"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Adware CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Unidentified adware. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion WinPoET is attractive to equipment providers modem suppliers RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking"
"Actual Window Manager from Actual Tools - ""an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive convenient and enjoyable"""
"""Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam spyware dangerous or time-wasting content phishing scams hackers and intruders"""
Folding@Home is a distributed computing project which studies protein folding misfolding aggregation and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
"Added by the SPYBOT.NC WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
"Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card you will need it. Available via Start -> Programs"
"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card you will need it. Available via Start -> Programs"
"YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs"
"Added by the NIBU.J BACKDOOR or DUMARU-BI TROJAN! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger"
"One of the ""popular"" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a ""config"" ""mapping"" or ""security"" subfolder of the Winnt or Windows folder"
"Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process which is found in %Windir% (98ME) or %System% (NT2000XP). This one is located in %Windir%\dll"
"Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
"Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock"
"Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a ""Winamp"" subdirectory of the Program Files directory"
"Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%"
"Added by the KALEL-A WORM! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder"
"Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
"Detected by Kaspersky as the VB.KV WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
"Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
"Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe opera.exe taskmrg.exe aim.exe Winxdiag.exe and usnesvc.exe"
"Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the ""Start Windows Media Center when Windows Starts"" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour"
"Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth ""scheduler"" - refer here"
"Detected by Trend Micro as the AGENT.ADXH TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder"
"Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
"Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
"Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
"Added by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
"Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!"
"Quick Hide Windows from CronoSoft - ""provides a quick and easy way for home and office PC users to quickly get sensitive materials off the screen without closing programs or losing documents"""
"Detected by Kaspersky as the AUTORUN.DIB WORM! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
"Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different.."
"Added by the BANKER-FI TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Windowsinf or Winntinf folder"
"Added by the RITDOOR-B WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
"Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
"Added by the SILLY.BR WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""4350"" sub-folder"
"Detected by Trend Micro as the AGENT.TQY TROJAN! See here. Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
"Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
"SurfinGuard Pro from Finjan - internet protection software protects against all malicious code delivered through executables scripting files ActiveX and Java"
"Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a ""Winamp"" subdirectory of the Program Files directory whereas this file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
"Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt folder"
Component of WinME that's annoying as hell. Pop's up a prompt to play the C:WINDOWSApplication DataMicrosoftINTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes and don't bother deleting that entry Windows puts it right back. Not only should you disable it from running you should delete the thing altogether as it somehow can re-enable itself. Apparently you can try setting the file to read only
"Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe common.pif common.scr Sexo.exe Sexo.jpg.pif ini_file__.pif load_me__.tmp msfile.pif system_load_.pif or zipped.rar.pif"
"Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder"
"Added by the DLOADER-TP TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
