeKensington MouseWorks - mouse/trackball software. Not required unles you use any special featuresNo
WinSrvXkn0x.exeDetected by Trend Micro as WORM_HOBBIT.FNo
Tablet Human Hardware Themes Class CenterXknfjpkjv.exeDetected by Intel Security/McAfee as RDN/Downloader.a!g and by Malwarebytes as Trojan.AgentNo
Disk KnightXKnight.exeAdded by the AUTORUN-H WORM!No
KNK StartXKNK.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.STRGenNo
nVidiaDisp32Xknmew.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.poNo
Windows Service Ag3ntXknpcoq.exeDetected by Kaspersky as Backdoor.Win32.Rbot.fus. The file is located in %System%No
Intel Common User InterfaceXKNS.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
Intel CorporationXKNS.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Backdoor.Agent.DCENo
PdllXKnucker.C.vbsDetected by Malwarebytes as Worm.VBS. The file is located in %System%No
KnupperXKnupperDetected by Intel Security/McAfee as RDN/Generic.bfr!e and by Malwarebytes as Backdoor.AgentNo
koayedenynfgiojdgxyXkoayedenynfgiojdgxy.exeDetected by Intel Security/McAfee as RDN/Generic Dropper and by Malwarebytes as Backdoor.Agent.ENo
KODAK Software UpdaterNKodak Software Updater.exeSoftware updater for Kodak Easyshare digital camerasNo
KodakCCSYKodakCCS.exeKodak DC File System DriverNo
kogabontusiqXkogabontusiq.exeDetected by Malwarebytes as Trojan.Packer. The file is located in %UserProfile%No
WindowsXkohaLqha.exeAdded by the NUSUMP-C WORM!No
King_koXkoking.exeDetected by Sophos as W32/Autorun-BMU and by Malwarebytes as Spyware.OnlineGames.KinggenNo
rn4dXkolder.exe dirote.exeDetected by Trend Micro as BKDR_MAROON.A. Both files are located in %System%\d0e0t1No
komcubdigedeXkomcubdigede.exeDetected by Intel Security/McAfee as RDN/Downloader.a!ls and by Malwarebytes as Trojan.Agent.USNo
KometaLaunchPanelUKometaLaunchPanel.exeDetected by Malwarebytes as PUP.Optional.Kometa. The file is located in %LocalAppData%\Kometa\Panel. If bundled with another installer or not installed by choice then remove itNo
Bron-Spizaetus-5118REPMXkomodo-6321422.exeDetected by Sophos as W32/Brontok-RNo
PujanggaXKOMPTI.exeDetected by Sophos as Troj/Pitkom-ANo
Warga KompTiXKOMPTI.exeDetected by Sophos as Troj/Pitkom-ANo
RoccatKone+UKone[+]Monitor.EXEROCCAT Kone+ gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
Konni Symbol AutostartNKonniSymbol.exeGives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime version 5No
kontikiNkontiki.exeKontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktopsNo
zdnetNkontiki.exeKontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for ZDNetNo
cnetNkontiki.exeKontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for c|netNo
GameSpotNkontiki.exeKontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops. Version for GameSpotNo
konvibecikizXkonvibecikiz.exeDetected by Dr.Web as Trojan.DownLoader9.57172 and by Malwarebytes as Trojan.Agent.USNo
cloverXkoreamessenger_CP.exeDetected by Intel Security/McAfee as Generic PUP.x and by Malwarebytes as Adware.KorAdNo
clover_uXkoreamessenger_CP_updater.exeDetected by Intel Security/McAfee as Generic PUP.x and by Malwarebytes as Adware.CloverPlusNo
kotechprotectXkotechprotect_up.exeKotech-Protect rogue security software - not recommended, removal instructions here. Detected by Malwarebytes as Rogue.KoProtectNo
RoccatKova+UKova[+]Monitor.EXEROCCAT Kova+ gaming mouse driver - required if you use the additional features and programmed keys/macrosNo
kozdawibfiruXkozdawibfiru.exeDetected by Malwarebytes as Trojan.Fareit. The file is located in %UserProfile% - see hereNo
KP SoundXKP Sound.exeDetected by Malwarebytes as Backdoor.DarkComet.E. The file is located in %AppData%\KP SoundNo
F1XJGGIM31EBXKP4UMB72.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!m and by Malwarebytes as Backdoor.AgentNo
USBKBDrvYKPDrv4XP.EXEMultimedia keyboard/keypad driver. Required if you use the additional keysNo
USB-TenKey USBKPDrvYKPDRV4XP.EXEMultimedia USB keypad driver. Required if you use the additional keysNo
KPDrv4XPYKPDrv4XP.exeMultimedia keyboard/keypad/mouse driver. Required if you use the additional keysNo
KXT01_KPDrv4XPYKPDrv4XP.exeMultimedia USB keyboard driver. Required if you use the additional keysNo
Zippy USBKPDrvYKPDRV4XP.EXEZippy multimedia USB keypad driver. Required if you use the additional keysNo
BLMC3Mouse-KPDrv4XPYKPDrv4XP.exeMultimedia USB mouse driver. Required if you use the additional buttonsNo
KperfectXKPerfect.exeDetected by Dr.Web as Trojan.DownLoader5.24152No
KavPFWYKPFW32.EXEKingsoft Personal Firewall - either as a stand-alone product or as part of Kingsoft Internet SecurityYes
Kingsoft Internet SecurityYKPFW32.EXEKingsoft Personal Firewall - either as a stand-alone product or as part of Kingsoft Internet SecurityYes
Kingsoft Personal FirewallYKPFW32.EXEKingsoft Personal Firewall - either as a stand-alone product or as part of Kingsoft Internet SecurityYes
KPNAssistentUpdaterNKPNAssistentUpdater.exeUpdater for the KPN Assistant self-help support tool for KPN broadband users (provided by Support.com (aka SupportSoft or Tioga))No
Total Closed MsnXkPrg.exeDetected by Dr.Web as Trojan.Siggen6.25288 and by Malwarebytes as Backdoor.Agent.ENo
kpuXkpu.exeDetected by Malwarebytes as Adware.KorAd. The file is located in %AppData%\kpupdateNo
Microsoft® Windows® Operating SystemXkqffl.exeDetected by Dr.Web as Trojan.MulDrop5.15340 and by Malwarebytes as Trojan.Agent.MSWGenNo
MicrosoftctfmonXkr.exeDetected by Dr.Web as Trojan.DownLoader6.9905 and by Malwarebytes as Trojan.AgentNo
Kr0n1CXKr0n1C.exeDetected by Sophos as W32/Brontok-BONo
kragXkrag.exeDetected by Sophos as W32/Agent-FOW and by Malwarebytes as Worm.DorcragNo
KraidmanUKraidman.exe"Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptopsNo
SystemStartupXkrapapa.exeDetected by Intel Security/McAfee as RDN/Generic.dx!w and by Malwarebytes as Trojan.AgentNo
MJCXREYWRURCOTI0MJNFMKXkratrwrk.exeDetected by Intel Security/McAfee as PWS-Zbot.gen.po and by Malwarebytes as Backdoor.IRCBotNo
KREC32Ukrec32.exeKBMonitor keystroke logger/monitoring program - remove unless you installed it yourself!No
REKAYASAMAGIC54XKrisnaPlonco.exeDetected by Intel Security/McAfee as RDN/Generic.dx!d2f and by Malwarebytes as Trojan.Rakam.ENo
Microsoft DocumentXkrisp.exeDetected by Sophos as W32/Sdbot-RQNo
SystemXkrln32.exeMalware installed by different rogue security software including SpyKillerProNo
WindowsNT - KernelXkrn.exeDetected by Dr.Web as Trojan.PWS.Lineage.9745 and by Malwarebytes as Spyware.OnlineGames.ENo
WindowsNT-KernelXkrn.exeDetected by Dr.Web as Trojan.PWS.Lineage.9745 and by Malwarebytes as Spyware.OnlineGames.ENo
darkXkrn.exeDetected by Dr.Web as Trojan.PWS.Banker1.14604 and by Malwarebytes as Trojan.BankerNo
Krn132XKrn132.exeDetected by Panda as Klez.BNo
darkXkrn3.exeDetected by Intel Security/McAfee as generic!bg.qh and by Malwarebytes as Trojan.BankerNo
startkeyXkrnl.exeDetected by Sophos as Troj/Bifrose-S and by Malwarebytes as Backdoor.BotNo
Kernel32Xkrnl32.exeAdded by the EPON WORM!No
krnl386Xkrnl386.exeDetected by Kaspersky as Trojan.Win32.VB.aqvl. The file is located in %Windir%No
0tnl2gqroUpsMiH0BQJ74tE=Xkrnl386.exeDetected by Malwarebytes as Trojan.Backdoor.CH. The file is located in %AppData%\Microsoft\CLR Security ConfigNo
MicroUpdateXkrnlll.exeDetected by Intel Security/McAfee as RDN/Generic.bfr and by Malwarebytes as Backdoor.Agent.DCENo
Windows Kernel ManagerXkrnlmgr.exeDetected by Dr.Web as Trojan.Click2.35029No
Kernel ManagerXkrnlmgr.exeAdded by the JUNY.A TROJAN!No
KrnlmodUKrnlmod.exeKeystroke logger/monitoring program - remove unless you installed it yourself!No
A_Studio™4Xkrnlnod32.exeDetected by Dr.Web as Win32.HLLW.Autoruner1.51974No
krnlXkrnlx86.exeDetected by Trend Micro as TSPY_VBKLOG.SMIBNo
krnlinitXkrnlx86.exeDetected by Dr.Web as BackDoor.IRC.Mishko.52 and by Malwarebytes as Trojan.AgentNo
Windows Service AgentXkrqbs.exeDetected by Trend Micro as TROJ_IRCBRUTE.AZ and by Malwarebytes as Backdoor.Bot. The file is located in %System%No
RUI4QKYXRDLEQZRERTUXNJXkrzngtjw.exeDetected by Malwarebytes as Backdoor.Agent. The file is located in %UserProfile%No
KSafeTrayUKSafeTray.exeSystem Tray access to, and notifications for the Kingsoft PC Doctor optimization utility which "comprises PC Health Diagnosis, Optimizer and cleaner to diagnose, clean, repair and speed up your PC"Yes
PC Doctor Flow MonitorUKSafeTray.exeSystem Tray access to, and notifications for the Kingsoft PC Doctor optimization utility which "comprises PC Health Diagnosis, Optimizer and cleaner to diagnose, clean, repair and speed up your PC"Yes
Kingsoft PC DoctorUKSafeTray.exeSystem Tray access to, and notifications for the Kingsoft PC Doctor optimization utility which "comprises PC Health Diagnosis, Optimizer and cleaner to diagnose, clean, repair and speed up your PC"Yes
KsjhdfxXKsjhdfx.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%No
OfficeUpdateXKSM.exeDetected by Intel Security/McAfee as RDN/Generic.hra and by Malwarebytes as Backdoor.Agent.DCENo
MSRegScanUKSPDemo.exeKeyStalker PRO surveillance software. Uninstall this software unless you put it there yourselfNo
SecurityXksqgimit.exeAntivirii 2011 rogue security software - not recommended, removal instructions hereNo
Ksrv32XKsrv32.exeDetected by Sophos as W32/Agobot-PINo
KSSYkss.exeKaspersky Security Scan provides a free-of-charge, easy way to find viruses and other threats that may be hidden on your PC... plus get advice on your PC's security status"No
KClientUkstatus.exeKClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnetNo
Nvidia Startup ManagerXksvc32.exeDetected by Sophos as Troj/Agent-IWDNo
KSVSvc.exeXKSVSvc.exeDetected by Trend Micro as TSPY_ONLINEG.CTMNo
NT Kernel 6.2XkSys.exeDetected by Intel Security/McAfee as Generic.dx and by Malwarebytes as Backdoor.IRCBot.ENo
Microsoft AntiSpywareXKT06.pifAdded by a variant of the IRCBOT BACKDOOR!No
KTAX Auto LoaderXktax.exeDetected by Sophos as W32/SdBot-MZNo
ktchnsnkUktchnsnk.exeHP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebootedNo
+7XGwzKpoO03ZcO4ww==Xktmutil.exeDetected by Malwarebytes as Backdoor.Bot. The file is located in %AppData%\Mozilla\Firefox\Profiles\iasr8t1f.default-1413582490273\indexedDB\moz-safe-about+home\idb\818200132aebmoouhtNo
KTPWareYktp.exeRelated to KTP Ware TSR Enhancements from ELANTECHNo
Start RF Wireless KeyboardYktrexe.exeWireless keyboard driverNo
Windows Management InstrumentationXkuemuu.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %AppData%\MicrosoftYes
kuidiXkuidi.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
NoPropioXKuil.exeDetected by Dr.Web as Trojan.DownLoader10.33161 and by Malwarebytes as Backdoor.Agent.ENo
Rakyat_KelaparanXKuli.exeDetected by Symantec as W32.SillyFDC.BDM and by Malwarebytes as Worm.SFDCNo
Kuma_TrayNKuma_tray.exeSystem Tray access to free games from KumaNo
gpmceXKumpulan Sofware-sofware terbaru.exeDetected by Intel Security/McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.GenNo
kumuhXkumuh.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile%No
Optimize WindowsXKuntilanak.exeDetected by Symantec as W32.SillyFDC. The file is located in %System%No
RPCall_WIN2KXKurawas.exeAdded by the BHARAT.A WORM!No
KurupiraNetUkurupirawf.exeKurupira Web Filter - "an easy way to block websites and filter web content"No
UUSeeiXKuwoi.exeDetected by Trend Micro as TROJ_VB.FPWNo
kvasoftXkva8wr.exeDetected by Trend Micro as WORM_AUTORUN.HON and by Malwarebytes as Spyware.OnlineGamesNo
KVmETsua.exeXKVmETsua.exeDetected by Malwarebytes as Trojan.Filecoder. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
KvmSecure.exeXKvmSecure.exeKvmSecure rogue security software - not recommended, removal instructions hereNo
kvasoftXkvosoft.exeDetected by Trend Micro as WORM_AUTORUN.ZZU and by Malwarebytes as Spyware.OnlineGamesNo
Kerio VPN ClientUkvpnclient.exeKerio VPN ClientNo
kvqisXkvqis.exeDetected by Malwarebytes as Worm.SFDC. The file is located in %UserProfile% - see hereNo
Kvsc3XKvsc3.exeDetected by Sophos as Troj/PWS-ANMNo
AeTWEnNoIZyaIiUYGtHGEdWktjXkVsEoYPVDuCgJx.exeDetected by Malwarebytes as Trojan.Banker. The file is located in %System% - see hereNo
FGHDFYFJXKVVRIA96Y5.exeDetected by Malwarebytes as Backdoor.Messa. The file is located in %AppData%No
KeyWalletUKWallet.exe"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"No
kwinplix.exeXkwinplix.exeDetected by Intel Security/McAfee as RDN/Generic Downloader.x!ke and by Malwarebytes as Trojan.Banker.E. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
kwinsc.exeXkwinsc.exeDetected by Malwarebytes as Trojan.Agent. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
gwldrvnXkwOYK.exeDetected by Malwarebytes as Trojan.Agent.DE. The file is located in %AppData%No
JHREGJFSXkWpkSliB.exeDetected by Intel Security/McAfee as RDN/Generic.bfr!fp and by Malwarebytes as Backdoor.Agent.ENo
KwSvScanXkwsvscan.exeDetected by Malwarebytes as Trojan.Agent. The file is located in %UserProfile%\My UserProgramsNo
KiweeHookNkwtbaim.exeKiwee toolbar - allows emoticons, winks, text and greetings to be added to conversations. Note - can be difficult to remove and is potentially dangerous as it may install malware and collect user-identifying information possibly resulting in privacy violations and identity theft - see here. For this reason it is classified as EMD (sites engaged in malware distribution) by hpHosts - see hereNo
KX509Ukx509_kfwk5.exeKerberos Secure Authentication for WindowsNo
kxescYkxetray.exeSystem Tray access to, and notifications for Kingsoft AntivirusYes
Kingsoft Antivirus TrayYkxetray.exeSystem Tray access to, and notifications for Kingsoft AntivirusYes
Kingsoft Internet SecurityYkxetray.exeSystem Tray access to, and notifications for Kingsoft AntivirusYes
kX MixerNkxmixer.exeProvides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcardsNo
KXT01_KeyboardUKXT01KB.EXEMultimedia USB keyboard manager. Required if you use the additional keysNo
kxvaXkxvo.exeDetected by Sophos as W32/AutoRun-DY and by Malwarebytes as Spyware.OnlineGamesNo
tasoftXkxvo.exeDetected by Malwarebytes as Spyware.OnlineGames. The file is located in %System% - see hereNo
kyprumrynahaXkyprumrynaha.exeDetected by Intel Security/McAfee as RDN/Downloader.a!oy and by Malwarebytes as Trojan.Agent.USNo
MSNXkys7r.exeDetected by Sophos as W32/Autorun-ARNo
kyshinqygamwXkyshinqygamw.exeDetected by Malwarebytes as Trojan.Agent.US. The file is located in %UserProfile% - see hereNo
KY Control SettingsXKYSVCCD.EXEDetected by Trend Micro as WORM_SDBOT.BHJNo
KYK Control SettingsXKYSVCXD.EXEAdded by a variant of Backdoor:Win32/RbotNo
kytqetorjansXkytqetorjans.exeDetected by Malwarebytes as Trojan.Cutwail. The file is located in %UserProfile%No
KZn4tIiyA.exeXKZn4tIiyA.exeDetected by Dr.Web as Trojan.Siggen5.46255 and by Malwarebytes as Trojan.Clicker. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows startsNo
Supports RAS ConnectionsXkznytwg.EXEDetected by Sophos as Troj/Agent-AASM and by Malwarebytes as Backdoor.IRCBotNo

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

Variables:

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a list of tasks/processes taken from the Task Manager (CTRL+SHIFT+ESC) "Processes" tab. This displays some startup programs AND other background tasks and "Services". These pages are concerned with startup programs from the common startup locations shown above ONLY. Please do not submit entries collected from this method as they will not be used. For a list of tasks/processes you should try the list at PC Pitstop, the Process Library from Uniblue or one of the many others now available.

Therefore, before ending a task/process via CTRL+SHIFT+ESC just because it has an "X" recommendation, please check whether it's in the registry or common startup locations first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+SHIFT+ESC. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 25K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entries listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program.

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the Windows 8/7/Vista/XP/2K/NT operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2017 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home