Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X@RUNDLL.EXE"Added by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
?clnwall"rundll.exe setupx.dll InstallHinfSection ..delwall.inf"
?LLMODCL2"rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF"
XLoadPowerProfileRundll.exe powerprof.dll"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
XMicrosoftrundll.exe"Added by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft Servicerundll.exe"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMSTrayrundll.exe"Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xnvirundllnvirundll.exe"Added by the SPYBOT.NPS WORM!"
Xrecover.bmp.exeRundll.exe"Added by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRegistryConfigrundll.exe"Added by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRunDllRunDll.exe"Added by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRunDLL Kernel File Corerundll.exe"Added by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRundllSvrRundll.exe"Added by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWin32 USB Driverrundll.exe"Added by the FORBOT-BN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows ConfigRUNDLL.EXE"Added by the SPYBOT-DX WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows Firevall Control Crundll.exe"Added by the GAERTOB.A TROJAN!"
XWindows Runtime Proccess32RUNdll.exe"Added by the SDBOT.QW WORM!"
XWindows Upaterundll.exe"Added by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows32rundll.exe"Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Win9x/Me system file of the same name as described here"
UZIBMACCrundll.exe ZIBMACC.INFZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.