"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file
"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
"Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file
Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?"
"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate
"HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller"
"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Windows Inet Daemon from Hummingbird Communications. ""Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons"". Provides PCs with the full functionality of a UNIX workstation"
"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
"Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
"IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. Included with services from BellSouth
"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""kvern16.dll"" file is found in %System%"
"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
"Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus"
"Micro Bill Systems Billing Software - ""is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"""
"Micro Bill Systems Billing Software - ""is a potentially unwanted application that uses aggressive billing and collection service techniques to demand payment for Web site access after a three-day trial period has elapsed. It has been reported that these techniques may even result in a user no longer being able to browse the Internet"""
"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
"Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
"Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Workstation background program for Network Associates McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
"NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided"
"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
"Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
"Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in %System% and should not normally figure in Msconfig/Startup! This file is located in a ""mirc32"" folder"
"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
"Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation"
"A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The ""rmoc3260.dll"" file is found in %System%"
"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%"
DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
"Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
"IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""spads.dll"" file is located in the Winnt or Windows folder"
"Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sprt_ads.dll"" file is located in %System%"
"Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process"
"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
Utility related to inserting and removing the slim bay device (such as a DVD/CD-writer) on Toshiba laptops. You can disable this task if you have no intention of ever taking the device out while the laptop is turned on
"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""vernn16.dll"" file is found in %System%"
From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
"Added by a variant of the IRCBOT BACKDOOR! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""aqls32.exe"" file is found in %System%"
Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
"Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder"
"Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
"Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
Copyright 2003-2013 iamnotageek &/or Martin Krohn.
