"Added by the BRONTOK-BS WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
"Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet
SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
"SETI Spy is a little program to ""spy"" on the progress and performance of the SETI@home client. Called a ""spy"" because it is unobtrusive as possible"
"Added by the RBOT-BWI WORM! Note - this is not the valid Logitech Setpoint mouse and keyboard entry that uses the same filename and is located in %ProgramFiles%\Logitech\Setpoint. This one is located in %System%"
"Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
"""StorageCraft™ ShadowUser™ provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops"""
"Share-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → Programs"
"Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""sound_drive16.exe"" file is located in %System%"
"Added by the DOYORG BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate svchost.exe process is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
"Added by the KIPIS-U WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate Internet Explorer (iexplore.exe) is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft"
"Added by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winupdate.exe"" file is located in %System%"
"Added by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files"
"Added by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
"Added by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""msbnc.exe"" file is located in %System%"
"Added by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""kbdsys.exe"" file is located in %AppData%\Microsoft\Keyboard"
"Added by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""init32m.exe"" file is located in %System%"
"Added by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""smssnt.exe"" file is located in %System%"
"Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
"Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
"""Shockmachine is a stand-alone application that lets users collect Macromedia Shockwave and Flash titles and play them offline"". Could be a registration reminder for the trial version"
"Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
"Note that there is a strange symbol in the command field and in logs it's shown as ""O4 - HKLM\..\Run: [ShowLOMControl] [strange symbol]"". Additional registry information for the entry is ""Reg_DWORD 0x00000001 (1)"". It means Show ""LAN on Motherboard"" Control. On systems where you can install an external LAN interface
"Found on Gateway computers (and maybe others) - see here. ""Showwnd is included with the Chicony keyboard software and is used by the software to stop the keyboard driver's taskbar entry from reappearing. It is not necessary to remove the keyboard software
Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
"Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"
"""Desktop Sidebar provides you with instant access to the information you most desire by grabbing data from your PC and the internet. The result is a dynamic visual display you configure and control"""
Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
"Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say"
"Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself"
"SipDiscount - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is NOT a list of tasks/processes taken from Task Manager
or the Close Program window (CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try
WinTasks 5 Standard/Professional from LIUtilities or the list at
AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
