"Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field"
"Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field"
"Added by the APPIX.D WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""appboost.reg"" is located in %Windir%"
"System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware"
"Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
"Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
"Volumouse from Nirsoft. ""Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"""
"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the RBOT-CVY WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
"Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
"System Tray access to PC Tools Firewall Plus from PC Tools - which ""is a powerful personal firewall for Windows that protects your computer from intruders and controls the network traffic in and out of your PC"""
"101Clips - ""the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"""
"12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
"Part of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar
"1 Click & Lock from Softstack.com - ""a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password
"1 Click & Lock from Softstack.com - ""a system tray security utility you can use to secure your desktop when you step away from your PC. It's secure and very easy-to-use. Just define a password
"SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC.""
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is NOT a list of tasks/processes taken from Task Manager
or the Close Program window (CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try
WinTasks 5 Standard/Professional from LIUtilities or the list at
AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
