"Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
"Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
HP 3D DriveGuard uses a digital accelerometer protects your disk drive by parking and halting I/O requests if you drop your PC or if you move your PC with the display lid closed
"System Tray access to ATI's Catalyst™ Control Center. Note that this has ""SystemTray"" appended to CLI.exe in the ""Command"" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop"
"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
"AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here"
"Philips CD-RW related - ""the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"""
"Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
"Added by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""regedit.sys"" file is located in %System%"
"""IBM® Lotus® EasySync® Pro is a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
"3Com Palm PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
"Lotus Notes 4 specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
"Windows Mobile Pocket PC specific translator for IBM® Lotus® EasySync® Pro - ""a personal productivity solution that provides data synchronization between your IBM Lotus Notes® desktop and handheld devices running PalmOS and Windows CE/Pocket PC operating systems"""
"ErrClean rogue system error and cleaning utility - not recommended. There are number of variants in this family sharing the same filename and user interface - see here"
System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
"X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?"
"Kuma Notifier for the Shootout! game from the History Channel. ""It lets you know whenever there's a new episode that's been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"""
"This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP
"Advertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the ""Properties"" reveal it to be a Microsoft file"
"iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user"
Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
"Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
System Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version (3.0.1) also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation and this is the Windows Defender entry
"System Tray access to Windows Search 4.0 for XP from Microsoft - which adds additional search options including a search box on the Taskbar. This version also includes the Windows Search (WSearch) service which indexes files and e-mails items so you can quickly find words and phrases. Disabling this entry does not affect the normal operation"
"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"
"Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
"Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow ""Post-It"" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs"
"Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying"
"Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
"Morfit ADjectPager - ""uses home page rental technology for generating revenues"". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage"
"Software Piracy Alert feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: ""The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number
"Added by a variant of the RBOT WORM! Note - this is not the legitimate Windows spoolss.exe process which is always located in %System% and should not figure in Msconfig/Startup!"
"ActivePrint from Pocket Watch LLC - ""Windows Mobile users are given the invaluable capability of printing from their mobile devices to any Windows 2000/XP/2003/Vista compatible printer without the necessity of wireless hardware"""
"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system
"Added by the SMALL.DDX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
"Part of SafeSpace (from Artificial Dynamics) which ""protects computers from Internet malware infection without the need for signature updates or regular maintenance"""
"Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
"Added by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""kbdsys.exe"" file is located in %AppData%\Microsoft\Keyboard"
"Added by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a ""Template"" subfolder"
"Spoke Software client application. Spoke ""uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private
"Raxmus adware. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
"Added by the BANK-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%MSN Messenger or %ProgramFiles%Windows LiveMessenger. This one is located in %Windir%\system"
"Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files"
"Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm"
"Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
"Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""pcsearch.reg"" file is located in %Windir%"
"Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The ""sysreg.reg"" file is located in %Windir%"
"""SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
"Added by the DELF-EY TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
"Added by the JUNTADOR.K TROJAN! Note - this is not the older version of Yahoo! Messenger which shares the same filename and is located on %ProgramFiles%\Yahoo!\Messenger"
"Added by the MIMAIL.Q WORM! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %Windir%"
"Added by the LDPINCH.E TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the LDPINCH-AU TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP"
"Added by the SATILOLER.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files\System"
"Added by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
"Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks"
"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the BRONTOK-BS WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process"
"Added by the FAN-A WORM! Note - the valid Microsoft systray.exe is normally located in %System% and will only run at startup on Win9x/Me systems. This one is located in %Windir%"
"Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP system"
"Added by the SILLYFDC WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
"Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
"Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Config\system"
"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\)
"Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\)
"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\)
"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the DEWIN.E BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Installs a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""ie.reg"" is located in the root folder (ie
"Installs a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
"vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro"
"Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the ""Properties"" reveal it to be a Microsoft file"
"StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
"Added by the BANCBAN-JV TROJAN! Note - this is not the legitimate systray.exe process from Win9x/Me systems which would appear in the Name/Startup Item field as SystemTray in the registry ""Run"" keys and MSConfig. If you right-click on the real systray.exe the ""Properties"" reveal it to be a Microsoft file"
"""SystrayX helps you hide some of the less used icons from the system tray (the hidden icons can still be seen and used in the special SysTrayX menu but will no longer permanently take precious space from your system tray)"""
"Added by the AUTORUN-AWW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%"
"Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
"Added by the RBOT-DDG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the MYTOB.ET WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System%"
"Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the ""Startup Item"" field"
"Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted"
"Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\SERVICES"
"Added by the KREPPER-N TROJAN and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The one is located in a %Windir%\inet***** - where ***** varies dependent upon the variant
"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
"Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
"Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32"
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
Copyright 2003-2013 iamnotageek &/or Martin Krohn.
