O20 HijackThis Entries

bleepingcomputer.com

Welcome Guest (Log In | Create Account)

New Member? Join for free.

BleepingComputer.com -> Startup Programs Database -> O20 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (6) 1 [2] 3 4 ... Last »

Name	Filename	Status	Description
<not used>	rwinsta.dll	X	Identified by Kaspersky as the Trojan.Win32.Agent.bea Trojan.
<not used>	swrcfzc.dll	X	Added by the PWS-OnlineGames.q password-stealing Trojan.
<not used>	ddcyvtr.dll	X	Added by an unknown malware.
<not used>	kvdxscma.dll	X	Added by the TSPY_ONLINEG.IRZ malware.
<not used>	avwgcmn.dll	X	Added by the Infostealer.Gampass malware.
<not used>	rtmp.dll	X	Added by the Troj/Lineag-DE password-stealing Trojan for the online game Lineage.
px86emul	px86emul.dll	X	Added by a variant of the Haxdoor Trojan family. This infection utilizes the x86emul.sys rootkit to hide itself.
msdtc32	msdtc32.dll	X	Identified as a variant of the Trojan-Downloader.Win32.Small.hoa malware.
<not used>	hookhelp.dll	X	Added by the PWS-OnlineGames.q.dll information stealing Trojan for online games.
ENTERPRISE	ENTERPRISE.dll	X	Unknown malware.
<not used>	wowfx.dll	X	Identified as a variant of the Win32/TrojanDownloader.Fakealert.G Trojan. This Trojan displays fake security alerts on your computer.
securityService	securityService.dll	X	Added by the Troj/KillJWS-A Trojan.
isodvrtg	isodvrtg.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the isodvstg.sys rootkit.
crypt32	crypt32rt.dll	X	Unknown malware.
<not used>	kus109.dat	X	Identified as a variant of the AdWare.Win32.Agent.zo malware.
Antiwpa	antiwpa.dll	X	An illegal software crack used to bypass copy protection for Windows.
yaywxxw	yaywxxw.dll	X	A variant of the Adware.Virtumonde infection.
rqrqrqq	rqrqrqq.dll	X	Identified by AVG as a variant of the Trojan horse BHO.CWF malware.
<not used>	kurva.dat	X	Identified as a variant of the Trojan.Virantix.B malware.
<not used>	win32ipzip.dll	X	Added by the Trojan.Goldun Trojan.
winrvc32	winrvc32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
winwly32	winwly32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
winuqw32	winuqw32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
winmxw32	winmxw32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
winhoq32	winhoq32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
wingsa32	wingsa32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
winemx32	winemx32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
wineij32	wineij32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.yz malware.
bootrom8	bootrom8.dll	X	A variant of the Troj/Haxdor-Gen Trojan. This infection utilizes the necsort.sys rootkit.
ssqroon	ssqroon.dll	X	Identified by AVG as Trojan.Awax.
<not used>	SysWln74_3.dll	X	Added by the PSW.OnlineGames.NNM password-stealing Trojan.
<not used>	mslogon.dll	X	Added by the W32.Vapka.A worm. W32.Vapka.A is a worm that spreads by copying itself to removable media and steals confidential information.
<not used>	murka.dat	X	Added by the Trojan.Virantix.B Trojan. Trojan.Virantix.B is a Trojan horse that ends antivirus applications and displays a fake security alert. It also uses a rootkit to hide itself and modifies the Internet Explorer home page.
PSUTY	PSUWNP.dll	?	Related to FUJITSU LIMITED.
crypt	crypts.dll	X	Added by the Troj/Agent-GJR Trojan.
md4hsh	md4hsh.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nvnatv.sys and the nvnati.sys rootkits to hide itself.
csfdll	smartwarxyu.dll	X	Identified as a variant of the Trojan-Spy.Win32.Delf.asq malware.
winwim32	winwim32.dll	X	Identified as Win32/Nebuler variants.
winosz32	winosz32.dll	X	Identified as Win32/Nebuler variants.
winepi32	winepi32.dll	X	Identified as Win32/Nebuler variants.
kerberos4	(Random Name).dll	X	A variant of the Win32:Agent-NZR malware.
ati2krtg	ati2krtg.dll	X	A variant of the Haxdoor Trojan. This infection is hidden by the ati2kstg.sys rootkit.
ke32paag	ke32paag.dll	X	A variant of the Haxdoor Trojan. This infection is hidden by the ke32psag.sys rootkit.
acautsrv	ackpbsc.dll	Y	Related to ActivIdentity security software.
acunlock	acunlock.dll	Y	Related to ActivIdentity security software.
ackpbsc	ackpbsc.dll	Y	Related to ActivIdentity security software.
DeviceNP	DeviceNP.dll	Y	Installed with certain Hewlett Packard software/hardware.
<not used>	kvmxfma.dll	X	Identified by Kaspersky Antivirus as a variant of the Trojan-Dropper.Win32.Mudrop.fg malware.
xtav3des	xtav3des.dll	X	A variant of the Haxdoor Trojan. This infection utilizes the xdrve9d.sys rootkit to hide itself.
<not used>	guard32.dll	Y	Related to Comodo Firewall Pro.
ewsmsg	ewsmsg.dll	X	Added by a variant of the Troj/Haxdoor Trojan.
ivn4reg	ivn4.dll	X	Identified as a variant of the Trojan-Proxy.Win32.Xorpix.ci Trojan.
winhld32	winhld32.dll	X	Identified as a variant of the Trojan.Agent.qt malware.
winbfi32	winbfi32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt Trojan.
winexy32	winexy32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt malware.
avgwlntf	avgwlntf.dll	Y	Related to AVG Antivirus.
TPSvc	TPSvc.dll	U	Related to the Vmware Workstation virtualization software. It is a printer mapping technology that is used to map a user's printers based on a rules table in an Active Directory policy.
abc32reg	abc32.dll	X	Identified as a variant of the Win32/TrojanProxy.Xorpix.BS Trojan.
<not used>	skuns.dat	X	Fakealert Trojan which shows fake security alerts on your computer.
C:\WINDOWS\kernel%32.exe	kernel%32.exe	X	A Haxdoor installer.
rgbopx	rgbopx.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection is utilizes the ycsrga.sys and the ycsrgb.sys rootkits to hide itself.
<not used>	vsmvhk.dll	Y	Related to ShadowUser. From their website: "ShadowUser ShadowMode™ provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode™ system state no matter what has happened to the PC. At anytime, authorized users can save changes to the system, save selected files and folders or simply return the system to its pre-ShadowMode state.".
<not used>	sulimo.dat	X	Related to the SmitFraud infection.
monln	monln.dll	Y	Related to Comodo AntiVirus.
winazs32	winazs32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.qn dialer.
<not used>	stdole32.dat	X	Trojan bundled with SmitFraud infections.
ati2paag	ati2paag.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the ati2psag.sys rootkit to hide itself.
w32tcomr	w32tcomr.dll	X	Added by the WORM_STRATION.RE worm.
<not used>	vbarccfg.dll	X	Added by the WORM_STRATION.RE worm.
%System%	APSHook.dll	Y	Related to security software by Cognizance.
nvsystl0	nvsystl0.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nvsystl3.sys rootkit to hide itself.
flashdma	flashdma.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the flashsmt.sys rootkit to hide itself.
winjvd32	winjvd32.dll	X	Identified as the Trojan.Agent.qt/Win32/Nebuler.BW malware.
winmfu32	winmfu32.dll	X	Identified as the Trojan.Win32.Agent.qt/BackDoor-CVT malware.
<not used>	systems.txt	X	Related to SmitFraud infections.
aeskap	aeskap.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nvmapi.sys rootkit to hide itself.
ovrscn	ovrscn.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the ovwscn.sys and the ovrscn.sys rootkits to hide itself.
<not used>	hrum.txt	X	Malware typically bundled with smitfraud infections.
<not used>	hrum323.txt	X	Malware typically bundled with smitfraud infections.
crypt32unchain	wlnotlfy.dll	X	Added by the TSPY_AGENT.AAVG spyware Trojan.
ati2kaag	ati2kaag.dll	X	A variant of the Goldun Trojan. This infection utilizes the ati2ksag.sys rootkit to hide itself.
<not used>	hadjajr.ini	X	Malware related to Smitfraud infections.
<not used>	hanonvt.ini	X	Trojan bundled with SmitFraud infections.
winpsa32	winpsa32.dll	X	Identified as the Trojan.Agent.qt malware.
efccdda	efccdda.dll	X	Added by the Virtumundo Installer adware.
<not used>	SoDAHK.DLL	X	Added by the Adware.Sogou adware.
<not used>	WINFBI32.dll	X	Added by the Backdoor.Ginwui.F backdoor. Backdoor.Ginwui.F is a Trojan horse that opens a back door and uses rootkit techniques to hide its presence.
winzzc32	winzzc32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt malware.
atietaxx	atietaxx.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the atietbxx.sys rootkit to hide itself.
icmuwmau	icmuwmau.dll	X	Added by the W32/Stratio-E worm.
loky2reg	loky2.dll	X	Identified by Kaspersky Anti-Virus as Trojan-Spy.Win32.Banker.dl. If you are infected with this file you should immediately change all of your online banking passwords and notify your banks.
winudu32	winudu32.dll	X	Identified as the BackDoor-CVT malware.
upsctrl0	upsctrl0.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the upsctrl3.sys rootkit to hide itself.
rlx5dom1	rlx5dom1.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the rlx6dob6.sys rootkit to hide itself.
tphotkey	tphklock.dll	U	Part of the hotkey keyboard mapping software for IBM Thinkpad and Lenovo laptops.
tpfnf2	notifyf2.dll	?	Installed with IBM Thinkpad and Lenovo laptops.
OPXPGina	opxpgina.dll	Y	Added by the OmniPass security and authentication software.
winsaf32	winsaf32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt Trojan.
sysfldr	sysfldr.dll	X	Identified as a variant of the Trojan-Proxy.Win32.Agent.lv proxy Trojan.
usbmon	usbmons.dll	X	Added by the W32/SillyFDC-AO worm.

Pages: (6) 1 [2] 3 4 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.