mehmetcetin
2010-06-30, 20:54
Last update :- 25th May, 2010
21379 items listed
"Status" key:
"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown
Variables:
%System% - refers to the System folder; by default this is C:\Windows\System (9x/Me), C:\Winnt\System32 (NT/2K), or C:\Windows\System32 (XP/Vista)
%Windir% - refers to the Windows installation folder; by default this is C:\Windows (9x/Me/XP/Vista) or C:\Winnt (NT/2K)
%UserProfile% - refers to the current user's profile folder; by default this is C:\Documents and Settings\ (NT/2K/XP) or C:\Users\ (Vista)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
- show all
all others A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
--------------------------------------------------------------------------------
[0-49] [50-99] [100-149] [150-199] [200-249] [250-299] [300-349] [350-399] [400-449] [450-499] [500-549] [550-599] [600-649] [650-699] [700-749] [750-799] [800-849] [850-899] [900-949] [950-999] [1000-1049] [1050-1099] [1100-1149] [1150-1199] [1200-1249] [1250-1299] [1300-1349] [1350-1399] [1400-1449] [1450-1499] [1500-1549] [1550-1599] [1600-1649] [1650-1699] [1700-1749] [1750-1799] [1800-1849] [1850-1899] [1900-1949] [1950-1999] [2000-2049] [2050-2099] [2100-2149] [2150-2199] [2200-2249] [2250-2299] [2300-2349] [2350-2399] [2400-2449] [2450-2499] [2500-2549] [2550-2599] [2600-2649] [2650-2699] [2700-2749] [2750-2799] [2800-2849] [2850-2899] [2900-2949] [2950-2999] [3000-3049] [3050-3099] [3100-3149] [3150-3199] [3200-3249] [3250-3299] [3300-3349] [3350-3399] [3400-3449] [3450-3499] [3500-3549] [3550-3599] [3600-3649] [3650-3699] [3700-3749] [3750-3799] [3800-3849] [3850-3899] [3900-3949] [3950-3999] [4000-4049] [4050-4099] [4100-4149] [4150-4199] [4200-4249] [4250-4299] [4300-4349] [4350-4399] [4400-4449] [4450-4499] [4500-4549] [4550-4599] [4600-4649] [4650-4699] [4700-4749] [4750-4799] [4800-4849] [4850-4899] [4900-4949] [4950-4999] [5000-5049] [5050-5099] [5100-5149] [5150-5199] [5200-5249] [5250-5299] [5300-5349] [5350-5399] [5400-5449] [5450-5499] [5500-5549] [5550-5599] [5600-5649] [5650-5699] [5700-5749] [5750-5799] [5800-5849] [5850-5899] [5900-5949] [5950-5999] [6000-6049] [6050-6099] [6100-6149] [6150-6199] [6200-6249] [6250-6299] [6300-6349] [6350-6399] [6400-6449] [6450-6499] [6500-6549] [6550-6599] [6600-6649] [6650-6699] [6700-6749] [6750-6799] [6800-6849] [6850-6899] [6900-6949] [6950-6999] [7000-7049] [7050-7099] [7100-7149] [7150-7199] [7200-7249] [7250-7299] [7300-7349] [7350-7399] [7400-7449] [7450-7499] [7500-7549] [7550-7599] [7600-7649] [7650-7699] [7700-7749] [7750-7799] [7800-7849] [7850-7899] [7900-7949] [7950-7999] [8000-8049] [8050-8099] [8100-8149] [8150-8199] [8200-8249] [8250-8299] [8300-8349] [8350-8399] [8400-8449] [8450-8499] [8500-8549] [8550-8599] [8600-8649] [8650-8699] [8700-8749] [8750-8799] [8800-8849] [8850-8899] [8900-8949] [8950-8999] [9000-9049] [9050-9099] [9100-9149] [9150-9199] [9200-9249] [9250-9299] [9300-9349] [9350-9399] [9400-9449] [9450-9499] [9500-9549] [9550-9599] [9600-9649] [9650-9699] [9700-9749] [9750-9799] [9800-9849] [9850-9899] [9900-9949] [9950-9999] [10000-10049] [10050-10099] [10100-10149] [10150-10199] [10200-10249] [10250-10299] [10300-10349] [10350-10399] [10400-10449] [10450-10499] [10500-10549] [10550-10599] [10600-10649] [10650-10699] [10700-10749] [10750-10799] [10800-10849] [10850-10899] [10900-10949] [10950-10999] [11000-11049] [11050-11099] [11100-11149] [11150-11199] [11200-11249] [11250-11299] [11300-11349] [11350-11399] [11400-11449] [11450-11499] [11500-11549] [11550-11599] [11600-11649] [11650-11699] [11700-11749] [11750-11799] [11800-11849] [11850-11899] [11900-11949] [11950-11999] [12000-12049] [12050-12099] [12100-12149] [12150-12199] [12200-12249] [12250-12299] [12300-12349] [12350-12399] [12400-12449] [12450-12499] [12500-12549] [12550-12599] [12600-12649] [12650-12699] [12700-12749] [12750-12799] [12800-12849] [12850-12899] [12900-12949] [12950-12999] [13000-13049] [13050-13099] [13100-13149] [13150-13199] [13200-13249] [13250-13299] [13300-13349] [13350-13399] [13400-13449] [13450-13499] [13500-13549] [13550-13599] [13600-13649] [13650-13699] [13700-13749] [13750-13799] [13800-13849] [13850-13899] [13900-13949] [13950-13999] [14000-14049] [14050-14099] [14100-14149] [14150-14199] [14200-14249] [14250-14299] [14300-14349] [14350-14399] [14400-14449] [14450-14499] [14500-14549] [14550-14599] [14600-14649] [14650-14699] [14700-14749] [14750-14799] [14800-14849] [14850-14899] [14900-14949] [14950-14999] [15000-15049] [15050-15099] [15100-15149] [15150-15199] [15200-15249] [15250-15299] [15300-15349] [15350-15399] [15400-15449] [15450-15499] [15500-15549] [15550-15599] [15600-15649] [15650-15699] [15700-15749] [15750-15799] [15800-15849] [15850-15899] [15900-15949] [15950-15999] [16000-16049] [16050-16099] [16100-16149] [16150-16199] [16200-16249] [16250-16299] [16300-16349] [16350-16399] [16400-16449] [16450-16499] [16500-16549] [16550-16599] [16600-16649] [16650-16699] [16700-16749] [16750-16799] [16800-16849] [16850-16899] [16900-16949] [16950-16999] [17000-17049] [17050-17099] [17100-17149] [17150-17199] [17200-17249] [17250-17299] [17300-17349] [17350-17399] [17400-17449] [17450-17499] [17500-17549] [17550-17599] [17600-17649] [17650-17699] [17700-17749] [17750-17799] [17800-17849] [17850-17899] [17900-17949] [17950-17999] [18000-18049] [18050-18099] [18100-18149] [18150-18199] [18200-18249] [18250-18299] [18300-18349] [18350-18399] [18400-18449] [18450-18499] [18500-18549] [18550-18599] [18600-18649] [18650-18699] [18700-18749] [18750-18799] [18800-18849] [18850-18899] [18900-18949] [18950-18999] [19000-19049] [19050-19099] [19100-19149] [19150-19199] [19200-19249] [19250-19299] [19300-19349] [19350-19399] [19400-19449] [19450-19499] [19500-19549] [19550-19599] [19600-19649] [19650-19699] [19700-19749] [19750-19799] [19800-19849] [19850-19899] [19900-19949] [19950-19999] [20000-20049] [20050-20099] [20100-20149] [20150-20199] [20200-20249] [20250-20299] [20300-20349] [20350-20399] [20400-20449] [20450-20499] [20500-20549] [20550-20599] [20600-20649] [20650-20699] [20700-20749] [20750-20799] [20800-20849] [20850-20899] [20900-20949] [20950-20999] [21000-21049] [21050-21099] [21100-21149] [21150-21199] [21200-21249] [21250-21299] [21300-21349] [21350-21378]
Name or Startup Item Status Command or Data Description Tested?
X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field No
X pathex.exe Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field No
X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field No
X MSPF.EXE Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.exe Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.dll Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.js Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X ajsha5.exe Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field No
X ne.exe Added by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name field No
X iexpl0re.exe Added by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name field No
X gbpm.exe Added by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name field No
X regedit.exe /s appboost.reg Added by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir% No
!1_pgaccount Y pgaccount.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly No
!1_ProcessGuard_Startup Y procguard.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks No
!AVG Anti-Spyware Y avgas.exe System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware Yes
!ewido Y ewido.exe System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware Yes
!NoLoad N winrecon.exe WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! No
$EnterNet U Enternet.exe Connection manager for the EnterNet ISP. You can also use RASPPOE No
$sys$cmp X $sys$xp.exe Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer No
$sys$crash X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$crash X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$crash X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$sys$drv X $sys$drv.exe Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer No
$sys$momomomochin X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$momomomochin X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$momomomochin X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$Volumouse$ U volumouse.exe Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" No
$WindowsRegKey%update X IEXPLORE.EXE Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% No
%cmpmixtitle% ? %cmpmixstr% Possibly related to C-Media Mixer Control panel? No
%FP%012-L2TP fts.exe N fts.exe 012.Net.il Israeli ISP software front-end No
%FP%012-L2TP FWPortal.exe U FWPortal.exe 012.Net.il Israeli ISP dial-up software No
%FP%1776 Internet fts.exe N fts.exe 1776 Internet US ISP software ISP software front-end No
%FP%1776 Internet FWPortal.exe U FWPortal.exe 1776 Internet US ISP dial-up software No
%FP%AIRTEL fts.exe N fts.exe Bharti Airtel Broadband - Indian ISP software front-end No
%FP%Barak013 fts.exe N fts.exe Barak013 Israeli ISP software front-end No
%FP%Barak013 FWPortal.exe U FWPortal.exe Barak013 Israeli ISP dial-up software No
%FP%Friendly fts.exe N fts.exe Friendly ISP software front-end No
%Temp% X %Temp%\delwdef2008.bat WinDefender 2008 rogue privacy program - not recommended, removal instructions here No
%Windir%\winnl.exe X winnl.exe Added by the KIDKITI TROJAN! No
%Windir%\winnm.exe X winnm.exe Added by the KIDKITI TROJAN! No
Services.dll X smss.exe Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field No
WinCheck X services.exe Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field No
WinData X services.exe Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field No
Windows X services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field No
WinINet X services.exe Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field No
WinStart X services.exe Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field No
winsystem.sys X smss.exe Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field No
21379 items listed
"Status" key:
"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown
Variables:
%System% - refers to the System folder; by default this is C:\Windows\System (9x/Me), C:\Winnt\System32 (NT/2K), or C:\Windows\System32 (XP/Vista)
%Windir% - refers to the Windows installation folder; by default this is C:\Windows (9x/Me/XP/Vista) or C:\Winnt (NT/2K)
%UserProfile% - refers to the current user's profile folder; by default this is C:\Documents and Settings\ (NT/2K/XP) or C:\Users\ (Vista)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
- show all
all others A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
--------------------------------------------------------------------------------
[0-49] [50-99] [100-149] [150-199] [200-249] [250-299] [300-349] [350-399] [400-449] [450-499] [500-549] [550-599] [600-649] [650-699] [700-749] [750-799] [800-849] [850-899] [900-949] [950-999] [1000-1049] [1050-1099] [1100-1149] [1150-1199] [1200-1249] [1250-1299] [1300-1349] [1350-1399] [1400-1449] [1450-1499] [1500-1549] [1550-1599] [1600-1649] [1650-1699] [1700-1749] [1750-1799] [1800-1849] [1850-1899] [1900-1949] [1950-1999] [2000-2049] [2050-2099] [2100-2149] [2150-2199] [2200-2249] [2250-2299] [2300-2349] [2350-2399] [2400-2449] [2450-2499] [2500-2549] [2550-2599] [2600-2649] [2650-2699] [2700-2749] [2750-2799] [2800-2849] [2850-2899] [2900-2949] [2950-2999] [3000-3049] [3050-3099] [3100-3149] [3150-3199] [3200-3249] [3250-3299] [3300-3349] [3350-3399] [3400-3449] [3450-3499] [3500-3549] [3550-3599] [3600-3649] [3650-3699] [3700-3749] [3750-3799] [3800-3849] [3850-3899] [3900-3949] [3950-3999] [4000-4049] [4050-4099] [4100-4149] [4150-4199] [4200-4249] [4250-4299] [4300-4349] [4350-4399] [4400-4449] [4450-4499] [4500-4549] [4550-4599] [4600-4649] [4650-4699] [4700-4749] [4750-4799] [4800-4849] [4850-4899] [4900-4949] [4950-4999] [5000-5049] [5050-5099] [5100-5149] [5150-5199] [5200-5249] [5250-5299] [5300-5349] [5350-5399] [5400-5449] [5450-5499] [5500-5549] [5550-5599] [5600-5649] [5650-5699] [5700-5749] [5750-5799] [5800-5849] [5850-5899] [5900-5949] [5950-5999] [6000-6049] [6050-6099] [6100-6149] [6150-6199] [6200-6249] [6250-6299] [6300-6349] [6350-6399] [6400-6449] [6450-6499] [6500-6549] [6550-6599] [6600-6649] [6650-6699] [6700-6749] [6750-6799] [6800-6849] [6850-6899] [6900-6949] [6950-6999] [7000-7049] [7050-7099] [7100-7149] [7150-7199] [7200-7249] [7250-7299] [7300-7349] [7350-7399] [7400-7449] [7450-7499] [7500-7549] [7550-7599] [7600-7649] [7650-7699] [7700-7749] [7750-7799] [7800-7849] [7850-7899] [7900-7949] [7950-7999] [8000-8049] [8050-8099] [8100-8149] [8150-8199] [8200-8249] [8250-8299] [8300-8349] [8350-8399] [8400-8449] [8450-8499] [8500-8549] [8550-8599] [8600-8649] [8650-8699] [8700-8749] [8750-8799] [8800-8849] [8850-8899] [8900-8949] [8950-8999] [9000-9049] [9050-9099] [9100-9149] [9150-9199] [9200-9249] [9250-9299] [9300-9349] [9350-9399] [9400-9449] [9450-9499] [9500-9549] [9550-9599] [9600-9649] [9650-9699] [9700-9749] [9750-9799] [9800-9849] [9850-9899] [9900-9949] [9950-9999] [10000-10049] [10050-10099] [10100-10149] [10150-10199] [10200-10249] [10250-10299] [10300-10349] [10350-10399] [10400-10449] [10450-10499] [10500-10549] [10550-10599] [10600-10649] [10650-10699] [10700-10749] [10750-10799] [10800-10849] [10850-10899] [10900-10949] [10950-10999] [11000-11049] [11050-11099] [11100-11149] [11150-11199] [11200-11249] [11250-11299] [11300-11349] [11350-11399] [11400-11449] [11450-11499] [11500-11549] [11550-11599] [11600-11649] [11650-11699] [11700-11749] [11750-11799] [11800-11849] [11850-11899] [11900-11949] [11950-11999] [12000-12049] [12050-12099] [12100-12149] [12150-12199] [12200-12249] [12250-12299] [12300-12349] [12350-12399] [12400-12449] [12450-12499] [12500-12549] [12550-12599] [12600-12649] [12650-12699] [12700-12749] [12750-12799] [12800-12849] [12850-12899] [12900-12949] [12950-12999] [13000-13049] [13050-13099] [13100-13149] [13150-13199] [13200-13249] [13250-13299] [13300-13349] [13350-13399] [13400-13449] [13450-13499] [13500-13549] [13550-13599] [13600-13649] [13650-13699] [13700-13749] [13750-13799] [13800-13849] [13850-13899] [13900-13949] [13950-13999] [14000-14049] [14050-14099] [14100-14149] [14150-14199] [14200-14249] [14250-14299] [14300-14349] [14350-14399] [14400-14449] [14450-14499] [14500-14549] [14550-14599] [14600-14649] [14650-14699] [14700-14749] [14750-14799] [14800-14849] [14850-14899] [14900-14949] [14950-14999] [15000-15049] [15050-15099] [15100-15149] [15150-15199] [15200-15249] [15250-15299] [15300-15349] [15350-15399] [15400-15449] [15450-15499] [15500-15549] [15550-15599] [15600-15649] [15650-15699] [15700-15749] [15750-15799] [15800-15849] [15850-15899] [15900-15949] [15950-15999] [16000-16049] [16050-16099] [16100-16149] [16150-16199] [16200-16249] [16250-16299] [16300-16349] [16350-16399] [16400-16449] [16450-16499] [16500-16549] [16550-16599] [16600-16649] [16650-16699] [16700-16749] [16750-16799] [16800-16849] [16850-16899] [16900-16949] [16950-16999] [17000-17049] [17050-17099] [17100-17149] [17150-17199] [17200-17249] [17250-17299] [17300-17349] [17350-17399] [17400-17449] [17450-17499] [17500-17549] [17550-17599] [17600-17649] [17650-17699] [17700-17749] [17750-17799] [17800-17849] [17850-17899] [17900-17949] [17950-17999] [18000-18049] [18050-18099] [18100-18149] [18150-18199] [18200-18249] [18250-18299] [18300-18349] [18350-18399] [18400-18449] [18450-18499] [18500-18549] [18550-18599] [18600-18649] [18650-18699] [18700-18749] [18750-18799] [18800-18849] [18850-18899] [18900-18949] [18950-18999] [19000-19049] [19050-19099] [19100-19149] [19150-19199] [19200-19249] [19250-19299] [19300-19349] [19350-19399] [19400-19449] [19450-19499] [19500-19549] [19550-19599] [19600-19649] [19650-19699] [19700-19749] [19750-19799] [19800-19849] [19850-19899] [19900-19949] [19950-19999] [20000-20049] [20050-20099] [20100-20149] [20150-20199] [20200-20249] [20250-20299] [20300-20349] [20350-20399] [20400-20449] [20450-20499] [20500-20549] [20550-20599] [20600-20649] [20650-20699] [20700-20749] [20750-20799] [20800-20849] [20850-20899] [20900-20949] [20950-20999] [21000-21049] [21050-21099] [21100-21149] [21150-21199] [21200-21249] [21250-21299] [21300-21349] [21350-21378]
Name or Startup Item Status Command or Data Description Tested?
X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field No
X pathex.exe Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field No
X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field No
X MSPF.EXE Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.exe Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.dll Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X dllvirtual.js Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field No
X ajsha5.exe Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field No
X ne.exe Added by the IRCBOT-ZL TROJAN! Note - has a blank entry under the Startup Item/Name field No
X iexpl0re.exe Added by the RBOT-SD WORM! Note - has a blank entry under the Startup Item/Name field No
X gbpm.exe Added by the DLOADR.ZZD WORM! Note - has a blank entry under the Startup Item/Name field No
X regedit.exe /s appboost.reg Added by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir% No
!1_pgaccount Y pgaccount.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly No
!1_ProcessGuard_Startup Y procguard.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks No
!AVG Anti-Spyware Y avgas.exe System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware Yes
!ewido Y ewido.exe System Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware Yes
!NoLoad N winrecon.exe WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! No
$EnterNet U Enternet.exe Connection manager for the EnterNet ISP. You can also use RASPPOE No
$sys$cmp X $sys$xp.exe Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer No
$sys$crash X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$crash X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$crash X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$sys$drv X $sys$drv.exe Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer No
$sys$momomomochin X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$momomomochin X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$momomomochin X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! No
$sys$umaiyo X $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! No
$Volumouse$ U volumouse.exe Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse" No
$WindowsRegKey%update X IEXPLORE.EXE Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System% No
%cmpmixtitle% ? %cmpmixstr% Possibly related to C-Media Mixer Control panel? No
%FP%012-L2TP fts.exe N fts.exe 012.Net.il Israeli ISP software front-end No
%FP%012-L2TP FWPortal.exe U FWPortal.exe 012.Net.il Israeli ISP dial-up software No
%FP%1776 Internet fts.exe N fts.exe 1776 Internet US ISP software ISP software front-end No
%FP%1776 Internet FWPortal.exe U FWPortal.exe 1776 Internet US ISP dial-up software No
%FP%AIRTEL fts.exe N fts.exe Bharti Airtel Broadband - Indian ISP software front-end No
%FP%Barak013 fts.exe N fts.exe Barak013 Israeli ISP software front-end No
%FP%Barak013 FWPortal.exe U FWPortal.exe Barak013 Israeli ISP dial-up software No
%FP%Friendly fts.exe N fts.exe Friendly ISP software front-end No
%Temp% X %Temp%\delwdef2008.bat WinDefender 2008 rogue privacy program - not recommended, removal instructions here No
%Windir%\winnl.exe X winnl.exe Added by the KIDKITI TROJAN! No
%Windir%\winnm.exe X winnm.exe Added by the KIDKITI TROJAN! No
Services.dll X smss.exe Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field No
WinCheck X services.exe Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field No
WinData X services.exe Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field No
Windows X services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field No
WinINet X services.exe Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field No
WinStart X services.exe Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field No
winsystem.sys X smss.exe Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field No