O20 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O20 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List

· Submit a Startup

· Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (5) 1 [2] 3 4 ... Last »

Name	Filename	Status	Description
winhld32	winhld32.dll	X	Identified as a variant of the Trojan.Agent.qt malware.
winbfi32	winbfi32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt Trojan.
winexy32	winexy32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt malware.
avgwlntf	avgwlntf.dll	Y	Related to AVG Antivirus.
TPSvc	TPSvc.dll	?	Related to the Vmware Workstation 6.0 virtualization software.
abc32reg	abc32.dll	X	Identified as a variant of the Win32/TrojanProxy.Xorpix.BS Trojan.
<not used>	skuns.dat	X	Fakealert Trojan which shows fake security alerts on your computer.
C:\WINDOWS\kernel%32.exe	kernel%32.exe	X	A Haxdoor installer.
rgbopx	rgbopx.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection is utilizes the ycsrga.sys and the ycsrgb.sys rootkits to hide itself.
<not used>	vsmvhk.dll	Y	Related to ShadowUser. From their website: "ShadowUser ShadowMode™ provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode™ system state no matter what has happened to the PC. At anytime, authorized users can save changes to the system, save selected files and folders or simply return the system to its pre-ShadowMode state.".
<not used>	sulimo.dat	X	Related to the SmitFraud infection.
monln	monln.dll	Y	Related to Comodo AntiVirus.
winazs32	winazs32.dll	X	Identified as a variant of the Trojan.Win32.Dialer.qn dialer.
<not used>	stdole32.dat	X	Trojan bundled with SmitFraud infections.
ati2paag	ati2paag.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the ati2psag.sys rootkit to hide itself.
w32tcomr	w32tcomr.dll	X	Added by the WORM_STRATION.RE worm.
<not used>	vbarccfg.dll	X	Added by the WORM_STRATION.RE worm.
%System%	APSHook.dll	Y	Related to security software by Cognizance.
nvsystl0	nvsystl0.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nvsystl3.sys rootkit to hide itself.
flashdma	flashdma.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the flashsmt.sys rootkit to hide itself.
winjvd32	winjvd32.dll	X	Identified as the Trojan.Agent.qt/Win32/Nebuler.BW malware.
winmfu32	winmfu32.dll	X	Identified as the Trojan.Win32.Agent.qt/BackDoor-CVT malware.
<not used>	systems.txt	X	Related to SmitFraud infections.
aeskap	aeskap.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nvmapi.sys rootkit to hide itself.
ovrscn	ovrscn.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the ovwscn.sys and the ovrscn.sys rootkits to hide itself.
<not used>	hrum.txt	X	Malware typically bundled with smitfraud infections.
<not used>	hrum323.txt	X	Malware typically bundled with smitfraud infections.
crypt32unchain	wlnotlfy.dll	X	Added by the TSPY_AGENT.AAVG spyware Trojan.
ati2kaag	ati2kaag.dll	X	A variant of the Goldun Trojan. This infection utilizes the ati2ksag.sys rootkit to hide itself.
<not used>	hadjajr.ini	X	Malware related to Smitfraud infections.
<not used>	hanonvt.ini	X	Trojan bundled with SmitFraud infections.
winpsa32	winpsa32.dll	X	Identified as the Trojan.Agent.qt malware.
efccdda	efccdda.dll	X	Added by the Virtumundo Installer adware.
<not used>	SoDAHK.DLL	X	Added by the Adware.Sogou adware.
<not used>	WINFBI32.dll	X	Added by the Backdoor.Ginwui.F backdoor. Backdoor.Ginwui.F is a Trojan horse that opens a back door and uses rootkit techniques to hide its presence.
winzzc32	winzzc32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt malware.
atietaxx	atietaxx.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the atietbxx.sys rootkit to hide itself.
icmuwmau	icmuwmau.dll	X	Added by the W32/Stratio-E worm.
loky2reg	loky2.dll	X	Identified by Kaspersky Anti-Virus as Trojan-Spy.Win32.Banker.dl. If you are infected with this file you should immediately change all of your online banking passwords and notify your banks.
winudu32	winudu32.dll	X	Identified as the BackDoor-CVT malware.
upsctrl0	upsctrl0.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the upsctrl3.sys rootkit to hide itself.
rlx5dom1	rlx5dom1.dll	X	Added by a variant of the Trojan.Goldun information stealing Trojan. This infection utilizes the rlx6dob6.sys rootkit to hide itself.
tphotkey	tphklock.dll	U	Part of the hotkey keyboard mapping software for IBM Thinkpad and Lenovo laptops.
tpfnf2	notifyf2.dll	?	Installed with IBM Thinkpad and Lenovo laptops.
OPXPGina	opxpgina.dll	Y	Added by the OmniPass security and authentication software.
winsaf32	winsaf32.dll	X	Identified as a variant of the Trojan.Win32.Agent.qt Trojan.
sysfldr	sysfldr.dll	X	Identified as a variant of the Trojan-Proxy.Win32.Agent.lv proxy Trojan.
usbmon	usbmons.dll	X	Added by the W32/SillyFDC-AO worm.
winbjv32	winbjv32.dll	X	A variant of the Trojan.Win32.Agent.qt Trojan.
winbug32	winbug32.dll	X	A variant of the Trojan.Win32.Agent.qt Trojan.
AwayNotify	AwayNotify.dll	Y	Related to the AwayManager program. The Away Manager program is an autonomic feature that utilizes the unused computing power on your system to perform a variety of maintenance tasks.
mav-8551	idsAX.dll	?	Added by the Nike JogaTV service that allows you to send soccer videos to other people.
xdudtt	xdudtt.dll	X	A variant of the HaxDoor Trojan.
<not used>	rsvp322.dll	X	Added by the Troj/Riler-AA Trojan.
<not used>	perfc000.dat	X	Malware related to and installed with the rogue anti-spyware program called WinAntiSpyware 2006 or WinAntiSpyware 2007.
<not used>	perfsm.dat	X	Malware related to and installed with the rogue anti-spyware program called WinAntiSpyware 2006 or WinAntiSpyware 2007.
wsmsge	wsmsge.dll	X	A variant of the Goldun Trojan. This infection utilizes the mswsaf.sys rootkit to hide itself.
<not used>	r3hook.dll	Y	Related to Kaspersky Antivirus.
smcss	smcss.dll	X	Added by the Troj/SCLog-AJ Trojan Spyware.
iexplorer	iexplorer.dll	X	Added by the Troj/SCLog-AI Spyware Trojan.
bpk	bpk.dll	X	Added by the Troj/SCLog-AK Spyware Trojan.
msmsgs	msmsgs.dll	X	Added by the Troj/SCLog-AL Spyware Trojan.
HackMuFpt	HackMuFpt.dll	X	Added by the Troj/SCLog-AG spyware Trojan.
mnsvcsp	mnsvcsp.dll	X	Added by the Troj/SCLog-A Trojan.
A3dxq	a3dx8.dll	X	Added by the Troj/Xorpix-Z proxy Trojan.
botreg	bot.dll	X	Identified as the Trojan-Proxy.Win32.Xorpix.bc Trojan.
atixdbxx	atixdbxx.dll	X	A variant of the Goldun/Haxdoor Trojan.
<not used>	NTDLL32.dll	X	Unidentified malware.
<not used>	aclekern.dll	X	Identified as the I-Worm.Warezov.fh worm.
<not used>	perfc000.dat	X	Added by the Trojan.Perfcoo Trojan.
atixdaxx	atixdaxx.dll	X	A variant of the Goldun Trojan. This infection utilizes the atixdbxx.sys rootkit to hide itself.
crypta	cryptsa.dll	X	Identified as the Trojan-Downloader.Win32.Agent.btd Trojan.
mms400	mms400.dll	X	Added by the Troj/Conhook-AF Trojan.
<not used>	mprmdpnm.dll	X	Added by the W32/Stration-AP worm.
<not used>	trafracp.dll	X	Added by the W32.Stration.IZ@mm worm. W32.Stration.IZ@mm is a worm that spreads by emailing itself to other computers. It also drops and downloads other variants in the W32.Stration@mm family of worms.
atiddaxx	atiddaxx.dll	X	Added by a variant of the Haxdoor Trojan. This infection also uses the atiddbxx.sys rootkit to hide itself.
linkerreg	linker.dll	X	Identified as Trojan-Proxy.Win32.Xorpix.ar.
dpl1npwm	dpl1npwm.dll	X	Added by the W32/Stration-NZ worm.
wudb	wudb.dll	X	Identified as Trojan.Downloader.Agent.BFO.
gdowxp	gdowxp.dll	X	A variant of the Troj/Haxdor-Fam Trojan. This infection utilizes the gdow2k.sys rootkit to hide itself.
gatwxkey	gatwxkey.dll	X	A variant of the Troj/Haxdor-Fam Trojan.
vxtnav	vxtnav.dll	X	A variant of the Troj/Haxdor-Fam Trojan. This infection utilizes the ramvxt.sys rootkit to hide itself.
waxw2k	waxw2k.dll	X	A variant of the Troj/Haxdor-Fam Trojan.
winprint	winprint.dll	X	A variant of the Troj/Haxdor-Fam Trojan. This infection utilizes the eps32sys.sys rootkit to hide itself.
OneCard	AsWlnPkg.dll	Y	Security authentication software from Cognizance Corporation.
linksrv0	linksrv0.dll	X	A variant of the Troj/Haxdor-Fam Trojan. This infection utilizes the linksrvd.sys rootkit to hide itself.
wsmsag	wsmsag.dll	X	A variant of the Troj/Haxdor-Fam Trojan. This infection utilizes the mswsaf.sys and the mswsag.sys rootkits to hide itself.
drtw3a	drtw3a.dll	X	Added by the Troj/Haxdoor-DO Trojan. This infection utilizes the NvVid.sys and drtw6a.sys rootkits to hide itself.
<not used>	htmlythyt.dll	X	Added by the Troj/Goldun-FS Trojan.
<not used>	hmlscr.dll	X	Added by the Troj/Bckdr-QIB backdoor Trojan.
<not used>	jpgstat.dll	X	Added by the W32/Stration-AN mass-mailing worm.
<not used>	confjpg.dll	X	Added by the W32/Stration-AN mass-mailing worm.
rainit	RAinit.dll	Y	Associated with Remotely Anywhere.
LOGDFI	LOGDFI.dll	X	Added by the Troj/BHO-BM Trojan.
winzoa32	winzoa32.dll	X	Identified as a Virtumonde related file.
igfxcui	igfxsrvc.dll	Y	Installed with video drivers for video cards that use Intel chipsets.
BITS	admpasr.dll	X	Added by the Troj/QQ-A spyware Trojan.
EFS	sclgntfy.dll	Y	Related to the Microsoft Service called Secondary Login Service Notification.
dimsntfy	dimsntfy.dll	Y	Microsoft file related to credential roaming. Found in Windows 2003 and Windows XP SP3.
PCANotify	PCANotify.dll	Y	Related to Symantec PcAnywhere.

Pages: (5) 1 [2] 3 4 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.