O20 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O20 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List

· Submit a Startup

· Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (5) « First ... 3 4 [5]

Name	Filename	Status	Description
mmx432	mmx432.dll	X	Added by the Trojan.Goldun. password-stealing Trojan.
hpprintx	hpprintx.dll	X	Added by the Troj/Haxdoor-AU Trojan.
wintjv32	wintjv32.dll	X	Added by the Troj/Bckdr-AOI backdoor Trojan.
[not used]	tmp_38.dll	X	Added by the Troj/Bckdr-AMA backdoor Trojan.
spoolsvc.dll	spoolsvc.dll	X	Added by the Troj/SCKeyLog-L keylogging Trojan.
iesdl4l	iesdl4l.dll	X	Added by the Troj/Haxdoor-AQ backdoor Trojan. This infection utilizes the C:\Windows\System32\iesservice4.sys rootkit.
satdll	satdll.dll	X	Added by the Troj/Haxdoor-AS information stealing Trojan.
printpn2	printpn2.dll	X	Identified as Trojan-Spy.Win32.Goldun.gs.
msctl32.dll	msctl32.dll	X	Added by the Backdoor.Rustock backdoor.
[not used]	PAVWAIT.DLL	Y	Part of Panda Antivirus.
printpnp	PRINTPNP.DLL	X	Added by the Trojan.Goldun.I password-stealing Trojan for online banks. This infection utilizes the EPSONSYS.SYS rootkit to hide itself and its components.
[not used]	wmfhotfix.dll	U	Added by the Windows WMF Metafile Vulnerability HotFix. This patch is used to protect your computer for the unpatched WMF vulnerability in Windows. This patch should no longer be needed as long as your computer has all the latest Windows updates.
browsela	browsela.dll	X	A variant of the Trojan/Dldr.Delf.aeo Trojan.
htproc	htproc32.dll	X	Identified as a variant of the Trojan.Psw.Lineage.Sk password-stealing Trojan for the online game Lineage.
[not used]	aminit.dll	Y	Used by the Altiris® Application Metering Solution software.
logon032	logon032.dll	X	Identified as a variant Trojan.PWS.Egold. This Trojan when run will act as a rootkit and hide the files c:\windows\system32\logon032.dll and c:\windows\system32\wnlogon.sys.
ssldr	ssldr32.dll	X	Added by the Troj/Agent-ZD Trojan. This infection will also install and run the file c:\windows\system32\doser.exe.
avpe32	avpe32.dll	X	Win32/Haxdoor Variant.
nuclabdll	nuclabdll.dll	X	Identified as Trojan.PWS.Egold.
msupdate	msupdate32.dll	X	Added by the Troj/Jupdrop-A dropper Trojan.
chk	chke.dll	X	Added by the Troj/Geoload-A/a> downloader Trojan.
[not used]	karnal32.dll	X	Added by the W32.Monikey@mm mass-mailing worm. This worm attempts to gather information found on your computer.
st3i	<random filename.dll>	X	Added by the Troj/Hasum-A Trojan.
st3	st3.dll	X	Added by the Troj/Hasum-A Trojan.
nwprovau	nwprovau.dll	Y	Client Service for NetWare
[not used]	DAinit.dll	Y	Used by Desktop Authority desktop management software.
ies4dll	IES4DLL.DLL	X	Added by a variant of the Troj/Haxdoor Trojan. This infection utilizes the ies4service.sys rootkit.
[not used]	896588AppInit.DLL	X	Added by the Troj/LegMir-BI Trojan. This infection also creates the %WinDir%896588.dll file.
jkhhg	jkhhg.dll	X	Added by the Troj/ConHook-N Trojan.
[not used]	kxrnxl32.dll	X	Added by the Troj/Gina-K Trojan.
[not used]	krnl32.dll	X	Added by the Troj/Vipgsm-J keylogger and password-stealing Trojan.
sksdll	sksdll.dll	X	Added by the Backdoor.Haxdoor.F proxy Trojan.
mcfG7A	mcfG7A.dll	X	Added by the Troj/Haxdoor-AK backdoor Trojan. This infection utilizes the rootkit nodantivir.sys rootkit.
rdrVR2	rdrVR2.dll	X	Added by the Troj/Haxdoor-AJ backdoor Trojan.
mcfCC4	mcfCC4.dll	X	Added by the W32/Goldax- Peer to Peer (P2P) worm with backdoor functionality. This infection utilizes the wrmdrv.sys or the mcfdrv.sys rootkit to hide itself.
avpu32	avpu32.dll	X	Added by the Troj/Haxdoor-ED Trojan. The rootkit logs the keypress in the file klogini.dll.
tcpGDC	tcpGDC.dll	X	Added by the Troj/Haxdoor-AI backdoor Trojan. This infection utilizes the msftcpip.sys rootkit.
STOPzilla	IS3WLHandler.dll	Y	Part of STOPzilla.
xhi	xhi.dll	X	Added by the Troj/SCLog-A Trojan. There is also a file called xhi.exe installed in the %System% directory as part of this infection.
tcpG4T	tcpG4T.dll	X	Added by the Troj/Haxdoor-AG backdoor Trojan. This infection utilizes the rootkit.
winstart	winstart.dll	X	Added by the Troj/SCKeyLo-AB trojan.
wlogon	wlogon.dll	X	Added by the W32/Wenper-B worm.
req	req.dat	X	Added by the Trojan.Vundo.B adware/redirector.
wineula	wineula.dll	X	Added by the Trojan.Vundo.B adware/redirector.
d2	winloadhh.dll	X	Added by the Troj/Labrap-A downloader trojan.
avpx32	avpx32.dll	X	Added by the Troj/Haxdoor-Y backdoor trojan. This infection uses rootkit technology to hide itself from being seen.
ComPlusSetup	catsrvut.dll	Y	Part of Microsoft Com+
req	req.dll	X	Added by the Troj/ConHook-B trojan downloader. There will usually be other malware on your system if this infection is present.
F8adsl	MSplg7.dll	X	Added by the Troj/Goldun-R password stealing trojan. If you are infected with this you should immediately change all your passwords and bank pins. This infection utilizes the estsprt.sys rootkit to hide itself.
spoolsvc	spoolsvc.dll	X	Added by the Troj/Dropper-AT trojan dropper. The presence of this infection usually means there is other malware installed on your computer.
drct16	drct16.dll	X	Added by the Troj/Haxdoor-CN rootkit infection. This file is installed as system driver and is used to hide processes, files, and registry keys from being seen.
DllName	status.dll	X	Added by the Troj/Haxdoor-R rootkit. This infection makes it so you can not see certain processes, files, or registry keys on your computer. It is usually installed in conjunction with other malware.
f3dsl	LSD_F3.DLL	X	Added by the Troj/Goldun-G password stealing trojan. If you have this infection you should change all your passwords. This infection utilizes the IESPRT.SYS rootkit to hide itself.
EXPLORER	EXPLORER.dll	X	Added by the Troj/SCLog-B trojan.
debugg	debugg.dll	X	Added by the HaxDoor.B rootkit/backdoor Trojan.
[not used]	sys16.exe	X	Added by the Troj/Bancos-BZ password stealing trojan. This trojan attempts to steal the account information of Brazilian bankes.
draw32	draw32.dll	X	Part of the Troj/Haxdoor-AE rootkit. This is installed as a system driver service so will not be seen in the services.msc control panel.
eventss	atmpvc.dll	X	Identified as Trojan-Downloader.Win32.Delf.lh
lindow	miamore32.dll	X	Identified as Trojan-Clicker.Win32.Agent.ct.
clbcatex	clbcatix.dll	X	Identified as Trojan-Clicker.Win32.Agent.ct.
NavLogon	NavLogon.dll	Y	Part of the Norton Antivirus product.

Pages: (5) « First ... 3 4 [5]

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.