"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has ""runtime"" appended to cli.exe in the ""Command"" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows"
"Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device"
For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
"""SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords)
"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
"Added by the DLDR-G TROJAN! Note - this is not the legitimate Console IME process of the same filename which is located in %System%. This one is located in %Temp%"
"Topconverting.com/180Search ""Games Toolbar"" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Topconverting.com/180Search ""IEMenuExtension"" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder"
"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
"Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""rgtndz.dll"" file is found in %System%"
"Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
"Added by the SILLYFDC-AW WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
"TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different.."
"Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inet10066"
"Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
"PC Alert III - MSI motherboard monitoring software. Only required if you ""overclock"" your system. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/2K"
"Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in %System%"
"Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
"Added by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"""SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords)
"Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?"
"IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""spads.dll"" file is located in the Winnt or Windows folder"
"Superiorads adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""sprt_ads.dll"" file is located in %System%"
"SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
"T-Com Antidialer from T-Com internet provider. It's a small antidialer utility which monitors whether you're trying to dial a new connection. It basically asks you do you want to dial the shown number or not. Protects agains dialer malware"
"Added by Remote Storm - a remote control tool that is a network application that allows users to manage and control PCs or networks from a remote location"
"Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun"
"Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder"
"Added by the BUZUS-AD TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090131a.dll"" file is located in %Windir%"
"Added by the BUZUS-AF TROJAN! Note - the ""rundll33.exe"" file is located in %System%\inf and the ""xccdf16_090305a.dll"" file is located in %Windir%"
ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
"Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
"Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
Copyright 2003-2013 iamnotageek &/or Martin Krohn.
