O20 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O20 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (5) « First ... 2 3 [4] 5

Name	Filename	Status	Description
emul65	emul65.dll	X	Added by a variant of the Haxoor backdoor Trojan. This infection utilizes the emul37.sys and the emul65.sys rootkits to hide itself.
winsis32	winsis32.dll	X	Added by the Troj/Nebuler-H Trojan. Troj/Nebuler-H gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
winafg32	winafg32.dll	X	Added by the Troj/Nebuler-G Trojan.
winnok32	winnok32.dll	X	Added by the Troj/Nebuler-F Spyware Trojan. Troj/Nebuler-F gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
sysprint	sysprint.dll	X	Added by the Troj/Haxdoor-DC backdoor Trojan. This infection utilizes the prt47sys.sys rootkit to hide itself.
<not used>	rasmnlht.dll	X	Added by the W32.Stration.D@mm mass-mailing worm. W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.
<not used>	cabvh323.dll	X	Added by the W32.Stration.D@mm mass-mailing worm. W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.
svkvpn	svkvpn.dll	X	Added by the Troj/Haxdoor-DB Trojan. This infection utilizes the svkvpn.sys and svjvpn.sys rootkits to hide itself.
mmcdll	mmcdll.dll	X	A variant of the Haxdoor and Goldun Trojan. This infection utilizes the mmccrd.sys rootkit to hide itself.
obbf115	obbf115.dll	X	A variant of the Haxdoor and Goldun Trojan. This infection utilizes the obbf117 rootkit to hide itself.
yvdrgb	yvdrgb.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the ycsrgb.sys and the ycsrga.sys rootkits to hide itself.
feclipna	feclipna.dll	X	Added by the W32/Stration-G mass-mailing worm. W32/Stration-G spreads my sending emails with itself as an attachment.
<not used>	fldrtsd3.dll	X	Added by the W32/Stration-H mass-mailing worm and backdoor Trojan. W32/Stration-H spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
<not used>	sisbmsxb.dll	X	Added by the W32/Stration-H mass-mailing worm and backdoor Trojan. W32/Stration-H spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
winxtx32	winxtx32.dll	X	Added by the Troj/Nebuler-D Trojan. Troj/Nebuler-D gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
vjoyterm	vjoyterm.dll	X	Added by the W32/Stration-F worm.
artm_newreg	artm_new.dll	X	Added by the Troj/Xorpix-O backdoor Trojan.
<not used>	msji449c14b7.dll	X	Added by the W32/Stration-B worm and backdoor Trojan. W32/Stration-B spreads by sending emails with itself as an attachment to email addresses harvested from the Windows Address Book (WAB).
rxx5ot	rxx5ot.dll	X	Added by a variant of the HaxDoor Trojan Trojan.
xopptp	xopptp.dll	X	Added by a variant of the HaxDoor Trojan Trojan. This infection utilizes the xdpptp.sys rootkit to hide itself.
ydsvgd	ydsvgd.dll	X	Added by the Troj/Haxdoor-DA Trojan. Troj/Haxdoor-DA runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer. This infection utilizes the ycsvgd.sys rootkit to hide itself.
acac	acac.dll	X	Added by the Troj/Opnis-J Trojan.
asusrx20	asusrx20.dll	X	Added by the Troj/Haxdoor-CZ Trojan. This infection utilizes the asusrx25.sys rootkit to hide itself.
seppgs	seppgs.dll	X	Added by the Troj/Haxdoor-CY Trojan. This infection utilizes the seppgm.sys rootkit to hide/protect itself.
se633mxx	se633mxx.dll	X	Added by a variant of the Goldun Trojan. This infection utilizes the se633mxxd.sys rootkit to hide itself.
extfpu	extfpu.dll	X	Added by a variant of the Goldun Trojan. This infection utilizes the fpuext.sys rootkit to hide itself.
emldvc	emldvc.dll	X	Added by a variant of the Goldun Trojan. This infection utilizes the armrfc.sys rootkit to hide itself.
docent2	docent2.dll	X	Added by a variant of the Goldun Trojan.
extxerox	extxerox.dll	X	Added by a variant of the Goldun Trojan. This infection utilizes the socket573.sys rootkit to hide itself.
yvprgb	yvprgb.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the ycsrga.sys and ycsrgb.sys the rootkit to hide itself.
wndtx1	wndtx1.dll	X	Added by a variant of the Goldun Trojan. This infection utilizes the ipudpb2.sys rootkit to hide itself.
mmx17g	mmx17g.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the mmx17g.sys and the mmx19g.sys rootkit to hide itself.
{B212D577-05B7-4963-911E-4A8588160DFA}	winstyle3.dll	X	Identified by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Delf.h.
<not used>	win_ak.dll	X	Added by the Troj/Foghorn-A downloading Trojan.
tcpwrk	tcpwrk.dll	X	Added by a variant of the Goldun.Fam Trojan.
mdfpro	mdfpro.dll	X	Added by a variant of the Goldun.Fam Trojan.
rsdapi	rsdapi.dll	X	Added by a variant of the Goldun.Fam Trojan.
gdwxp3	nuclabdll.dll	X	Added by a variant of the Goldun.Fam Trojan.
nuclabdll	nuclabdll.dll	X	Added by a variant of the Goldun.Fam Trojan. This infection utilizes the nuclab.sys rootkit.
[not used]	KB350217M.LOG	X	Added by the Troj/LegMir-BBB password-stealing Trojan for the online game The Legend of Mir.
win***32	win***32.dll	X	Added by the Trojan.Nebuler Trojan. Trojan.Nebuler is a Trojan horse that attempts to download and execute files from remote sites. It also sends information about the compromised computer to a remote site. The *** in the name and filename are three random letters.
axdebugl	axdebugl.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the axdebugld.sys rootkit.
docent0	docent0.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the docentd.sys rootkit.
logon16x	logon16x.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the mmlogon.sys rootkit.
mmxeroxk	mmxeroxk.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the socketx113.sys rootkit.
nclabydll	nclabydll.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the nclaby.sys rootkit.
xcdmfree	xcdmfree.dll	X	Added by a variant of the Haxdoor Trojan. This infection utilizes the xcdkernl.sys rootkit.
yvprgb	yvprgb.dll	X	Added by the Troj/Haxdoor-CW Trojan. This infection utilizes the ycsrgb.sys rootkit.
ideusr50	ideusr50.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the idersrvc.sys rootkit to hide itself.
winjne32	winjne32.dll	X	Added by the Troj/Agent-CIK Trojan Trojan.
yvsvga	yvsvga.dll	?	Added by the Troj/Haxdoor-CP Trojan. This infection utilizes the ycsvga.sys rootkit.
lanmui	lanmui.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the lannui.sys rootkit to hide itself.
satau320	satau320.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the satau325.sys rootkit to hide itself.
twpkad	twpkad.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the twpkbd.sys rootkit to hide itself.
<not used>	pushow[RANDOM].dll	X	Added by the Adware.Advertmen adware.
winwxj32	winwxj32.dll	X	Added by the Troj/Small-DYN Trojan.
winrnt32	winrnt32.dll	X	Added by the Troj/Nebuler-C Trojan. Troj/Nebuler-C gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
<not used>	NETLIB32.DLL	X	Added by the Troj/Oscor-G backdoor Trojan.
regP32	regP32.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the regP32.sys and the regP64.sys rootkits to hide itself.
psksds	psksds.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the p76xxsks.sys rootkit to hide itself.
cfgmngr32	g<randomnumber>.dll	X	Added by the Troj/Agent-CED Trojan.
ddirectz	ddirectz.dll	X	A variant of the Haxgen Trojan. This infection utilizes the ddirectxt.sys rootkit to hide itself.
gatexkey	gatexkey.dll	X	Identified by Kaspersky Anti-Virus as Trojan-Spy.Win32.Goldun.kw. This infection utilizes the rootkit xkeyshd.sys to hide itself.
[not used]	msr2ca.dll	X	Added by the W32.Areses.P@mm mass-mailing worm and backdoor.
bmtdhh	bmtdhh.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the bmtdhk.sys rootkit to hide itself.
cswiz	cswiz.dll	X	Added by the Troj/Opnis-E Trojan.
[not used]	syst24.dll	X	Added by the Troj/Small-BXF Trojan.
[not used]	syst6he.dll	X	Added by the Troj/Small-BXG Trojan.
atlS32	atlS32.dll	X	Identified by Kaspersky Anti-Virus as Trojan-Downloader.Win32.ConHook.aa
sdcard98	sdcard98.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the sdcardX2.sys rootkit to hide itself.
avload32	avload32.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the wnlogow.sys rootkit to hide itself.
gdiwxp	gdiwxp.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the gdiw2k.sys rootkit to hide itself.
obbn13t	obbn13t.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the obbn13rt.sys rootkit to hide itself.
se500mdm	se500mdm.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the se500mdmd.sys rootkit to hide itself.
cdscsix3	cdscsix3.dll	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the cdscsix3r.sys rootkit.
pptp16	pptp16.dll	X	Added by the Troj/Haxdoor-HM Trojan. This infection utilizes the rootkit pptp24.sys to hide parts of this infection.
bt848rom	bt848rom.dll	X	Added by the Troj/Goldun-CW password stealing Trojan. This infection also utilizes the m32lock.sys and the k53lock.sys rootkit to hide itself.
arm32reg	arm32.dll	X	Added by the Backdoor.Eterok.C backdoor Trojan.
[not used]	systf0.dll	X	Added by the Troj/Small-BRK Trojan.
[not used]	svchr8k.dll	X	Added by the Troj/Small-BVZ Trojan.
[not used]	win_7p5.dll	X	Added by the Troj/Small-BWA Trojan.
[not used]	win_sk6.dll	X	Added by the Troj/Small-BVX Trojan.
winvex32	winvex32.dll	X	Added by the Troj/Nebuler-B Trojan.
prwsks	prwsks.dll	X	Added by the Backdoor.Haxdoor.L backdoor Trojan. This infection uses the rootkit prw76sks.sys to hide itself.
ddcyw	ddcyw.dll	X	Added by the Troj/ConHook-I information stealing Trojan.
nkunpack	nkunpack.dll	X	Added by the TSPY_HAXSPY.AD Trojan. This infection utilizes the nkcfg.sys rootkit in order to hide its components.
mszsrn32	mszsrn32.dll	X	Added by the W32.Banwarum@mm mass-mailing worm.
winowl32	winowl32.dll	X	Added by the Trojan.Nebuler Trojan.
zsydll	zsydll.dll	X	Added by the BKDR_GINWUI.B backdoor.
[not used]	zsyhide.dll	X	Added by the Backdoor.Ginwui.B backdoor Trojan.
[not used]	WINGUIS.DLL	X	Added by the Troj/Oscor-B backdoor Trojan.
wincqt32	wincqt32.dll	X	Added by the Troj/Bckdr-JCK backdoor Trojan.
dvb03a	dvb03a.dll	X	Added by the Troj/Haxdoor-CF Trojan. This infection is stealthed/hidden by the dvb06a.sys rootkit.
[not used]	usrs445F8764.dll	X	Added by the Troj/Opnis-D Trojan.
[not used]	ieen445F8764.dll	X	Added by the Troj/Opnis-D Trojan.
plgwiz32	plgwiz32.dll	X	Added by the Troj/Opnis-D Trojan.
flashdrvr	Flashdrvr.dll	X	Added by the Troj/Haxdoor-BX Trojan. This infection utilizes the flashdrv3.sys rootkit to hide itself and its components.
logons	redist.dll	X	Added by the Troj/Dloadr-UY downloader Trojan.
sv_chost	sv_chost.dll	X	Added by the Troj/Wanda-B keylogging Trojan. This Trojan also contains rootkit technology in order to hide itself.
vistax	vistax.dll	X	Added by the Troj/Haxdoor-CA Trojan. This infection is stealthed by the vistaj.sys rootkit.

Pages: (5) « First ... 2 3 [4] 5

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.