Windows Startup Item Database

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	IPC Spool Manager	wnmgre.exe	"Added by the SDBOT-ZC WORM!"
X	IPC Spool Manager	winspec.exe	"Added by the SDBOT-BLU WORM!"
X	ipcfg.exe	ipcfg.exe	"Adware - recognized by McAfee antivirus as a variant of the AdClicker-BM trojan"
X	IPConfig	svcxnv32.exe	"Added by the HACARMY.E TROJAN!"
X	IPConfig	svcxnw32.exe	"Added by a variant of the HACARMY.E TROJAN!"
X	IpCtrl	ipcon32.exe	"Added by an unidentified VIRUS
X	IPFW	ipwf.exe	"Added by the DLOADER-YF TROJAN!"
?	IPHSend	IPHSend.exe	"AOL related. What does it do and is it required?"
X	IPInSightLAN 0*	ipclient.exe	"Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly ""phones home"" and wastes resources. * represents 1 or 2"
N	IPInSightMonitor 0*	ipmon32.exe	"Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. * represents 1 or 2"
Y	IPinst	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
?	iPlusAgent2	iAgent2.exe	"Related to iriver portable media products. What does it do and is it required?"
X	ipmon.exe	ipmon.exe	"Added by the RECERV or R3C.B TROJANS!"
X	IpNetwork	ipnetwork.exe	Maxifiles adware
X	Ipnuker	Ipnuker.vbs	"Added by the INKER.B WORM!"
X	iPOD USB Driver	IPODUSB.EXE	"Added by a variant of the RBOT WORM!"
X	iPod USB Service	iPODService.exe	"Added by a variant of the RBOT WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program FilesiPodin folder
U	iPodManager	iPodManager.exe	"Apple iPod Management software for the iPod MP3 player. Allows updating
?	iPodWatcher	iPodWatcher.exe	"Associated with Apple's iPod MP3 player. Detects when the iPod is connected?"
X	IPOT Service Drivers	compaq.exe	"Added by a variant of the FUROOTKIT TROJAN!"
X	IPOT Service Drivers	compaq.exe	"Added by a variant of the FUROOTKIT TROJAN!"
X	IPOT USB Service DRIVER	hpsebc087.exe	"Added by the SDBOT-WA WORM!"
X	IPOT USB Service DRV32	hpsebc08.exe	"Added by the SDBOT-WH WORM!"
N	IPPDetect	IPP4Detect.exe	"Part of Presto! Mr.Photo - ""an ideal program for creating
X	ipreg	ipreg.exe	"Added by the ZAGABAN-H TROJAN!"
N	iPrint Tray	iprntctl.exe	"Novell� iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net"
U	iProtectYou	ip.exe	"iProtectYou - internet filtering/parental control and network monitoring software"
X	iprun	iPY.exe	"iProtectYou spyware"
U	ipsecdialer	IPSECD~1.EXE	"Cisco VPN Client - lets local users gain Administrator privileges on the operating system"
U	ipsecdialer	ipsecdialer.exe	"Cisco VPN Client - lets local users gain Administrator privileges on the operating system"
Y	IPSecMon	IPSecMon.exe	"Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet"
X	IPTable Configuration	Winipcfgs.exe	"Added by a variant of the RBOT WORM!"
U	iptray	iptray.exe	"Intel Desktop Utility module - provides system info such as estimated cpu temp
X	IPv6 Helper Driver	csass.exe	"Added by the AGOBOT.TC WORM!"
X	IPv6 STUN Service	netstun.exe	"Added by a variant of the SDBOT WORM!"
N	IPW	IPW.exe	"Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to ""make and receive free Internet calls on your regular phone"" whilst ""at the same time
X	ipwf	ipwf.exe	"Added by the SCHOEBERL TROJAN!"
X	IpWins	ipwins.exe	"Added by Maxfiles adware"
?	IQES.exe	iqes.exe	"??"
U	Ir41_32.ax	regsvr32.exe [path] Ir41_32.ax	Intel� Indeo� video 4.4 Decompression Filter related
X	irassync	irasyncd.exe	"IRASSync adware"
X	irc session	sessionmgr.exe	"Added by the SDBOT-ACE WORM!"
Y	IREIKE	IreIKE.exe	"Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet"
N	iRis Active Monitor	winmon32.exe	"Iris Antivirus - discontinued
N	iRiS AntiVirus Active Monitor	WIMMUN32.exe	"Iris Antivirus - discontinued
U	iRiver AutoDB	MLService.exe	"Associated with the iRiver Music Manager"
N	iRiver Updater	Updater.exe	"Updates for the iRiver Music Manager - used with their digital music players"
U	IrMon	IRMON.EXE	System Tray access to infra-red devices. Not required unless you use infra-red devices
?	IRPMonitor	itcnmon.exe	"??"
X	irssyncd	irssyncd.exe	"SafeSurfing adware variant"
X	Irwftp	[path to trojan]	"Added by the BANCOS-AP TROJAN!"
X	irwftp	iexplorer.exe	"Added by the BANKER-AN TROJAN!"
X	irwftp	ftpmon.exe	"Added by the BANCBAN-BO TROJAN!"
U	IrXfer	IrXfer.exe	Microsoft Infrared Transfer application
X	ir_ftp	ir_ftp.exe	"Added by the IRFTP TROJAN!"
X	ir_ftp	irwftp.exe	"Added by the BANCOS.H TROJAN!"
N	IS CfgWiz	cfgwiz.exe	Norton Internet Security configuration wizard
X	Isass	Isass.exe	"Added by the FUTRO TROJAN!"
U	ISBMgr.exe	ISBMgr.exe	"Related to Sony ISB Utility. This program is non-essential process to the running of the system
N	isdbdc	isdbdc.exe	For Compaq PC's. May install properties in dial-up networking when you register with an ISP
U	isDeleteMe	isDel.bat	Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
N	ISDN Monitor	Linksts.exe	"Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards
U	ISDNwatch	IWatch.exe	"FRITZ!X ISDNWatch - ""dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"""
U	ISHelp	help.exe	"ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it"
U	iShield	iShield.exe	"""GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"""
Y	ISLP2STA	ISLP2STA.EXE	A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers
Y	ISP.COM High Speed	slipgui.exe	"User interface for Slipstream - internet acceleration through compression/decompression techniques
U	iSpyNOW	ispynow.exe	"iSpyNOW - remote monitoring and surveillance software"
X	Israfel	Israfel.vbs	"Added by the GAGGLE.D or GAGGLE.E WORMS!"
N	IsReminder	ISPopup.exe	"Related to GuardWare iShield - this is the registration reminder for the trial version
X	issEnc32Svr	issEnc32.exe	"Added by a variant of the RBOT WORM!"
N	ISSI EZUpdate Service	issimsvc.exe	Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
U	ISStart	ISStart.exe	"LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos
Y	ISSVC	ISSVC.exe	Part of Norton Internet Security Suite
Y	ISS_Certtool	certtool.exe	"IBM Client Security Certification Tool"
X	IST Service	istsvc.exe	"ISTBar adware"
X	ist service uninstall	[random filename]	"ISTBar parasite related"
X	istinstall zazzer.exe	istinstall zazzer.exe	Unidentified adware downloader/installer
N	ISUSPM Startup	ISUSPM.exe	InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
N	ISUSScheduler	issch.exe	InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
X	isystem	isystem.exe	"Added by the CHORUS-A TROJAN! Searchforfree browser hijacker"
U	Itk	Itk.exe	"In The Know - surveillance software that creates records of everything people do on a computer
U	itk.exe	itk.exe	"Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert"
U	iTouch	iTouch.exe	"iTouch loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock
N	ItsDeductiblePopUp	ItsDeductible.exe	"ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip"
X	ITUNES	itune.exe	"Added by the RBOT-ZU WORM!"
X	ITUNES	itunes.exe	"Added by the OSCABOT-L WORM! Note - this file will be placed in the WindowsSystem32 or WinntSystem32 folder
X	Itunes	dials.exe	"Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus"
Y	iTunes Helper	iTunesHelper.exe	Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
Y	iTunesHelper	iTunesHelper.exe	Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
?	itype	itype.exe	"Microsoft IntelliType Pro keyboard related - what does it do and is it required?"
N	Iusage	netdet.exe	"Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up"
N	IVPServiceMgr	ivpsvmgr.exe	"Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as
N	IW ControlCenter	iwctrl.exe	"Pinnacle Systems InstantWrite enables you to use your CD-R
U	iwctrl	iwctrl.exe	"Pinnacle Systems InstantWrite enables you to use your CD-R
X	ixplore	ixplore.exe	"Added by the SDBOT-CY TROJAN!"
X	ixproxy	[path to trojan]	"Added by the XORPIX-A TROJAN!"
X	iyelejiv	yujixit.exe	"Added by the SDBOT.BJK WORM!"
?	IZE	N/A	"??"
N	j2 Tray Menu	HotTray.exe	"eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here"
X	JA Cfg Util v2	jacfg2.exe	"Added by the RBOT-AL WORM!"
X	JA Config 32	Awesome32.exe	"Added by a variant of the SDBOT WORM!"
U	Jammer	jammer.exe	"Jammer by Agnitum - ""Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"""
X	Jammer2nd	Jammer2nd.exe	"Added by the NETSKY.Z WORM!"
X	Java applet	javaup.exe	"Added by the SDBOT-ACF WORM!"
X	Java Auto Update	ujm.exe	"Added by the SDBOT-ADH WORM!"
X	Java Runtime Value	runjava.exe	"Added by the RBOT-DDJ WORM!"
X	Java Runtimes	iexplore.exe	"Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a WinntJavaJava folder"
X	Java Virtual Machine	javaw.exe	"Added by a variant of the RBOT WORM!"
X	Java*.exe [ = random char]	Java*.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	Java*32.exe [ = random char]	Java*32.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	JavaScript Debugging Service	JsDbgMan.exe	"Added by the DERDEO.E WORM!"
X	JavaUpdate0.07	[filename]	"Added by the JUPDATE TROJAN!"
X	JavaUpdateSched	jusched32.exe	"Added by the CKB TROJAN!"
X	JavaVM	java.exe	"Added by the MYDOOM.M or MYDOOM.N or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows ""java.exe"" which resides in C:WindowsSystem (Win9x/Me)
X	jawa32	jawa32.exe	"Added by the AGENT.BG WORM!"
X	Jawa322	jawa32.exe	"Added by a variant of the AGENT.BG trojan"
N	JB	Jiffybar.exe	"Get Paid As You surf" application
N	Jet Detection	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Y	JetAdmin Discovery Indicator	HPJETDSC.EXE	"HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry
X	jete	yujixit.exe	"Added by the SDBOT.BRT WORM!"
X	jijbl	ezlwy.bat	"Added by the REDDW WORM!"
U	Job-oversigt	taskmon.exe	"Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users
U	JobHisInit	JobHisInit.exe	Used by Ricoh network printers to enable network printing from the client
U	Jog Serve	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
U	JogServ2	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
?	jotl	millenzje.exe	"??"
X	Jreg	Jreg2b.exe	"BroadcastPC adware variant"
X	Jufualt	winxp2.exe	"Added by the SDBOT-AAB WORM!"
X	Jufualt	svhost.exe	"Added by the SDBOT-ADJ WORM!"
N	jusched	jusched.exe	"Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel"
X	jushed32.exe	jushed32.exe	"CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!"
U	JussDropUtility	JussDrop.exe	"Related to DropShots Inc. A subscription based service for family to connect

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.