O4 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O4 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (128) [1] 2 3 ... Last »

Name	Filename	Status	Description
Last.fm Helper	LastFMHelper.exe	N	Installed by the Last.fm software. This program provides iPod support and is used to detect when an iPod is plugged in.
PMX Daemon	ICO.EXE	U	Mouse software that allows you to change a variety of options for your mouse. May cause problem with some DirectX games if it disabled.
JDe-sign Electronic Signature Capture	dsignature.exe	?	Related to software from John Deere.
AnvTrgr	AnvTrgr.exe	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
Sysanalysing	myrvc.exe	X	Added by the W32/AutoRun-RD removable media worm.
.Net Recovery	dotnetfx.dll	X	Added by the W32.Delezium virus. W32.Delezium is a virus that infects executable files and deletes certain files on the compromised computer.
WinwebSecurity	WinwebSecurity.exe	X	Added by the Winweb Security rogue anti-spyware program.
disaffiliation	eebpj.dll	X	Zlob Trojan which installs the AntivirusTrigger rogue anti-spyware program. This program displays fake security alerts stating that your computer has a security problem and then downloads and install AntivirusTrigger onto your computer without permission. This Trojan pretends to be a fake video codec required to watch videos online.
Generic Host	wauclt.exe	X	Added by the W32/Sdbot-DNL worm and IRC backdoor.
AntiSpywareGuard	asg.exe	X	Added by the AntiSpywareGuard rogue anti-spyware program.
VirTrigger	virtrigger.exe	X	Added by the VirusTrigger rogue anti-spyware program.
AvirTr	AvirTr.exe	X	Added by the AntivirusTrigger rogue anti-spyware program.
Internet Explorer Sys32	isys32.exe	X	Added by the W32/IRCBot-ADA worm and IRC backdoor.
SpywareRemover2009	SR.exe	X	Added by the SpywareRemover 2009 rogue anti-spyware program.
XP Protection Center	XPProtectionCenter.exe	X	Added by the XP Protection Center rogue anti-spyware program.
OEM05Mon.exe	OEM05Mon.exe	U	Program related to the Creative Live! Cam Console. This console allows you to adjust various settings of your webcam. Does not need to be enabled unless you change these options often.
CompuSpy KeyLogger	cswin2008.exe	U	Added by the Spyware.CompuSpy surveillance software. Spyware.CompuSpy is a spyware program that attempts to record keystrokes on the computer. If this software was found on your computer without your knowledge, you should uninstall it.
10.1.08	10.1.08.exe	X	Added by the W32.Redlofs worm.
VMware hptray	hpmon.exe	X	Trojan that is typically bundled with rogue anti-spyware programs and fake codecs. Once installed, this infection will advertise other rogue anti-spyware programs on your computer through the use of fake or misleading security alerts.
QuickTime Task	qttask.exe	X	Trojan that is typically bundled with rogue anti-spyware programs and fake codecs. Once installed, this infection will advertise other rogue anti-spyware programs on your computer through the use of fake or misleading security alerts.
Quernt	wntfy.exe	X	Added by the W32/Autorun-PF removable media worm.
MSFox	<random.exe>	X	Added by the Troj/DwnLdr-HKP Trojan.
ish-b.exe	ish-b.exe	X	Added by the Troj/IRCBot-ACZ worm and IRC backdoor.
explozer	exploner.exe	X	Added by the Troj/PWS-AWB password-stealing Trojan.
VirusTriggerBin	VirusTriggerBin.exe	X	Added by the VirusTrigger rogue anti-spyware program.
XP HOT Ops	KB15oooo.exe	X	Identified as a variant of the Worm:Win32/Wootbot.gen worm.
System Update	smss.exe	X	Identified as a variant of the Trojan:Win32/Eson.C Trojan. This infection should not be confused with the legitimate C:\Windows\system32\smss.exe file.
sysmanager.exe	sysmanager.exe.exe	X	Identified as a variant of the Backdoor.Win32.IrcContact malware.
Symantec Boot Config	symbootcfg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Printer Spooler	spoolsv.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
Windows Update	VNASC.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
MSn Client Cfg	msnclicfg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
indows Services	explrer.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	lsuss.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	lsas.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Logitech RX	slrhost.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
MSN	svhost.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
internet security manager	dll32.exe	X	Identified as a variant of the IRC-Worm.Win32.Small worm.
gadcom	winlogun.exe	X	Identified as a variant of the Trojan:Win32/Matcash.HZ malware. The * in the command represents a random number.
<random name>	winlogun.exe	X	Identified as a variant of the Trojan.Fakealert.ALU malware.
ExploreUpdSched	mcntmtdl.exe	X	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware.
DW_Start	dwwnw64r.exe	X	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware.
Java Express	sjehost.exe	X	Added by the W32/Sdbot-DNJ worm and IRC backdoor.
GetModule27	GetModule27.exe	X	Added by the Troj/Agent-IEG keylogging Trojan.
prunnet	prun.exe	X	Added by the Troj/VBDown-H Trojan.
ViRsLab	ViRsLab.exe	X	Added by the VirusResponse Lab 2009 rogue anti-spyware program.
ANTIVIRUS	UltraAV.exe	X	Added by the Ultra Antivirus 2009 rogue anti-spyware program.
f1020	f1020.exe	X	Added by the WORM_AUTORUN.MBC removable media worm.
Antivirus Pro 2009	AntivirusPro2009.exe	X	Added by the Antivirus Pro 2009 rogue anti-spyware program.
BDRegion	brs.exe	U	Added by the PowerDVD. This startup allows the user to set the Region on Blu-ray discs.
pep	pep.exe	X	Added by the Troj/Zlob-AQH Trojan.
EShopee	EShopee.exe	X	Added by the EShoper adware.
NA1Messenger	UPSNA1Msgr.exe	?	Unknown UPS related software.
Social.IM	SocialChat.exe	N	Added by the Social.IM facebook chat program.
TBMExe	wdfmgr.exe	X	Added by the W32.Notong.A virus. W32.Notong.A is a virus that spreads by infecting executable files.
winlogon	cleanmg.exe	X	Added by the Troj/Agent-ICR Trojan.
CTEMON.EXE	winlogon.exe	X	Added by the Troj/FakeAv-FU Trojan. This infection should not be confused with the legitimate C:\Windows\System32\winlogon.exe file.
SysChk	scvhost.vbs	X	Added by the W32/Small-EMQ worm.
Yahoo Messengger	chrome.exe	X	Added by the W32/Autorun-NG removable media worm.
Yahoo Messengger	gphone.exe	X	Added by the W32/Tiotua-W worm.
asus32	mupd1_2_1165664.exe	X	A Trojan that displays fake Windows Security Center alerts on your computer that advertise rogue anti-spyware programs.
CICache	CICache.exe	?	Unknown file. Possibly malware?
Personal Defender 2009	pdefendr.exe	X	Added by the Personal Defender 2009 rogue anti-spyware program.
asus32	mupd1_2_1711951.exe	X	A Trojan that displays fake Windows Security Center alerts on your computer that advertise rogue anti-spyware programs.
HBService32	SYSTEM.EXE	X	Added by the Infostealer.Hibik.A information stealing Trojan.
qtgfcql	opajqxn.exe	X	Added by the W32/Dloadr-BXJ worm.
WinDefender2009	windef.exe	X	Added by the WinDefender 2009 rogue anti-spyware program.
Back2zip	Back2zip.exe	N	Light-weight backup software. A little more information can be found Added by the here.
LGODDFU	fwupdate.exe	N	Software that automatically updates the firmware on LG optical drives when they are released.
poison	poison.exe	X	Added by the W32/Autorun-MZ removable media worm.
cetix	cetix.exe	X	Added by the W32/Autorun-MZ removable media worm.
Thumbs	thumbs.exe	X	Added by the W32/Autorun-MX removable media worm.
dlnajjbdfa	llwzjy081027.exe	X	Added by the Troj/Fanbot-L Trojan.
ANTIVIRUS	AVS.exe	X	Added by the Antivirus Sentry rogue anti-spyware program.
Messenger (Yahoo!)	YahooMessenger.exe	N	Yahoo! Messenger.
Registration Assassin's Creed	RegistrationReminder.exe	N	Registration nag screen for the Assassin's Creed game.
Microsoft Firewall	suvhost.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
VTkMgr.exe	VTkMgr.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	tmps.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
winudpt32.exe	winudpt32.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Service	explorer.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
localhost	winlogom.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
VResLab	VResLab.exe	X	Added by the VirusResponse Lab 2009 rogue anti-spyware program.
Microsoft Genuine Advantage	MicrosoftGenuine.exe	X	Added by the Troj/Bancos-BEQ online banking Trojan.
Operalaunch	svhost.exe	X	Added by the W32/Agent-IBD worm.
Opera addon	vmm.exe	X	Added by the W32/Agent-IBD worm.
DNHelper32	DNHlp32.exe	Y	Related to the DESkey data security program.
CmUCReye.exe	CmUCReye.exe	U	Related to devices by Medion Display.
AntiSpywareXP 2009	AntiSpywareXP2009.exe	X	Added by the AntiSpywareXP 2009 rogue anti-spyware program.
AntiSpy2008	AntiSpy2008.exe	X	Added by the AntiSpy 2008 rogue anti-spyware program.
PLFSetI	PLFSetI.exe	?	File related to Sonix software. Unsure as to what it does.
PLFSetL	PLFSetL.exe	?	File related to Sonix software. Unsure as to what it does.
TSClientMSIUninstaller	tscuinst.vbs	Y	Related to the Oracle Database software.
ThunderbirdConfig	tbirdconfig.exe	Y	Related to the Oracle Database software.
FirefoxConfig	firefoxconfig.exe	Y	Related to the Oracle Database software.
ntpgds	synctime.exe	Y	Related to the Oracle Database software.
WiniGuard	WiniGuard.exe	X	Added by the WiniGuard rogue anti-spyware program.
Malwarebytes' Anti-Malware	mbamgui.exe	Y	Realtime protection agent and tasktray for MalwareBytes' Anti-Malware.
hack1x2	C:\WINDOWS\system32:hlpnod32.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system. Please note that this infection is an Alternate Data Stream file attached to the legitimate C:\Windows\System32 folder. Do not delete the C:\Windows\System32 folder as Windows will not operate correctly without it. To delete the Alternate Data Stream you should read this tutorial.
explorer.exe	tasgmger.exe	X	Identified as a variant of the Backdoor.Win32.Poison.lib backdoor.

Pages: (128) [1] 2 3 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.