Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	HXDL.EXE	HXDL.EXE	"Attune HelpExpress - spyware. Disable and uninstall - see here"
X	HXIUL.EXE	HXIUL.EXE	"Attune HelpExpress - spyware. Disable and uninstall - see here"
U	HydarVisionDesktopManager	desk95.exe	"ATI's HydraVision desktop management software
U	HydraVisionDesktopManager	desk98.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
U	HydraVisionViewport	viewport.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
X	Hyper Start	instantmsgrs.exe	"Added by the RBOT-NH WORM!"
X	I am not Ranky. I am eTunnel!	msyervice.exe	Added by an unidentified WORM or TROJAN!
X	I am not Ranky. I am eTunnel!	winsys.exe	Added by an unidentified WORM or TROJAN!
X	I am not Ranky. I am eTunnel!	disney.exe	Added by an unidentified WORM or TROJAN!
X	I-Worm.GiGu	uGiG.eXe	"Added by the GINK WORM!"
X	I/O Controllers	svcnet.exe	"Added by the TIBIK-B TROJAN!"
X	I386	I386.exe	"Added by the MYPOWER WORM!"
?	I81SHELL	I81SHELL.exe	"Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard"
U	i8kfangui	i8kfangui.exe	Graphical interface for fan speed control
U	IAAnotif	iaanotif.exe	"IAA Event Monitor User Notification Tool - part of Intel� Application Accelerator - ""a performance software package for desktop PCs using select Intel� chipsets"" that ""replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs."" If you use the RAID version it's required to notify you if a RAID 1 disk has failed"
Y	iamapp	iamapp.exe	"AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago
X	Iamnacho On Irc.MusIrc.com Is a Homosexual!	XBox64.exe	"Added by the RANDEX.Y WORM!"
?	Iap	iap.exe	"Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about
U	ias	ias.exe	"InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	IASHLPR	IASHLPR.EXE	"Added by the OPASERV.T WORM!"
X	ibin	[path to trojan]	"Added by the PERDA-C TROJAN!"
X	ibm	ibm.exe	"Added by the LEGMIR-AH TROJAN!"
?	IBM Warranty Notification	ERTS0749.exe	"IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?"
N	ibmmessages	ibmmessages.exe	"Allows IBM to push messages onto users' computers. Quote: ""The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"""
?	Ibmmon.exe	Ibmmon.exe	"??"
U	Ibmpmsvc	ibmpmsvc.exe	"Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn
?	IBMPRC	ibmprc.exe	IBM application - what does it do and is it required?
U	IBMUltraBayHotSwapCPLLoader	IBMBAY2N.EXE	Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
?	IBMUltraBayHotSwapSound	IBMBAYSN.EXE	"Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?"
Y	IBM_PWMGR	pwmgr.exe	IBM Password Manager
U	IBWin Background process	IBackground.exe	"IBackup for Windows"
U	IBWin Monitor	IBMonitor.exe	"IBackup for Windows"
Y	IcaBar	icabar.exe	Related to Citrix MetaFrame
X	icasServ	icasServ.exe	"Browser hijacker
X	ICcontrol	iccontrol.exe	"Added by the ICcontrol premium rate adult content dialer"
X	icdd7ee6	"rundll32.exe [path] icdd7ee6.dll	EnableRunDLL32"
X	icddefff	"rundll32.exe [path] icddefff.dll	EnableRunDLL32"
N	ICH Synth	eusexe.exe	"Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices"
X	icifati	yujixit.exe	"Added by the SDBOT.ZZH WORM!"
U	iClean	iClean.exe	"IEClean - ""advanced
U	ICM	ICM.EXE	"Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail"
N	iCn	NAG.EXE	"iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy
N	ICO	ICO.EXE	Found on Sony Vaio and IBM Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
N	Icon Animation	HDE.EXE	Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
N	Icon Hearit 95	hearit95.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
N	Icon Hearit 98	hearit98.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
X	Icon lptt01	icon.exe	"RapidBlaster variant (in a ""Icon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	Icon ml097e	icon.exe	"RapidBlaster variant (in a ""Icon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
Y	ICONCLNT	iconclnt.exe	"APC PowerChute Tray Icon. Associated with the UPS listing"
U	ICONDESK	ICONDESK.EXE	Small utility which will allow you the option of hiding or showing your desktop icons
N	Iconfig.exe	Iconfig.exe	Icon for LS-120 "Superdisk"
X	iConfigLoader	DIIhost.exe	"Added by the GAOBOT.AO WORM!"
N	Iconoid	Iconoid.exe	"Iconoid is a desktop icon manager"
N	Iconsaver	Iconsaver.exe	"IconSaver is a desktop icon manager"
X	ICQ	ICQNET.vbs	"Added by the GORMLEZ-A WORM!"
X	ICQ Center	[path to worm]	"Added by the RANDIN WORM!"
X	ICQ Chat Service	icqjdhs.exe	"Added by a variant of the RBOT WORM!"
X	ICQ Hacking Pro	ICQpro.exe	"Added by a variant of the NETSPY TROJAN!"
N	ICQ Lite	ICQLite.exe	"ICQ Lite - compact version of the popular messaging program"
X	ICQ Lite Messenger	[random filename]	"Added by an unidentified VIRUS
X	ICQ Messenger 2002	ICQ2002.exe	"Added by the SDBOT-ABL WORM!"
X	ICQ Net	winlogon.exe	"Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
N	ICQ Plus	vplus.exe	"ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs"
X	IcqBeta	webcamupdate.exe	Added by an unidentified TROJAN!
X	ICQNet	winlogon.exe	"Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process
X	icrosof Avps32 Control	av32.pif	"Added by the RBOT-AVC WORM!"
X	icrosoft Visual	plscx.exe	"Added by the RBOT-AYO WORM!"
X	icrosoft Visual InterDevc	zvslmqb.exe	"Added by the RBOT-AYP WORM!"
X	icrosoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AER WORM!"
X	icrosoftf Avpx Control	avpx.exe	"Added by the RBOT-AYN WORM!"
U	ICSDCLT	"rundll32.exe Icsdclt.dll	ICSClient"
N	ICServer	Icserver.exe	Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
Y	ICSMGR	ICSMGR.EXE	Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers
N	IC_KEY_3	spvic.exe	"Instant Chess related"
N	ID Commander	IDCom.exe	Caller ID utility for identifying incoming telephone numbers
X	ID8525	ID8525.exe	"Added by the ID8525.A TROJAN!"
X	ID8525	id85255.exe	"Added by the ID8525.A TROJAN!"
?	IDA	IDA.EXE	"HP related - in a Program FilesHewlett-PackardPC COE folder"
X	IDE	ide.exe	"Added by the ASSASIN.F TROJAN!"
X	IDE Loader	IDElibr32.exe	"Added by the XILON TROJAN! Related to the game ""Diablo II"""
X	idecntl	idecntl.exe	"Added by a variant of the CRYPTER.C TROJAN!"
U	iDesktop	idesktop.exe	"Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse"
N	IDMan	IDMan.exe	"Internet Download Manager - download files faster
X	IDTemplates	IDTemplate.exe	"Added by the BRONTOK-H WORM!"
N	IDW Logging Tool	idwlog.exe	Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
X	IE configure	explorer.exe	"Added by the LINEAGE-C TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!"
U	IE Doctor	IEDoctor.exe	"IE Doctor Toolbar - ""IE Doctor can help you to Repair IE easily
X	IE Java Update	iejava.exe	"Added by the AGENT-HD TROJAN!"
X	IE Menu Extension toolbar	rundll32.exe [path] tbextn.dll DllShowTB	"Topconverting.com/180Search ""IEMenuExtension"" toolbar"
U	IE New Window Maximizer	iemaximizer.exe	"IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows"
X	IE Runtime	wini.exe	"Added by the PICRATE.B WORM!"
X	IE Runtimes	winis.exe	"Added by the a href=""http://www.sophos.com/virusinfo/analyses/w32rbotadz.html"" target=_blank>RBOT-ADZ TROJAN!"
X	IE*.exe [ = random char]	IE*.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	IE*32.exe [ = random char]	IE*32.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	IE6	wkstmg.exe	"Added by a variant of the SDBOT WORM!"
X	IE6	ssmss.exe	"Added by the GAOBOT.DXO WORM!"
X	IE6	porn.pif	"Added by the RBOT-ATF WORM!"
X	IEACCESS	temp532.exe	"AsdPlug premium rate adult content dialer variant"
X	IEACCESS	surfya.exe	"IEAgent update check	iewatch.exe	"Added by the BOMKA TROJAN!"
N	iecheck	iecheck.exe	"Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2"
X	IECheck	MSDTCs.exe	"Added by the TIRBOT-D WORM!"
X	IECheck	xpssl.exe	"Added by the TIRBOT-E WORM!"
X	IECheck	mssvp.exe	"Added by the TIRBOT-G WORM!"
U	IECleanAux	Ieboot6.exe	"IEClean by Kevin McAleavy - cookie manager
X	iedll	iedll.exe	"Homepage hijacker
X	IEDriver	IEDriver.exe	Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
X	IEDriver	xplore.exe	"IEDriver adware variant"
X	IEDriver	TD.exe	"IEDriver adware variant"
X	IEengine	IEeng.exe	"STARTPAG.AI hijacker"
X	IEFeatures	IEFeatures.exe	"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
X	IEFeatures	Internetfeatures.exe	"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
X	IefxTray	IefxTray.exe	"Added by the RILER-H TROJAN!"
X	ieharv.exe	ieharv.exe	"Added by the BANKER-HH TROJAN!"
X	Iehelper	syslaunch.exe	Outwar adware downloader
X	iel2cde8	"rundll32.exe [path] iel2cde8.dll	EnableRunDLL32"
X	ielcaabe	"rundll32.exe [path] ielcaabe.dll	EnableRunDLL32"
X	IELoader32	iexplore32.exe	"Added by the SPEX or SPEX.B WORMS!"
X	Iesar	Iesar.exe	Browser hijacker - redirecting to an adult web page
X	Iesearch.exe	Iesearch.exe	"LookNSearch adware"
X	IEService.exe	IEService.exe	FastFind parasite variant
X	iestart	iexp1orer.exe	"Added by the NEMOG.C TROJAN!"
N	ietsr	ietsr.exe	"IEClean by Kevin McAleavy - cookie manager
X	ieupdate	MCP**.exe [** = random char]	"Added by the ASOXY TROJAN!"
X	ieupdate	mcpdll32.exe	Adware downloader trojan
X	IEXPL0RER	IEXPL0RER.EXE	"Added by the AGOBOT-QL WORM!
X	iexpl0res	iexpl0res.exe	"Added by the RBOT.AEX WORM! Note - this malware actually changes the default value data of the Registry ""Run"" key in order to force Windows to launch it at boot"
X	Iexploit	Iexploit.html	"Added by the INKER.B WORM!"
X	Iexplore	iexplore.exe	"Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"
X	IEXPLORE	iexplore.exe	"Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	IExplore	IEXPLORE.EXE	"Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a ""Custom"" subfolder"
X	IExplore	IEXPLORE.exe	"Added by the DLOADR-AAM TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the ""Arquivos de programasInternet ExplorerCustom"" folder"
X	IEXPLORE	IEXPLORE.EXE	"Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.