Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
X*Bandookmsdll.exe"Added by an unidentified TROJAN - see here"
X@RUNDLL.EXE"Added by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xangeleyesmsdll.exe"Added by the VB.PI TROJAN!"
XAOL Instant Messenger dll runtimeMSAOL32dll.exe"Added by the RBOT-ATA WORM!"
?clnwall"rundll.exe setupx.dll InstallHinfSection ..delwall.inf"
XCLSIDdll.exeAdult content dialler
Xcmsoundvcpdll.exe"Added by the TCXMEDI-D downloader TROJAN!"
XDistributed File Systemkernel32dll.exe"Added by the MYFIP-C or MYFIP.K WORMS!"
XDivxcodll.exe"Added by the GRAVEBOT-A TROJAN!"
Xdmtdlldmtdll.exe"Added by a variant of the CRYPTER.C TROJAN!"
Xdrvddll.exedrvddll.exe"Added by the BEAGLE.AP WORM!"
XDrvddll_exedrvddll.exe"Added by the BEAGLE.X WORM!"
Xdxdll32ntxdll.exe"Added by the GAOBOT.CPX WORM!"
Xerthgdrwindll.exe"Added by the BEAGLE.AO or BEAGLE.AQ WORMS!"
Xfilename processkerneldll.exe"Added by the AGOBOT-PO WORM!"
XFirevall Administratingrndll.exe"Added by the PUSHBOT-B WORM!"
XGraphics adapter servicewindll.exe"Added by the ATNAS.A WORM!"
Xho2stdll.exeho2stdll.exe"Added by the BANKER-HO TROJAN!"
Xhostdll.exehostdll.exe"Added by the BANKER-BO TROJAN!"
XHPNThpdll.exe"Malware downloader - detected by Kaspersky as the VB.KU TROJAN!"
Xiedlliedll.exe"Homepage hijacker
XInterdllInterdll.exe"Added by the DELF family of TROJANS!"
XInternet Exploere Servicesurlmon32.dll.exe"Added by the EVIAN.C WORM!"
XKavRunsWindll.exe"Added by the TRYNOMA TROJAN!"
Uklprun32dll.exe"PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online"
?LLMODCL2"rundll.exe setupx.dll InstallHinfSection ..LLMODCL2.INF"
Xload=dapdll.exe"Added by the ATAK.E WORM!"
Xloaddllloaddll.exe"Winvest spyware"
XLoadPowerProfileRundll.exe powerprof.dll"Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
XMdmdllmdmdll.exe"Added by the CRYPTER TROJAN!"
XMedia PlayerSysdll.exe"Added by the BANKER-BR TROJAN!"
XMicrosoftrundll.exe"Added by the RBOT-GSJ WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft Dllrunapidll.exe"Added by the RBOT-GRG WORM!"
XMicrosoft DLL ExtensionsSystemDll.exe"Added by the RBOT-ADV WORM!"
XMicrosoft Dll Managementwindll.exe"Added by the RBOT-MT WORM!"
XMicrosoft Dll Managermicrosoft32dll.exe"Added by the SHEUR.LH TROJAN!"
XMicrosoft DLL Serviceservicedll.exe"Added by the IRCBOT.OX BACKDOOR!"
XMicrosoft DLL Servicesvcdll.exe"Added by a variant of the SPYBOT WORM!"
XMicrosoft Servicerundll.exe"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMicrosoft Windows DLL Servicesmwindll.exe"Added by the SDBOT-VX WORM!"
XMicrosoft Windows DLL Services Configurationnewdll.exe"Added by the SDBOT-ZR WORM!"
XMicrosoftUpdatewindll.exe"Added by the RBOT-IH WORM!"
XMsgSvcMgr32cmdzxdll.exe"Added by the RBOT-AEK WORM!"
UMSSCDLMSSCDLL.exe"SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself!"
XMSTaskrun dll.exe"Yuupsearch adware"
XMSTrayrundll.exe"Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XMsVBdllsys32dll.exe"Added by the AIMDES.B or AIMDES.C WORMS!"
XMswavedllmswavedll.exe"Added by the CRYPTER-C TROJAN!"
Xntdllntdll.exe"Added by the BIONET.404 TROJAN!"
Xnvirundllnvirundll.exe"Added by the SPYBOT.NPS WORM!"
Xrecover.bmp.exeRundll.exe"Added by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRegistryConfigrundll.exe"Added by the AGOBOT-KN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Urtcdllrtcdll.exe"RTCDLL is ""Real Time Communication"" and is associated with Windows Messenger (the IM application
Xrun32run32dll.exe"Added by the SDBOT-CWB WORM!"
XRun32dllocxdll.exe"Added by an unidentified VIRUS
XRunDllRunDll.exe"Added by the QQPASS-AH TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XRunDLL Kernel File Corerundll.exe"Added by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xrundll***die.exe [path] mdll.exe"Added by the SUMTAX TROJAN! where *** is 134
XRundllSvrRundll.exe"Added by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
Xscopedllscopedll.exe"Added by a variant of the CRYPTER.C TROJAN!"
XServiceOptionMP3winamp.dll.exe"Added by the SAMSON-A TROJAN!"
XServices DLL Loadersrvdll.exe"Added by the SLENFBOT.ZS WORM!"
XServices32 Startupwin32dll.exe"Added by the SDBOT-XO WORM!"
XShellWin32.dll.exe"Added by the VB.BTX TROJAN!"
Usrv32winwin16dll.exe"Screenspy captures screenshots silently. If you didn't install this yourself remove it"
Xsys32dllsys32dll.exe"Added by the AIMDES.B WORM!"
XSysctrlsprocdll.exe"Added by the WEEDBOTZ.14 TROJAN!"
XSysctrlswin32dll.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
Xsysdat.dllsysdat.dll.exeAdded by the NISHICA 1.1 TROJAN!
Xsysdllwindll.exe"Added by the AUTORUN.ECT WORM!"
USystem DLL Resourcessysdll.exe"SnapKey is a surveillance software program that records all keyboard activities. Uninstall this software unless you put it there yourself"
XSystem4224411Systemdll.exe"Added by the YUSUFALI-B WORM!"
XSystemDllSystemDll.exe"Added by the LOXOSCAM TROJAN!"
XTask Debuggersysdll.exe"Added by the RBOT-CQ WORM!"
Uwin16.dllwin16dll.exe"Screenspy captures screenshots silently. If you didn't install this yourself
XWin32 USB Driverrundll.exe"Added by the FORBOT-BN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWin32dllWin32dll.exe"Added by the BANPAES TROJAN!"
XWindllWindll.exe"Added by the TRYNOMA TROJAN!"
XWindll.exeWindll.exe"Added by the STEALER TROJAN!"
XWindows ConfigRUNDLL.EXE"Added by the SPYBOT-DX WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows Firevall Control Crundll.exe"Added by the GAERTOB.A TROJAN!"
XWindows Installerntdll.exeAdded by an unidentified WORM or TROJAN!
XWindows Registry DLLwinregdll.exe"Added by the IRCBOT.FB BACKDOOR!"
XWindows Registry Scansvcdll.exe"Added by the RBOT-TP WORM!"
XWindows Runtime Proccess32RUNdll.exe"Added by the SDBOT.QW WORM!"
XWindows Serviceswinsysdll.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows SystemDllSYSTEMDLL.EXE"Added by the AGOBOT-LP WORM!"
XWindows Upaterundll.exe"Added by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWindows32rundll.exe"Added by the AGOBOT-LK or AGOBOT-ND WORMS! Note - this is NOT the Win9x/Me system file of the same name as described here"
XWinlmewindll.exe"Added by the GOP.F WORM!"
Xwinreg_32sysdll.exe"Added by the DLOADER-IJ TROJAN!"
XWinsock2 dllsW32DLL.EXE"Added by the SPYBOT-CS BACKDOOR!"
XwinstroRUN32DLL.exe"Added by the FTP_ANA TROJAN!"
XWinSysStartUpWKbLwTaskSystemDll.Exe"Added by the BACKZAT.G WORM!"
Xwintsk32dllwintsk32dll.exe"Added by the RBOT-AAJ WORM!"
Xwinudll.exewinudll.exe"Added by the MITGLIE-CE TROJAN!"
XZekio Startupscondll.exe"Added by the AGOBOT-AGD WORM!"
UZIBMACCrundll.exe ZIBMACC.INFZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
X[14 random numbers]mradll.exe"Green AV rogue security software - not recommended
X[random name]r?ndll.exe"PurityScan adware"
X[random name]mrgdll.exe"Nortel Antivirus rogue security software - not recommended"
X[various names]avpmondll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]iesetupdll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]keybdll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]powerdll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]SetupExeDll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]WinInitDll.exe"Wareout - malware masquerading as a spyware and dialer remover"
X[various names]MSTCPDLL.exe"Wareout - malware masquerading as a spyware and dialer remover"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.