The ctfmon.exe file is responsible for controlling the Alternative User Input technologies and activates the Language bar icon in the System Tray if more than one keyboard layout is enabled on a Windows computer. It provides text input service support for speech recognition, handwriting recognition, electronic recognition, braille keyboards, and other alternative user input technologies.

Ctfmon.exe – File Information

By default, on a Windows XP and Windows Vista computer, the ctfmon.exe file is located in the C:\Windows\System32 folder. The most common size of the ctfmon.exe file is 15,360 bytes.

The ctfmon.exe file is loaded after you install the Office XP Alternative User Input features and automatically starts every time you boot your Windows computer.

The ctfmon.exe file is running in the background, even after I’ve closed all Office programs

This is normal and should not be a cause of concern. The ctfmon.exe file is designed to run in the background during Windows sessions, regardless of whether an office program is running.

Is ctfmon.exe and essential file?

Well, this depends on your requirements. If you do not use more than one keyboard layout or alternative text input features then you can safely disable the ctfmon.exe process.

The ctfmon.exe keeps coming back even after I’ve removed it from my Startup Programs using msconfig

You cannot disable ctfmon.exe using the msconfig command. The ctfmon.exe process automatically loads again and continues to run in the background even after you remove it from the startup programs.

How to disable ctfmon.exe

If you do not require the features that ctfmon.exe offers on a Windows computer, then you can safely disable this process.

To disable ctfmon.exe, perform the following tasks:

Step 1 – Disable Advanced Test Services through Control Panel

1. Click the Start menu and select Control Panel.
2. Next, double-click Regional and Language Options.
3. Click the Languages tab and then click Details.
4. Next, click the Advanced tab and clear the checkbox for Turn off advanced text services.
5. Click Apply and then click OK to close the Text Services and Input Languages dialog box.

Step 2 – Disable the startup entry for ctfmon.exe

1. Click Start and then click Run.
2. Type msconfig and press Enter.
3. In the System Configuration Utility dialog box, click the Startup tab and clear the checkbox against the startup entry for ctfmon.exe.
4. Click the Apply button and then click OK.
5. Restart your computer.

Ctfmon.exe – Security Threat?

The true ctfmon.exe is a legitimate file from Microsoft. However, various malware programs, such as trojans, spyware, and viruses are also known to use a process by the same name. It is important that you do not confuse the rouge ctfmon.exe with the legitimate file. The legitimate ctfmon.exe file is present in your system folder and is not a system threat.

How to ensure that ctfmon.exe running is not a virus

To ensure that only the legitimate ctfmon.exe is present on your computer, run a malware scan using reliable security tools, such as Antivirus Plus and StopZilla.

In case a threat is found to exist on your computer, remove it immediately. At this point, it is recommended that you also perform a registry scan using an efficient registry cleaner, such as RegGenie to clean your registry to eliminate any invalid or corrupt entries that the malware may have added.

For reference, a list of malware that are known to be associated with ctfmon.exe is below:

Worm.Rungbu.B [PC Tools]
Worm.Win32.VB.du [Kaspersky Lab]
WORM_VB.BDN [Trend Micro]
Worm.Win32.VB.du [Ikarus]
Worm.VB.ZVX [PC Tools]
Worm.VB.YVF [PC Tools]
Worm.Autorun.DU [PC Tools]
Win32.Sality.AA [PC Tools]
W32/VB-CTQ [Sophos]
W32/Sality.ac [McAfee]
W32/Rungbu-C [Sophos]
W32.Sality.X [Symantec]
W32.Rungbu [Symantec]
W32.Fakerecy [Symantec]
W32.Dizan.D [Symantec]
Virus:Win32/Rungbu.C [Microsoft]
Virus.Win32.VB.cc [Kaspersky Lab]
Trojan.Win32.VB.aqt [Kaspersky Lab]
Bloodhound.Unknown [Symantec]
FakeRecycled [McAfee]
Generic VB.c [McAfee]
PE_RUNGBU.A-O [Trend Micro]
PE_RUNGBU.B-O [Trend Micro]
PE_RUNGBU.C-O [Trend Micro]
Trojan Horse [Symantec]
Trojan.VB.XFZ [PC Tools]
Trojan.Win32.VB [Ikarus]
W32.SillyFDC [Symantec]
W32/Rungbu-A [Sophos]
Trojan.VB!sd5 [PC Tools]
Downloader [Symantec]
Mal/Packer [Sophos]
Generic.dx [McAfee]
Infostealer [Symantec]
PE_DZAN.A [Trend Micro]
PE_TENGA.A [Trend Micro]
Trojan-Dropper.Agent [Ikarus]
Virus.Win32.Dzan.a [Kaspersky Lab]
Virus.Win32.Tenga.a [Kaspersky Lab]
Virus.Win32.Virut.q [Kaspersky Lab]
W32.Licum [Symantec]
W32.Rontokbro.AN@mm [Symantec]
W32/Dzan.b [McAfee]
W32/Gael.worm.a [McAfee]
W32/Vetor-A [Sophos]
W32/Virut.gen [McAfee]
Application.Family_Keylogger [PC Tools]
Keylog-Family [McAfee]
W32.Virut.U [Symantec]
Backdoor.Win32.Poison.cpb [Kaspersky Lab]
Backdoor:Win32/Koceg.gen!A [Microsoft]
Backdoor:Win32/Poisonivy.E [Microsoft]
BackDoor-DRW [McAfee]
Generic Downloader.x [McAfee]
Mal/EncPk-GC, Mal/Packer [Sophos]
Mal/Generic-A [Sophos]
Mal/Koceg-A [Sophos]
PE_AGENT.ZAE-O [Trend Micro]
PE_RUNGBU.C [Trend Micro]
PE_VIRUT.XP [Trend Micro]
Suspicious.MH690 [Symantec]
Troj/Poison-AE [Sophos]
Troj/VB-CSA [Sophos]
Trojan-Downloader.Win32.Agent.llo [Kaspersky Lab]
TrojanDownloader:Win32/Renos.FJ [Microsoft]
TrojanDownloader:Win32/Small.gen!H [Microsoft]
Virus:Win32/Sality.T [Microsoft]
W32/Sality-AD [Sophos]
Win32.AutoRun.H [PC Tools]
Win32/Xema.worm.103424.B [AhnLab]
Win-Trojan/Recycled.20480 [AhnLab]
Worm.Win32.VB.mz [Ikarus]
Worm:Win32/Autorun.OX [Microsoft]
Worm:Win32/Fakerecy.A [Microsoft]
WORM_SOCKS.BL [Trend Micro]
New Malware.n [McAfee]
not-a-virus:Monitor.Win32.FamilyKeyLogger.280 [Kaspersky Lab]
not-a-virus:Monitor.Win32.FamilyKeyLogger.283 [Kaspersky Lab]
PE_DROWOR.A [Trend Micro]
Win32/Xema.worm.76288.B [AhnLab]
W32/Virut.gen.a [McAfee]
W32/Sality-AM [Sophos]
W32/Cekar [McAfee]
W32.Spybot.Worm [Symantec]
W32.Mandaph [Symantec]
Virus:Win32/Virut.AE [Microsoft]
Virus:Win32/Sality.AM [Microsoft]
Trojan-Downloader.Win32.Delf.def [Kaspersky Lab]
Trojan.Win32.Agent [Ikarus]
Spyware.FamilyKeylog [Symantec]
Backdoor.Trojan [Symantec]
Backdoor.Poison!sd6 [PC Tools]
Backdoor.IRCBot!sd6 [PC Tools]
Backdoor.Bifrose [Symantec]
Backdoor:Win32/Koceg [Microsoft]
Backdoor:Win32/Poisonivy.H [Microsoft]
BackDoor-DKI.gen.a [McAfee]
MonitoringTool:Win32/FamilyKeyLogger [Microsoft]
MemScanRootkit.3315 [Ikarus]
BackDoor-DSS [McAfee]

The cisvc.exe (Content Indexing Service) is a Windows system File and is part of the Windows operating system indexing service.

By default, the cisvc.exe file is located in the %system% folder. The most common size of this file is 5,632 bytes. You may also find this file in 5,120, 11,264, and 6,656 bytes sizes.

Note: %system% is a variable that refers to the Windows System folder. By default, for Windows XP/Vista it is C:\Windows\System32.

Purpose of cisvc.exe process

The main purpose of the cisvc.exe process is to monitor the Indexing service and ensure that the Indexing service does not consume huge amounts of memory and CPU resources. Cisvc.exe also monitors the memory usage in CIDAEMON.exe and prevents low memory issues from occurring.

Solution to cisvc.exe high CPU usage problems

It is ironic that a process whose primary function is to prevent memory hogging situations is often reported to be consuming huge amounts of system resources in terms of CPU and memory usage.

If cisvc.exe is frequently consuming high CPU resources and you do not use the Windows Search feature often, then you can resolve the issue by disabling the indexing service. The Indexing service facilitates the quick finding of files and folders on your Windows computer.

Therefore, if you do not use the Windows Search feature to locate files or folders, disabling the Indexing service will not affect you. On the other hand it will prevent cisvc.exe high CPU usage issues from occurring.

To disable the Indexing service, perform the following steps:

1. Click the Start menu and select Control Panel.
2. Double-click Add or Remove programs.
3. In the Add or Remove programs window, click Add/Remove Windows Components.
4. Clear the checkbox before Indexing Service, and click Next.
5. When the Indexing Service is disabled, click Finish to close the Windows Components Wizard dialog box.

Cisvc.exe – Security Report

The true cisvc.exe is a Windows file and is not a system threat. However, a malware process by this name is also recorded. The malicious cisvc.exe performs spyware related functions and is known to be associated with following Internet Security threats:

Troj/SDFDrp-Gen [Sophos]
Worm.Rbot [Ikarus]
Win-Trojan/Downloader.77824.BZ [AhnLab]
Virus.Win32.VB [Ikarus]
TrojanDownloader:Win32/Horst.Q [Microsoft]
Trojan-Downloader.Win32.VB.krl [Kaspersky Lab]
Trojan-Downloader.Win32.Calac [Ikarus]
Trojan.Win32.VB.jwf [Kaspersky Lab]
Trojan.ProgentKeyLog.A [PC Tools]
Trojan Horse [Symantec]
Spyware-Ssppyy [McAfee]
Mal/Horst [Sophos]
Keylog-Progent [McAfee]
Infostealer [Symantec]
BackDoor-CMQ.gen.d [McAfee]
BackDoor-CMQ!a [McAfee]
Backdoor.Win32.Agent.adpp [Kaspersky Lab]
Backdoor.Trojan [Symantec]
Downloader.Trojan [Symantec]
Generic Downloader.x [McAfee]
Trojan-Dropper.Agent [Ikarus]
Trojan.Win32.VB.kcp [Kaspersky Lab]
not-a-virus:Monitor.Win32.FamilyKeyLogger.250 [Kaspersky Lab]
Mal/Behav-236 [Sophos]
Generic.dx [McAfee]
Generic PWS.y [McAfee]
Trojan-Dropper.Win32.Agent.ahdr [Kaspersky Lab]
Trojan-Proxy.Horst [Ikarus]
Trojan-Spy.Win32.VB.bip [Kaspersky Lab]
Win-Trojan/Agent.204800.BC [AhnLab]

How to ensure that cisvc.exe running is not a system threat

As malware programs often use processes that have same name as legitimate Windows processes, it becomes imperative that you ensure that only legitimate processes run on your computer.

To verify if the cisvc.exe process running on your computer is legitimate or not, perform a malware scan using top-rated security tools, such as Antivirus Plus and StopZilla. If the scan results report a malware infection, immediately remove the malware processes.

At this point, also perform a registry scan using a reliable registry cleaning tool, such as RegGenie to remove harmful entries that the malicious cisvc.exe process may have added to your registry.

Two instances of avp.exe are running on my system – is this normal?

Having two instances of avp.exe running when you are using the Kaspersky Internet Security software is normal. One is the scanner and other one is GUI (Graphical User Interface) tray component.

To check the instances of avp.exe running on your computer, press Ctrl+Alt+Del, and then click the Processes tab in the Windows Task Manager window. All the currently running processes are displayed under Image Name. 

Avp.exe is constantly hogging system resources

Users running the Kaspersky security tool often complain of avp.exe consuming huge amounts of CPU resources at regular intervals. Avp.exe high CPU consumption is attributed to the fact that the Kaspersky security program checks the Java installation files every 30 seconds. If you do not use Java, you may resolve the problem by uninstalling the tool from your computer.

Alternatively, you may install other security tools, such as Antivirus Plus and StopZilla that are equally efficient as Kaspersky Internet Security software but consume less of your system’s resources.

Avp.exe error

When your Windows computer starts, you may receive an error message similar to the ones displayed below:

“avp.exe – Application Error
The instruction at "0x64a14da9" referenced memory at "0x010801e0". The memory could not be "read”.”

-Or-

“avp.exe – application error
The exception integer division by zero.
(0xc0000094) occured in the application at location 0x68f06c2f.
Click Ok to terminate, click cancel to debug the program"

To repair the error, perform the following steps:

1. Click Start and then click Search.
2. Click All files and folders.
3. Type updcfg.xml in the All or part of the file name box, select Local Hard Drives in the Look in list, and then click Search.
4. In the right-pane, right-click updcfg.xml and click Delete.

Note: The default location of this file is C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\updcfg.xml.

Avp.exe – is it a safe process?

The true avp.exe is a safe process and is an integral part of Kaspersky Internet Security program. However, another process with the same name as avp.exe is also a registered trojan that allows attackers to remotely access the infected computer and steal personal and confidential information.

If you do not use Kaspersky security program and have avp.exe running on your computer, chances are high that your system is infected. Remove the malicious avp.exe process, by running a malware scan using advanced security tools, such as Antivirus Plus and StopZilla.

After you have removed the harmful avp.exe file, clean your registry using reliable registry cleaning software, such as RegGenie to remove harmful registry entries that the malware may have added.

What are the malware programs that use the avp.exe file?

Below is a list of Internet Security threats that are known to use avp.exe:

Gen.Packed [Ikarus]
Win-Trojan/Agent.21504.NB [AhnLab]
TSPY_MARAN.JG [Trend Micro]
Trojan-PWS.Maran [PC Tools]
Trojan-PSW.Win32.Maran.sv [Kaspersky Lab]
TrojanDropper:Win32/OnLineGames.H [Microsoft]
Trojan-Downloader.Win32.Alphabet.gen [Kaspersky Lab]
Trojan-Downloader.Alphabet.GEN [PC Tools]
TrojanClicker:Win32/Hatigh.C [Microsoft]
Generic.dx!fmw [McAfee]
Infostealer.Phax [Symantec]
Mal/EncPk-KP [Sophos]
Packed.Generic.233 [Symantec]
PWS-Maran [McAfee]
Trojan.DR.Alphabet.Gen!Pac [PC Tools]
Trojan.Dropper [Symantec]
Generic.dx!fml [McAfee]
Generic.dx [McAfee]
W32.SillyFDC [Symantec]
Mal/EncPk-EW [Sophos]
Trojan-GameThief.Win32.WOW [Ikarus]
Troj/PWS-AVS [Sophos]
Backdoor.Rbot!sd5 [PC Tools]
Infostealer.Onlinegame [Symantec]
Backdoor.Trojan [Symantec]
Bloodhound.Unknown [Symantec]
Mal/Behav-156 [Sophos]
New Malware.bj [McAfee]
Trojan Horse [Symantec]
Trojan.Delf.YBR [PC Tools]
Trojan.PWS.Maran.ALK [PC Tools]
Trojan.PWS.Maran.LY [PC Tools]
Trojan.Win32.Delf.abx [Kaspersky Lab]
Trojan-PWS.Win32.Maran.sv [Ikarus]
TrojanSpy:Win32/Maran.BC [Microsoft]
W32.Spybot.Worm [Symantec]
Downloader [Symantec]
Infostealer.Gampass [Symantec]
Mal/Generic-A [Sophos]
Packed/NSPack [PC Tools]
Trojan-PSW.Win32.Maran.tm [Kaspersky Lab]
Trojan-PSW.Win32.Maran.jg [Kaspersky Lab]
PWS-Mmorpg!en [McAfee]
New Malware.aj [McAfee]

The nwiz.exe (Nvidia nView Wizard) process is associated with the newer versions of the Nvidia graphics card drivers (2002 onward). Nvidia nView Wizard allows users to improve and customize desktop layouts by providing a range of options, including the option to have up to 32 virtual desktops, split the display across more than one monitor, have a desktop that is larger than the viewable area of the monitor, add transparency to applications windows, zoom portions of the display, and much more.

The nwiz.exe file is installed on your PC along with Nvidia graphics video cards. The purpose of nwiz.exe is to reinstall the special features of your Nvidia graphics card automatically when you boot your system. If you do not use any special features, such as the ones mentioned above, the nwiz.exe process terminates, otherwise it stays in the background.

I’m using Nvidia graphics card – is it necessary to let nwiz.exe start automatically?

By default, nwiz.exe starts automatically when you boot your computer. However, nwiz.exe is not an essential startup process.

Whether to let nwiz.exe start automatically or not is up to you. If you use any of the special nView features, let nwiz.exe start automatically. Otherwise, you can safely remove this process from your startup sequence.

To remove nwiz.exe from your startup programs list, perform the following steps:

1. Click the Start menu and select Run.
2. In the Open box, type msconfig and press Enter to open the System Configuration Utility dialog box.
3. Here, click the Startup tab.
4. Clear the checkbox before nwiz.exe, click Apply, and then click OK.
5. Restart your computer.

Nwiz.exe is consuming 90%-95% of my CPU resources – what’s the cure?

Typically, this process is not recorded to consume huge amount of system resources. If you find that nwiz.exe is constantly consuming large amount of CPU resources and is causing your system to function properly then update you Nvidia graphic device drivers. An easy way to update device drivers is by using a reliable driver management tool, such as Driver Finder.

What is the default location of nwiz.exe on a Windows XP computer?

By default, the nwiz.exe process is located in the C:\Windows\System32 folder and its most common file size on Windows XP computer is 1,519,616 bytes.

Nwiz.exe – is it a safe file?

Yes, it is. The Nwiz.exe process belongs to Nvidia graphics card drivers and is not a security threat.

However, it is important to note that various malware programs use processes that have similar names as genuine processes. For instance, there is a malware process called nwize.exe (please note the extra “e”) that is associated with the bat.mumu.a worm. Ensure that you have the safe nwiz.exe process and not the malicious nwize.exe process running.

To view the list of currently running processes press Ctrl+Alt+Del, and then click the Processes tab. If you find any malicious process running, immediately run a malware scan on your entire computer, using advanced security programs, such as Antivirus Plus and StopZilla to get rid of the virus. Also, after you have successfully removed the malware, run a registry scan using a reliable registry cleaner such as RegGenie to sanitize your registry.

The crss.exe process is registered as the W32.AGOBOT.GH Worm. The crss.exe virus is spread through e-mails and the virus is executed when a user opens the e-mail attachment that contains the virus. This virus has its own SMTP engine that it uses to redistribute itself. In some cases, attackers use this worm to remotely gain access to an infected system to steal personal and confidential information, such as credit card numbers, online banking details, and email passwords.

As you can guess, crss.exe is a grave security threat and should be immediately removed if found running on a computer.

What are the security threats that are associated with crss.exe?

Below is a list of known malware that are known to be associated with crss.exe:

Trojan Horse [Symantec]
Worm.Win32.AutoRun.yq [Kaspersky Lab]
Win-Trojan/ProAgent.13312 [AhnLab]
W32/Colit-A [Sophos]
Virus.Win32.AutoRun.k [Kaspersky Lab]
Trojan.Progent [PC Tools]
Trojan.Dropper [Symantec]
TROJ_PROGEN121.A [Trend Micro]
TROJ_AUTORUN.ANK [Trend Micro]
Troj/Keylogg-E [Sophos]
Possible_Mlwr-7 [Trend Micro]
not-a-virus:Monitor.Win32.FamilyKeyLogger.230 [Kaspersky Lab]
not-a-virus:Monitor.Win32.FamilyKeyLogger [Ikarus]
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]
IRC/Flood.mirc [McAfee]
Backdoor:Win32/Rbot.gen [Microsoft]
Backdoor:Win32/Mobibez.gen!A [Microsoft]
Backdoor.Win32.Hupigon.fbom [Kaspersky Lab]
Backdoor.Trojan [Symantec]
Backdoor.Hupigon [PC Tools]
Backdoor.Delf.AAIG [PC Tools]
BackDoor-EAU [McAfee]
Downloader.Trojan [Symantec]
Trojan-PSW.Win32.WebMoner.t [Kaspersky Lab]
Trojan-Downloader.Win32.Banload.abg [Kaspersky Lab]
Trojan.Win32.Agent.gwy [Kaspersky Lab]
Trojan.WebMoney [Symantec]
Trojan.VB.NKW [Ikarus]
Trojan.VB.EEHX [PC Tools]
Trojan.Agent.EJYJ [PC Tools]
PWS-Banker [McAfee]
New Malware.d [McAfee]
Mal/VBDos-A [Sophos]
Mal/Stealer-A [Sophos]
Mal/CryptBox-A, Mal/Behav-319 [Sophos]
Keylog-Bansaka [McAfee]
Hacktool.Keylogger [Symantec]
TSPY_BANKER.JPP [Trend Micro]
TSPY_WEBMONER.BF [Trend Micro]
VirTool.Win32.DelfInject [Ikarus]
W32.Ackantta@mm [Symantec]
W32/Sdbot.worm.gen.ax [McAfee]
Worm:Win32/Prolaco.D [Microsoft]
Worm.Win32.AutoRun [Ikarus]
Win-Trojan/Xema.variant [AhnLab]
Win-Trojan/CeeInject.449536 [AhnLab]
W32/Xirtem@MM [McAfee]

The malicious crss.exe file can exist in various locations on an infected PC. For example, you are quite likely to find the crss.exe file in the following locations on your computer:

%System%\crss.exe
%System%\dllcache\crss.exe
%Temp%\crss.exe
%Temp%\csrss.exe
%Windir%\crss.exe
%Windir%\system\crss.exe

Note:

• %System% is a variable that refers to the System folder on your Windows computer. By default, in Windows XP computer, the path is C:\Windows\System32.
• %Temp% is a variable that points to the temporary folder on your computer. In Windows XP computer, the default path is C:\Documents and Settings\[UserName]\Local Settings\Temp.
• %Windir% is a variable that points to the Windows installation folder. By default, it is C:\Windows for Windows XP.

How to get rid of crss.exe virus?

To remove the crss.exe virus from your Windows computer, run a full system malware scan using advanced and updated security software, such as Antivirus Plus and StopZilla.

Crss.exe Error

When your Windows computer starts, you may receive an error message similar to the one displayed below:

“Windows cannot find C:\WINDOWS\crss.exr”

Cause of the Error

Typically, the above error occurs when your protective suite fails to remove registry entries related to the crss.exe file.

Resolution

To resolve the error, remove the startup crss.exe entries in the registry. To achieve this, scan your registry using a reliable registry cleaner tool, such as RegGenie.

In the future, we recommend you install protective software that ensures complete removal of malware programs from your computer.

Are csrss.exe and crss.exe the same process?

No, they are not. Csrss.exe (Client Server Runtime Process) is a critical Windows process, whereas crss.exe, as discussed above, is a registered Worm.

Please note the extra “s” in csrss.exe and do not confuse it with the malicious crss.exe process. The csrss.exe process controls threading and Win32 console Windows features and performs critical functions for a Windows operating system. It is recommended that you do not terminate the csrss.exe process. If csrss.exe is unavailable, your Windows computer may become unstable.

Dw20.exe is a Windows error reporting tool that is included in Microsoft Office. When an Office product, such as Microsoft Word crashes or fails to respond, the dw20.exe file automatically collects information and allows users to send a report directly to Microsoft.

Is dw20.exe an essential process?

Dw20.exe is a useful process but not an essential one. If you do not want this process to run on your PC, you can safely disable the Application Error Reporting tool.

How to disable the Error Reporting tool in Windows XP

You can disable the Error Reporting tool through the Windows registry, Control Panel, or Computer Management window. Each of these three methods is discussed in detail below.

Disable Error Reporting tool through the registry

Warning: The steps illustrated below require you to edit the registry. Please proceed only if you are comfortable in working with the Windows Registry. A mistake while modifying the registry can cause irreparable damage. As a precaution always back up the registry before editing it. This allows you to roll back the registry to its previous working state in case a complication arises. You may use a reliable registry maintenance tool, such as RegGenie to make a registry backup.

1. Click Start and then click Run.
2. Type regedit in the Run box and press Enter.
3. Locate and select the following key in the left-pane of the Registry Editor window:
   HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common
4. Click the Edit menu, select New, and then click DWORD Value.
5. Next, type DWNeverUpload.
6. Double-click DWNeverUpload and in the Value Data box type 1 and click OK.
7. Click the File menu and then click Exit to close the Registry Editor window.

Disable Error Reporting through the Control Panel

1. Click Start and then click Control Panel.
2. Double-click System.
3. Click the Advanced tab in the System Properties dialog box that opens.
4. Click the Error Reporting button.
5. Next, click Disable error reporting and then click OK.
6. Finally, click Apply and then click OK to close the System Properties dialog box.

Disable Error Reporting through Computer Management window

1. Right-click the My Computer icon on your desktop and click Manage.
2. In the Computer Management window, click Services and Applications.
3. Next, in the right-pane of the Computer Management window, double-click Services.
4. Locate and double-click Microsoft Application Error Reporting and then in the Startup type drop-down list select Disabled.
5. Click Apply and then click OK.
6. In the Computer Management window, click the File menu and click Exit.

Dw20.exe high CPU usage issue

In case you find that the dw20.exe process is consuming huge amounts of system resources in terms of memory and CPU usage, you can choose either of the methods discussed in the above section to disable the Error Reporting tool.

Dw20.exe – Security Report

The dw20.exe is a safe process and is not known to be associated with any malware. However, having said this, it is important to understand that processes associated with malware programs, like viruses, worms, and spyware often have similar names as legitimate processes.

If you suspect malware-related processes may be running on your computer, run a malware scan on your entire computer using advanced security tools, such as Antivirus Plus and StopZilla. If the scan results show any security threats, immediately remove them to ensure that your computer is safe.  

The mshta.exe (Microsoft HTML Application Host) file is a Windows file that is required by the Windows operating system to read and execute .HTA files.

Mshta.exe is a non-essential process and you may safely terminate it if you suspect it of causing any problems with your computer.

Mshta.exe – File Information

Mshta.exe is a Microsoft signed file. By default, the mshta.exe file is located in the %system% folder. The most common size of the mshta.exe file is 29,184 bytes. You may also find this file in 45,568, 30,720, 26,624, and 24,064 bytes sizes.

Note: Here, %system% is a variable that points to the System folder. By default, in Windows 95/98/ME the location of System folder is C:\Windows\System, in Windows NT/Vista it is C:\Winnt\System32, and in Windows XP/Vista it is C:\Windows\System32.

Mshta.exe error

On a Windows 2000 Professional computer when you start the Add/Remove Programs utility, you may receive the following error message:

“Mshta.exe has generated errors and will be closed by Windows”

Resolution Steps

To resolve the above issue, perform the steps illustrated below:

1. Click Start, and then click Run.
2. In the Open box, type the following commands and press Enter after each command to execute them.

   sfc /purgecache

   sfc /scannow

Note: You will need to insert your Windows 2000 Professional CD to complete the above commands.

If the above error message still appears after you have run the sfc commands, perform an in-place upgrade of Windows 2000 Professional. You may refer to the Microsoft Knowledgebase to find out more on how to perform an in-place upgrade of Windows 2000 Professional.

Mshta.exe – Is it a safe file?

Yes, mshta.exe is a safe file and is not known to be associated with malware. However, it is important to understand that various malware programs deliberately give their processes similar names as legitimate Windows processes to escape detection.

You can go through the list of currently running processes to see if you have a rouge version of the mshta.exe file running on your system. To view the running processes, press Ctrl+Alt+Del and then click the Processes tab on the Windows Task Manager window.

If you suspect a rouge process may be running on your computer, run a malware scan using advanced security tools, such as Antivirus Plus and StopZilla and remove malware, if found.

Malware programs often corrupt the Windows registry by adding invalid and corrupt entries. After you remove the malicious processes, always remember to run a registry scan using a reliable registry cleaning utility, such as RegGenie to clean your system registry.

Dwwin.exe is the main executable file for Microsoft Dr. Watson error reporting tool that comes packaged with many Microsoft products.

By default, the dwwin.exe file is located in the C:\Windows\System32 folder. The most common size of this file is 180,224 bytes.

Dwwin.exe errors

Error 1

When you shutdown a Windows computer that has Acrobat Version 7 installed on it, you receive the following error:

“Dwwin.exe – DLL initialization failed”

When you click OK, the following error message is displayed:

“AcroRD32.exe – application error”

Resolution

To fix the above issue, perform the following steps:

1. Double-click the Acrobat icon on your desktop to open it.
2. Click the Edit menu and then click Preferences.
3. Click Internet and under Web Browser options clear the checkbox before Display PDF in browser.
4. Click OK.

If the above steps fail to resolve the error, uninstall Acrobat 7.0 and install the latest Acrobat version. To uninstall Acrobat 7.0 completely, you may use an efficient uninstaller tool, such as Perfect Uninstaller.

In case the error still occurs after you have upgraded to the latest Acrobat version, run a registry scan. Many exe errors occur due to issues in the registry. To resolve the above error, run a registry scan using a reliable registry cleaning utility, such as RegGenie.

Error 2

When you start a Windows computer that has Kaspersky Antivirus software version 7 installed on it, you may receive the following error message:

dwwin.exe – application error 
The instruction at "0x7c883f9c" referenced memory at "0x7c883f9c". The memory could not be "written" 
Click on OK to terminate the program
Click on Cancel to debug the program

Resolution

To repair the issue, perform the following steps:

1. Double-click the Kaspersky antivirus icon in your system tray.
2. Click Settings and then click Protection.
3. Select Compatibility mode for programs using self-protection.
4. Click OK and reboot your Windows computer. 

Dwwin.exe – can you trust this process?

Yes, dwwin.exe is a safe process and is not known to be associated with any malware. However, it is important to remember that oftentimes malware programs have processes with similar names as legitimate processes. For instance, malware may place a rouge process on your computer that has a similar name as dwwin.exe, such as dwin.exe, dwwinn.exe, or dwinn.exe.

If you suspect a rogue process may be running on your computer, go through the list of currently running processes. To view the list, press Ctrl+Alt+Del, and then click the Processes tab in the Windows Task Manager window.

If you find unsolicited processes running on your system, immediately run a malware scan on your computer using top-rated security software, such as Antivirus Plus and StopZilla and remove the reported malware.

The myagttry.exe process is associated with McAfee protective tools, such as McAfee Total Protection and provides users notifications. An icon for this program is placed in your system tray.

Myagttry.exe – File Information

By default, myagttry.exe is present in a subfolder of C:\Program Files. Common sizes of this file are – 139,264, 190,016, 90,112, 73,728, and 247,104 bytes sizes.

By default, myagttry.exe loads automatically every time you start your computer.

Is myagttry.exe an essential startup program?

No, myagttry.exe is not an essential startup program. If you wish, you can prevent this program from loading automatically. However, if you remove this process from your startup programs, you will lose automatic notifications.

To remove the mygattry.exe program from your startup sequence, perform the following steps:

1. Click the Start menu and then click Run.
2. Type msconfig in the Run box, and press the OK button.
3. Select Startup in the System Configuration Utility dialog box.
4. Clear the checkbox before myagttry.exe.

Mygattry.exe Issues

When you shutdown your Windows computer, you may receive the following mygattry.exe error:

End Program – MyAgtTry.exe

If you choose to end this program immediately, you will lose
any unsaved data. To end the program now click End Now.

The above mygattry.exe shutdown issue occurs because mygattry.exe takes too much time to close while performing routine maintenance. The above error is generated after Windows has made two requests to close mygattry.exe.

McAfee acknowledges this issue and has confirmed that the problem will be resolved in future releases.

Besides the above issue that occurs when you shutdown your Windows computer, you may also find that at times the myagttry.exe process is consumes a huge amount CPU resources, causing your system to slow down. If you are constantly facing these two issues, you may want to switch to other reliable and issues-free protective tools, such as Antivirus Plus and StopZilla.

Is myagttery.exe a safe process?

Yes, myagttery.exe is a safe process that belongs to McAfee Protective products. However, it is important to understand that many malware programs deliberately give their processes the same or similar names as existing processes in order to escape detection.

If you are concerned that a rogue process may be running on your computer, you can check the list of currently running processes. To do this, press Ctrl+Alt+Del, and then click the Processes tab in the Windows Task Manager Window. Go through the current processes list and see if you find any unsolicited processes running. If you suspect the presence of rogue processes, run a malware check on your entire computer using reliable and advanced antimalware tools, such as Antivirus Plus and StopZilla.

Also, after you have removed the malware-related process, scan your Windows registry using an efficient registry cleaner to remove any invalid or harmful entries that the rouge process may have added to the registry. 

Tmpa.exe is a malicious process that enters your system without your consent. The tmpa.exe file is associated with the malware group – Trojan-Downloader.

Tmpa.exe is a security threat and if you find it running on your system, you must immediately take action to remove this file.

Tmpa.exe – File Information

The tmpa.exe file is known to exist in the following file sizes:

• 86,020 bytes
• 81,920 bytes
• 93,700 bytes
• 99,332 bytes
• 102,404 bytes
• 106,500 bytes
• 126,980 bytes
• 151,556 bytes

Tmpa.exe is known to use the following names:

• 20.TMP.EXE.SCM
• $R43GX0J.EXE
• $RYB7708.EXE
• ~TMPC.EXE
• 19.TMP.EXE.SCM
• A4Y.EXE
• 03994238.TXT
• 05420011.EXE
• 1A.TMP.EXE.SCM
• 20.TMP

By default, the tmpa.exe file is found in %temp% folder.

Note: %temp% is a variable and points to Windows temporary folder. The default path in Windows XP/Vista is C:\Documents and Settings\[user]\Local Settings\Temp.

Tmpa.exe – File Behavior

Tmpa.exe is known to perform the following behavior:

• It executes as a process.
• It has the ability to delete and create other processes.
• It is known to resist interrogation by security programs.
• It successfully hides itself from user and security processes.
• It adds a registry key to auto start when the system boots.
• It has the ability to communicate with other computer using HTTP protocols.
• It registers a malicious DLL file.
• It can copy itself to multiple locations on an infected computer.

Tmpa.exe Error

When you start your computer or while you are working on it, you may receive the following error message

“Tmpa.exe has stopped working”

The above error indicates that your PC is infected with the tmpa.exe virus. To fix the error, get rid of tmpa.exe and all its associated files and registry entries.

Does deleting tmpa.exe file ensure its complete removal?

No, it doesn’t. To remove a malware completely you need to remove all its files, programs, and registry entries.

Even if you delete the tmpa.exe file manually and terminate the process, your PC will still be infected. As the information shared above shows, tmpa.exe can take various other filenames, can be present in multiple locations, and creates other processes on an infected computer. In addition to all this, tmpa.exe may also inject various entries into the registry. To completely remove the tmpa.exe virus, you need to get rid of all the instances of tmpa.exe file, its associated files, and registry entries. You cannot achieve complete removal of the tmpa.exe virus by just deleting the tmpa.exe file.

Further, it is recommended that you do not attempt to remove tmpa.exe virus manually. A mistake during its manual removal, such as deletion of an incorrect file, or removal of a valid registry entry may inflict further damage to your computer.

How to get rid of the tmpa.exe virus

To completely remove tmpa.exe virus, scan your entire computer using advanced security programs, such as Antivirus Plus and StopZilla.

Furthermore, after you have removed the malware, scan your registry using an efficient registry cleaner, such as RegGenie to remove any invalid or corrupt entries that the malicious tmpa.exe process may have added to your registry.