O20 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O20 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List

· Submit a Startup

· Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (5) 1 2 [3] 4 5

Name	Filename	Status	Description
!SASWinLogon	SASWINLO.dll	Y	Related to the SuperAntiSpyware anti-spyware program.
p4reg	p432.dll	X	Unknown malware.
termserv	odbcct32.dll	X	Added by the Troj/Agent-ENG Trojan.
<not used>	trkwvga2.dll	X	Added by the WORM_WAREZOV.AP worm. This memory-resident worm may arrive on a system via Skype, the instant messaging application that uses Voice over Internet Protocol (VoIP).
<not used>	oebdfc.dll	X	Added by the WORM_STRATION.EV worm.
xpspqdvd	xpspqdvd.dll	X	Identified by Kaspersky Antivirus as Email-Worm.Win32.Warezov.lk.
qhdtvv	qhdtvv.dll	X	Added by the Troj/Goldun-FI Trojan. This infection utilizes the ssipod1.sys rootkit to hide itself.
WgaLogon	WgaLogon.dll	Y	This file is a legitimate Windows oeprating system file. It used as part of Windows Genuine Advantage and alerts when you are using an unvalidated Microsoft product.
rlx51dom	rlx51dom.dll	X	Added by the Troj/Haxdor-Fam. This infection utilizes the rlx66dob.sys rootkit to hide itself.
wmstream32	wmstream32.dll	X	Added by the Troj/PWS-AHX password-stealing Trojan.
mljkhhh	mljkhhh.dll	X	Added by the Troj/Virtum-AH Trojan.
qomjkih	qomjkih.dll	X	Added by the Troj/Virtum-V Trojan.
<not used>	nv4_icm3.dll	X	Added by the W32/Stration@MM mass-mailing worm.
flballoon	flwzx.dll	X	Added by the Troj/Agent-ECK Trojan.
msupdate	soemuav.dll	X	Added by the Troj/Dloadr-ASQ Trojan.
<not used>	kernel32.sys	X	Added by the W32/SillyFDC-N worm. W32/SillyFDC-N spreads through removeable storage devices, including floppy drives and USB keys. The worm attempts to create a hidden file Autorun.inf on the removeable drive and copy itself to the removeable drive with the filename autorun.exe
mi5035a0	mi5035a0.dll	X	A variant of the Troj/Haxdor backdoor Trojan. This infection utilizes the mi5035a5.sys rootkit to hide itself.
xmm13g	xmm13g.dll	X	Added by the Troj/Haxdoor-DM backdoor Trojan. This infection utilizes the mmx19g.sys rootkit to hide itself.
eetvpn	eetvpn.dll	X	Added by the Troj/Haxdoor-DL trojan. This infection utilizes the eexvpn.sys rootkit to hide itself.
utgrbe	utgrbe.dll	X	Added by the Troj/Haxdoor-DJ backdoor Trojan. This infection is hidden by the ufgrbe.sys rootkit.
<not used>	audstat.dll	X	Added by the W32/Stration-CJ worm.
<not used>	confaud.dll	X	Added by the W32/Stration-CJ worm.
wartamll	wartamll.dll	X	Added by a variant of the Haxdoor Trojan family. This infection utilizes the wartamd.sys rootkit to hide itself.
rpcc	rpcc.dll	X	Added by the Troj/Spabot-O spamming Trojan. This infection should not be confused with the legitimate C:\Windows\System32\rpcss.dll file.
<not used>	ldcore.dll	X	Added by the Troj/Dloadr-AQG Trojan.
brwmgr	brwmgr32.dll	X	Added by the W32/Stration-CD mass-mailing worm.
<not used>	vnetsmme.dll	X	Added by the WORM_STRAT.GT worm.
msnsxole	msnsxole.dll	X	Added by the WORM_STRAT.GT worm.
winool32	winool32.dll	X	Added by the Troj/Nebuler-N Trojan.
xcttgs	xcttgs.dll	X	Added by a variant of the Haxdoor Trojan family. This infection utilizes the xcttgm.sys rootkit to hide itself.
winluj32	winluj32.dll	X	Added by the Troj/Nebuler-L Trojan.
<not used>	brwstat.dll	X	Added by the W32/Stratio-BN worm.
<not used>	confbrw.dll	X	Added by the W32/Stratio-BN worm.
rege2usb	rege2usb.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the regepsrvc.sys rootkit to stealth itself.
<not used>	icmpdx3j.dll	X	Added by the WORM_STRAT.EQ mass-mailing worm. C:\Windows\System32\E1.dll should also be deleted as it is part of this infection.
<not used>	icmpdx3j.dll	X	Added by the W32/Stratio-BG worm. E1.dll should be removed as well.
jgsdrpcn	jgsdrpcn.dll	X	Added by the W32/Stratio-BH worm.
slbcmqad	slbcmqad.dll	X	Added by the W32/Stratio-BP worm.
audmgr	audmgr32.dll	X	Added by the W32/Stratio-BW worm.
avldr	avldr.dll	Y	Part of Panda Antivirus.
attmgr	attmgr32.dll	X	Added by the W32/Stratio-BX worm.
psbamtxe	psbamtxe.dll	X	Added by the W32/Stratio-BT worm.
<not used>	w3sskbda.dll	X	Added by the W32/Stration-AG worm.
prtsks	prtsks.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection also utilizes the prt21sks.sys rootkit to hide itself.
satad640	satad640.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection also utilizes the satad645.sys rootkit to hide itself.
xkeyshl	xkeyshll.dll	X	New Goldun Trojan variant.
arprmdg0	arprmdg0.dll	X	Added by the Troj/Haxdoor-DI trojan. This infection utilizes the arprmdg5.sys rootkit to hide itself.
winsys2freg	winsys2freg.dll	X	Added by the Troj/Xorpix-X proxy Trojan.
xartcd5	xartcd5.dll	X	A variant of the Goldun Trojan. This infection utilizes the xartcd7.sys rootkit to hide itself.
winbyq32	winbyq32.dll	X	Added by the Troj/Agent-DMC Trojan.
wingsc32	wingsc32.dll	X	Added by the Troj/Bckdr-PNH backdoor.
wingvd32	wingvd32.dll	X	Added by the Troj/Bckdr-PNT backdoor Trojan.
<not used>	KB371662M.LOG	X	Added by the Troj/Lineag-ABH password-stealing Trojan for the online game Lineage.
igfxcui	igfxdev.dll	Y	Intel(R) integrated graphics controller
fanxctrl	fanxctrl.dll	X	Added by the Troj/Haxdoor-DF Trojan. This Trojan utilizes the fanxctrld.sys to hide itself.
<not used>	dmdsmp4s.dll	X	Added by the W32/Stratio-AR mass-mailing worm and backdoor.
<not used>	qediwdig.dll	X	Added by the W32/Stratio-AR mass-mailing worm and backdoor.
<not used>	miglntma.dll	X	Added by the W32/Stratio-AP mass-mailing worm.
wintxr32	wintxr32.dll	X	Added by the Troj/Bckdr-PLK Trojan.
p2k32reg	p2k32.dll	X	Added by the Troj/Xorpix-V proxy Trojan.
<not used>	winfkhide.dll	X	Added by the Backdoor.Ginwui.E rootkit.
WinFk	winfk32.dll	X	Added by the Backdoor.Ginwui.E backdoor Trojan.
<not used>	msafiasn.dll	X	Added by the WORM_STRATIO.QD mass-mailing worm.
<not used>	rcbwmpd.dll	X	Added by the WORM_STRATIO.MY mass-mailing worm.
<not used>	FILESERV.DLL	X	Added by the WORM_STRATIO.QW mass-mailing worm.
<not used>	iaspdpus.dll	X	Added by the WORM_STRATIO.QL mass-mailing worm.
rmk8ot	rmk8ot.dll	X	Added by a variant of the Haxdoor Trojan family. This infection utilizes the rmk9ot.sys and the rmk8ot.sys rootkits to hide itself.
wnmicf	wnmicf.dll	X	Added by a variant of the Haxdoor Trojan family. This infection utilizes the wnmicf.sys and the wnmifc.sys rootkits to hide itself.
<not used>	lsaswdmi.dll	X	Added by the WORM_STRATION.SD worm.
<not used>	actxippr.dll	X	Added by the WORM_STRATION.SD worm.
<not used>	e1.dll	X	Added by the W32.Stration.AT@mm worm. W32.Stration.AT@mm is a mass-mailing worm that gathers email addresses from the compromised computer.
lgn1216a	lgn1216a.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the mm77lgn.sys rootkit to hide itself.
pasksa	pasksa.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the p79bsksb.sys rootkit to hide itself.
scsi2usb	scsi2usb.dll	X	Added by a variant of the Troj/Haxdoor Trojan.
crypt32net	crypt32net.dll	X	Added by the Troj/Banworm-I Trojan. Troj/Banworm-I may modify the HOSTS file which maps the URLs of selected websites to a loopback IP address or to its own IP addresses, in order to prevent access to certain sites and to control/hijack browsing. By this technique Troj/Banworm-I tries to block access to several security related sites and hijack a number of banking related sites.
scsiusr4	scsiusr4.dll	X	Added by the Troj/Haxdoor-DD Trojan. This infection utilizes the scsipsrvc.sys rootkit to hide itself.
agpbrdg0	agpbrdg0.dll	X	Added by the Troj/Banker-DLD Trojan. Troj/Banker-DLD monitors the user's internet access and steals on-line banking details. The Trojan also attempts to block access to anti-virus and security related websites.
<not used>	msv1nv4_.dll	X	Added by the W32.Stration.AC@mm worm. W32.Stration.AC@mm is a mass-mailing worm that gathers email addresses from the compromised computer.
<not used>	daniwshb.dll	X	Added by the W32.Stration.AC@mm worm. W32.Stration.AC@mm is a mass-mailing worm that gathers email addresses from the compromised computer.
emul65	emul65.dll	X	Added by a variant of the Haxoor backdoor Trojan. This infection utilizes the emul37.sys and the emul65.sys rootkits to hide itself.
winsis32	winsis32.dll	X	Added by the Troj/Nebuler-H Trojan. Troj/Nebuler-H gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
winafg32	winafg32.dll	X	Added by the Troj/Nebuler-G Trojan.
winnok32	winnok32.dll	X	Added by the Troj/Nebuler-F Spyware Trojan. Troj/Nebuler-F gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
sysprint	sysprint.dll	X	Added by the Troj/Haxdoor-DC backdoor Trojan. This infection utilizes the prt47sys.sys rootkit to hide itself.
<not used>	rasmnlht.dll	X	Added by the W32.Stration.D@mm mass-mailing worm. W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.
<not used>	cabvh323.dll	X	Added by the W32.Stration.D@mm mass-mailing worm. W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.
svkvpn	svkvpn.dll	X	Added by the Troj/Haxdoor-DB Trojan. This infection utilizes the svkvpn.sys and svjvpn.sys rootkits to hide itself.
mmcdll	mmcdll.dll	X	A variant of the Haxdoor and Goldun Trojan. This infection utilizes the mmccrd.sys rootkit to hide itself.
obbf115	obbf115.dll	X	A variant of the Haxdoor and Goldun Trojan. This infection utilizes the obbf117 rootkit to hide itself.
yvdrgb	yvdrgb.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the ycsrgb.sys and the ycsrga.sys rootkits to hide itself.
feclipna	feclipna.dll	X	Added by the W32/Stration-G mass-mailing worm. W32/Stration-G spreads my sending emails with itself as an attachment.
<not used>	fldrtsd3.dll	X	Added by the W32/Stration-H mass-mailing worm and backdoor Trojan. W32/Stration-H spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
<not used>	sisbmsxb.dll	X	Added by the W32/Stration-H mass-mailing worm and backdoor Trojan. W32/Stration-H spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
winxtx32	winxtx32.dll	X	Added by the Troj/Nebuler-D Trojan. Troj/Nebuler-D gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
vjoyterm	vjoyterm.dll	X	Added by the W32/Stration-F worm.
artm_newreg	artm_new.dll	X	Added by the Troj/Xorpix-O backdoor Trojan.
<not used>	msji449c14b7.dll	X	Added by the W32/Stration-B worm and backdoor Trojan. W32/Stration-B spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
rxx5ot	rxx5ot.dll	X	Added by a variant of the HaxDoor Trojan Trojan.
xopptp	xopptp.dll	X	Added by a variant of the HaxDoor Trojan Trojan. This infection utilizes the xdpptp.sys rootkit to hide itself.
ydsvgd	ydsvgd.dll	X	Added by the Troj/Haxdoor-DA Trojan. Troj/Haxdoor-DA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer. This infection utilizes the ycsvgd.sys rootkit to hide itself.

Pages: (5) 1 2 [3] 4 5

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.