Iap

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	BS Mediaplayer	bsplyr.exe	"Added by the RBOT-OU WORM!"
X	DivX MediaPlayer 7.0	Dr.DivX.exe	"Added by the ALADINZ.G TROJAN!"
X	elitemedia	elitemediapop.exe	"Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware"
U	FaxCtrl.exe	ASMediaProxyServer.exe	"Part of Avaya's Contact Center Express - ""a multi-channel
?	Iap	iap.exe	"Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about
X	Internet Antivirus Pro	IAPro.exe	"Internet Antivirus Pro rogue security software - not recommended
X	Media Pass	MediaPassK.exe	"WindUpdates MediaPass adware"
X	Media Pass	MediaPass.exe	"WindUpdates MediaPass adware"
X	MediaPath	Proyecto1.exe	"Added by the GRUEL WORM!"
X	MediaPath	Root.exe	"Added by the GRUEL WORM!"
X	MediaPipe P2P Loader	mpp2pl.exe	"MediaPipe peer-to-peer file swapping program also reported as a hijacker"
X	mediaplayer.exe	mediaplayer.exe	"Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs"
X	mediaplayer.exe	mediaplayer.exe	"Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf"
X	MediaPlayeS	MediaPlayer_update.exe	"Added by the STARTER-K TROJAN!"
X	mediapluscash.exe	mediapluscash.exe	"MediaGateway adware"
X	Microsoft Update	mediap.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Windows Media Player	mediaplayer.exe	"Added by a variant of the RBOT WORM!"
N	NokiaPCSuiteTray	LaunchApplication.exe	"System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC
N	NokiaPCSyncTray	PCSync.exe	"System Tray access to Nokia PC Sync - which ""allows you to synchronise contacts
X	Quicktime Mediaplayer	winmplyer32.exe	"Added by the RBOT-PM WORM!"
X	Quicktime Mediaplayr	wnmplyr.exe	"Added by a variant of the RBOT WORM!"
U	SIAPRO6	sia.exe	"Steganos Internet Anonym privacy software"
X	VC5MediaPlayer	[path to file]	"Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe""
X	Windows Media Player	wmediaplayer.exe	"Added by the AGOBOT-NQ WORM!"
X	Windows Media Player	MediaPIayer.exe	"Added by the SDBOT-QO TROJAN! Note - the lower case ""l"" in ""MediapIayer"" is a capital ""i"""
X	WMI Application Interface	wmiapi.exe	"Added by the SPYBOT.RBY WORM!"
X	WMI Performance Adapter Services	wmiapsrvs.exe	"Added by the RBOT.COU BACKDOOR!"
X	[various names]	mediaplayer32.exe	"Added by a variant of the RBOT WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.