Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Alert!  Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Stop!  Do you have popups or other malware infecting your computer? If so, Start Here!
Question?  Are you having trouble using this site? Then you should visit the New User Orientation Center!



A    B    C    D    E    F    G    H    I    J    K    L    M    N    O    P    Q    R    S    T    U    V    W    X    Y    Z    Other   
HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23
Rootkit List  · Submit a Startup  · Top Submitters
 Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:
Advanced Search

Name Filename Status Description
system performance logging for TrueTime Driver Edition chkzero.ex
X
 Added by the Troj/Hackda-A Trojan & Rootkit.
Kernel Mode SND msvtcher msvtch.sys
X
 A variant of the Haxdoor rootkit.
NGate service tage32.sys
X
 A variant of the Haxdoor rootkit.
CPU FUN Controller kryo2.sys
X
 Added by a variant of the Goldun.Fam Trojan.
glaide32 glaide32.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
vbagz vbagz.sys
X
 Added by the TROJ_ROOTKIT.BA Trojan.
svitch svitch.sys
X
 A variant of the Haxdoor rootkit.
DirectSound KDriver asplg.sys
X
 Added by a variant of the Goldun.Fam rootkit.
tdssserv tdssserv.sys
X
 Identified as a variant of the Clbdriver/Troj/NtRootK-DR malware.
Virtual CD-ROM Driver dwave.sys
X
 Identified as a variant of the Trojan-Spy.Win32.Goldun.api rootkit.
msdefender.sys msdefender.sys
X
 Identified as a variant of the Win32:Rootkit-gen rootkit.
XD FileSystemDriver fsxxd.sys
X
 A variant of the Haxdoor rootkit.
msliksurserv msliksurserv.sys
X
 Added by the Troj/Agent-HFC Trojan.
clbdriver clbdriver.sys
X
 Identified as a variant of the Rootkit.Win32.Clbd.cx rootkit.
pqasghjd pqasghjd.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
Uninterruptible Power Supply CRT upscr.sys
X
 Identified as a variant of the Trojan.Rootkit.Gen rootkit.
narqwe narqwe.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
jwzpqng jwzpqng.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
upsctl upsctl.dll
X
 Identified as a variant of the Trojan.Rootkit.Gen rootkit.
bzsqlpa bzsqlpa.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
hcnwg4u hcnwg4u.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
ksnhtr ksnhtr.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
sywtdxaz sywtdxaz.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
gsbgqpwwfw gsbgqpwwfw.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
WLAN route service rotr.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.ahf rootkit.
nzqtegh nzqtegh.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
iuzqpaf iuzqpaf.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
yzbgqap yzbgqap.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
wzghui wzghui.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
pjsapdg pjsapdg.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
zwqcplsp zwqcplsp.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
tcpsr tcpsr.sys
X
 Identified as a variant of the Trojan.Rootkit.Agent.Ack malware.
bqzpas bqzpas.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
kzq5re kzq5re.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
nexkaqf nexkaqf.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
hqiopa hqiopa.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
uazpiq uazpiq.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
zzz zzz.sys
X
 Added by the Hacktool.Rootkit rootkit.
QANDR qandr.sys
X
 Added by a variant of the Rootkit.Win32.Agent.ea rootkit Trojan.
Kernel CryptoModule krnllds.sys
X
 Added by a variant of the TR/Rootkit.Gen rootkit Trojan.
fkjdfje fkjdfje.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
ydhqzop ydhqzop.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
zsqalpdt zsqalpdt.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
klite klite.sys
X
 A variant of the Haxdoor rootkit.
grande48 grande48.sys
X
 Added by the Troj/RKAgen-E rootkit Trojan.
DTM Protector dprot.sys
X
 A variant of the Haxdoor rootkit.
widuxngq widuxngq.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
hemimorphite vualf.dll
X
 Zlob Trojan that infects you with the VirusHeat rogue anti-spyware program. Please use the guide below to remove this infection.
zeqbqwp zeqbqwp.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
zalpqbj zalpqbj.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
serazavr serazavr.log
X
 Added by the Backdoor.Rustock backdoor rootkit.
nqaplwj nqaplwj.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
yeTyezzd yeTyezzd.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
uerj45kj uerj45kj.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
qalwpmdgt qalwpmdgt.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
itcoe adapter itcoe.sys
X
 A variant of the Haxdoor rootkit.
RDP Host Device Driver rdpdrv.sys
X
 Added by the Backdoor.Sanjicom backdoor Trojan.
trahtibedoh trahtibedoh.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
mqzprwe mqzprwe.log
X
 Added by the Backdoor.Rustock backdoor rootkit.
cryptdrv cryptdrv.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
zdegpig zdegpig.ini
X
 Added by the Backdoor.Rustock backdoor rootkit.
ytzpoqw ytzpoqw.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
Transfer Service uiops.exe
X
 Added by the Trojan.Acdropper.C Trojan.
jwlbqzpi jwlbqzpi.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
e67gdfg e67gdfg.ds
X
 Added by the Backdoor.Rustock backdoor rootkit.
yeyqase yeyqase.mis
X
 Added by the Backdoor.Rustock backdoor rootkit.
tdidrv32.sys tdidrv32.sys
X
 Identified as a variant of the Rootkit.V malware. This file is installed with the latest Zlob infections in order to protect the e404 Helper browser helper object.
SystemDrive maxpaynow1.exe
X
 Identified as a variant of the Trojan-Downloader.Win32.Tibs.wu malware.
DriveSystem maxpaynowti1.exe
X
 Identified as a variant of the Trojan-Downloader.Win32.Tibs.wu malware.
hhlmken hhlmken.scp
X
 Added by the Backdoor.Rustock backdoor rootkit.
xseaqwt slipmenu1.scp
X
 Added by the Backdoor.Rustock backdoor rootkit.
oqtxde oqtxde.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
ieqazhew ieqazhew.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
XPROTECTOR Driver xprot.sys
X
 A variant of the Haxdoor rootkit.
kasutio kasutio
X
 Added by the Backdoor.Rustock backdoor rootkit.
pzqlp pzqlp.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
merqpo merqpo.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
zeqwur zeqwur.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
guntest guntest.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
aiqpbter aiqpbter.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
apcdli apcdli.sys
X
 Added by the Mal/RootKit-A rootkit.
rwtatpl rwtatpl.lid
X
 Added by the Backdoor.Rustock backdoor rootkit.
rqksgpu rqksgpu.cur
X
 Added by the Backdoor.Rustock backdoor rootkit.
mkwsqp mkwsqp.cur
X
 Added by the Backdoor.Rustock backdoor rootkit.
lagednick lagednick.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
hqaply hqaply.chm
X
 Added by the Backdoor.Rustock backdoor rootkit.
cjwriiigqazft cjwriiigqazft.cat
X
 Added by the Backdoor.Rustock backdoor rootkit.
accctsggw accctsggw.cat
X
 Added by the Backdoor.Rustock backdoor rootkit.
3klagia 3klagia.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
werasqlp werasqlp.cur
X
 Added by the Backdoor.Rustock backdoor rootkit.
riode32 riode32.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.adm rootkit.
yqzsypbgh yqzsypbgh.cat
X
 Added by the Backdoor.Rustock backdoor rootkit.
uxgrafj uxgrafj.adm
X
 Added by the Backdoor.Rustock backdoor rootkit.
rYehhbqzx rYehhbqzx.adm
X
 Added by the Backdoor.Rustock backdoor rootkit.
yutsubk yutsubk.cat
X
 Added by the Backdoor.Rustock backdoor rootkit.
kavsvc kavsvc.sys
X
 Added by the Hacktool.Rootkit rootkit.
nvcoi nvcoi.exe
X
 Identified as a variant of the Trojan.Downloader.Matcash malware.
agehhtd agehhtd.cat
X
 Added by the Backdoor.Rustock backdoor rootkit.
qwetab qwetab.inf
X
 Added by the Backdoor.Rustock backdoor rootkit.
infoxmid wseqnx.inf
X
 Added by the Backdoor.Rustock backdoor rootkit.
ITCom virtual adapter itcom.sys
X
 Identified as a variant of the TR/Rootkit.Gen rootkit.
FT StarForce Protector fprot.sys
X
 A variant of the Haxdoor rootkit.
hipsrv hipsrv.mm
X
 Added by the Backdoor.Rustock backdoor rootkit.
userinfo32 userinfo32.ggt
X
 Added by the Backdoor.Rustock backdoor rootkit.
alcop server alcop.sys
X
 Added by a variant of the Goldun.Fam rootkit.
efidriver efidriver.drv
X
 Added by the Backdoor.Rustock backdoor rootkit.
pcximg pcximg.pif
X
 Added by the Backdoor.Rustock backdoor rootkit.
tap64drv tap64drv
X
 Added by the Backdoor.Rustock backdoor rootkit.
tunnet tunnet.ocx
X
 Added by the Backdoor.Rustock backdoor rootkit.
alcom alcom.sys
X
 A variant of the Haxdoor rootkit.
syswindrv syswindrv.bin
X
 Added by the Backdoor.Rustock backdoor rootkit.
Advanced Power Management powermgmt.sys
X
 Identified as a variant of the Rootkit.Agent.X rootkit.
sysrestore32.exe sysrestore32.exe
X
 Identified as a variant of the TR/Rootkit.Ge rootkit.
qtprot qtprot.sys
X
 Identified as a variant of the Trojan.Rootkit.GEY rootkit.
hdport hdport.sys
X
 Identified as a variant of the Trojan.Rootkit.GEP rootkit.
wer32 jkghje.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
4fdw 4fdw.dll
X
 Added by the Backdoor.Rustock backdoor rootkit.
Open Host Controller Miniport USB Driver ohcuusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
Open Host Controller Miniport USB Driver ohctusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
Open Host Controller Miniport USB Driver ohciusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
Open Host Controller Miniport USB Driver ohbusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
Open Host Controller Miniport USB Driver (rev.d) ohdusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
Open Host Controller Miniport USB Driver ohcusb.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
.lnk msmapibx32.exe
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
.lnk msmapiax32.exe
X
 Identified as a variant of the Rootkit.Win32.Agent.uj rootkit.
jnhjkfrn jnhjkfrn
X
 Added by the Backdoor.Rustock backdoor rootkit.
ro0 Service ro0.exe
X
 Added by the Backdoor.HackDefender rootkit.
fnhoje fnhoje
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
<not used> helps.dll
X
 Added by the Hacktool.Rootkit rootkit.
ellowtab ellowtab.txt
X
 Identified as a variant of the Backdoor.Rustock backdoor and rootkit.
btstack btstack.ibs
X
 Added by the Mal/RKRustok-A worm and rootkit.
qwer78 qwer78.sys
X
 Added by the Backdoor.Rustock backdoor rootkit.
FPU emulation service x86emul.sys
X
 A variant of the Haxdoor Trojan rootkit.
sysldr sysldr
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen!C rootkit.
srtwe srtwe.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
khtml khtml.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
retx2 retx2.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
nested nested.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
nax12 nax12.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
jecsst jecsst.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
fvelwow fvelwow.sys
X
 Identified as a variant of the Backdoor:Win32/Rustock.gen rootkit.
USB2_04 nkv2.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.tj rootkit.
agony wininit.sys
X
 Added by the NTRootKit-K rootkit.
ntndis ntndis.sys
X
 Added by the Troj/RKProc-F rootkit.
BASFNDD BASFNDD.sys
X
 Identified by Kaspersky Antivirus as a variant of the Rootkit.Win32.Agent.to malware.
kprof kprof
X
 Added by the Trojan-Proxy.Win32.Wopla.ag rootkit.
fak32 fak32.sys
X
 A variant of the Backdoor:Win32/Rustock.gen malware.
APC Power Management powerio.sys
X
 Identified as a variant of the RKit/Agent.X.5 rootkit.
ntio922 ntio922.sys
X
 Identified as a variant of the RKIT/Agent.EZ rootkit.
ndisaluo ndisaluo.sys
X
 Identified as a variant of the TR/Rootkit.Gen rootkit.
Object memory mapping 8.0 isodvstg.sys
X
 Added by a variant of the Goldun.Fam rootkit.
kcp kcp.sys
X
 Added by the ROJ_ROOTKIT.EW rootkit.
ntload v0.1 ntload.sys
X
 Identified as a variant of the Trojan.Ntrootkit.AL rootkit.
mp3 audio mp32s.sys
X
 A variant of the TR/Rootkit.Gen rootkit.
srr srr.sys
X
 Added by the Rootkit.Agent rootkit.
dhlp dhlp.sys
X
 Identified as a variant of the Win32.Rootkit.Gen rootkit.
Kernel TCP Filtering protocol necsort.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
Nvdia Native Rendering nvnatv.sys
X
 Added by a variant of the Goldun.Fam rootkit.
NVidia XTLayer gateway nvnati.sys
X
 Added by a variant of the Goldun.Fam rootkit.
ctl_w32 ctl_w32.sys
X
 Identified as a variant of the Rootkit.Win32.Agent.pq rootkit.
Object memory mapping 8.0 ati2kstg.sys
X
 A variant of the Haxdoor rootkit.
cjamkm cjamkm.sys
X
 Added by a variant of the Troj/NTRootK-CM rootkit.
63cica 63cica.sys
X
 Added by a variant of the Troj/NTRootK-CL rootkit.
ke32psag ke32psag.sys
X
 A variant of the Haxdoor rootkit.
ZZZdrv_lich lich.sys
X
 A variant of the Trojan.NtRootKit rootkit.
IPv6 BT converter xdrve9d.sys
X
 A variant of the Haxdoor rootkit.
ini910p ini910p.sys
X
 A variant of the Ascesso Rootkit.
Windows Update Check syslodr.exe
X
 Identified as a variant of the W32/Rootkit.ASA.dropper rootkit.
g_rkt win32_rkt.sys
X
 Identified as a variant of the Win32.Rootkit.Agent.MO rootkit.
noskrnl noskrnl.sys
X
 Added by the Trojan.Peacomm.D rootkit. Trojan.Peacomm.D is a Trojan horse that gathers system information and email addresses from the compromised computer.
NdisWon NdisWon.sys
X
 Identified as a variant of the Ascesso rootkit.
RGB video output ycsrga.sys
X
 Added by a variant of the Goldun.Fam rootkit.
YVPB video output ycsrgb.sys
X
 Added by a variant of the Goldun.Fam rootkit.
Object memory mapping 8.0 ati2psag.sys
X
 Added by a variant of the Goldun.Fam rootkit.
asc3550o asc3550o.sys
X
 Identified as a variant of the Trojan.Rootkit.Agent rootkit.
asc355O asc355O.sys
X
 Identified as the Trojan.Rootkit.Agent.NCY rootkit.
Oddysee ntoskrnl.exe:kernel
X
 Added by the W32.Focelto.A rootkit. This rootkit is a Alternate Data Stream file which requires certain tools to remove it. The ntoskrnl.exe it is attached to is a legitimate Microsoft file and should not be removed.
<Random CLSID> sygate.exe
N
 Added by the W32.Focelto.A worm. W32.Focelto.A is a worm that spreads through Microsoft instant messaging clients and uses Rootkit techniques. It opens a back door on the compromised computer. This infection is bundled with the ntoskrnl.exe:kernel ADS rootkit.
PPA Virtial rendering nvsystl3.sys
X
 Added by a variant of the Goldun.Fam rootkit.
Rege memory mapper flashsmt.sys
X
 Added by a variant of the Goldun.Fam rootkit.
wsnpoem.sys wsnpoem.sys
X
 Identified as the Backdoor.Win32.Small.lu/Rootkit.V malware.
Megadrv3 srosa.sys
X
 Added by the W32.Beagle.GM rootkit.
srosa srosa.sys
X
 Added by the TROJ_ROOTKIT.JS rootkit.
protect Protect.sys
X
 A variant of the Trojan.NtRootKit.361 rootkit.
asc355 asc355.sys
X
 A variant of the TROJ_AGENT.AAND rootkit.
NVidia TLayer gateway A2 nvmapi.sys
X
 Added by a variant of the Goldun.Fam rootkit.
Memory SCN ovwscn.sys
X
 Added by a variant of the Goldun.Fam rootkit.
Memory SCN X1 ovrscn.sys
X
 Added by a variant of the Goldun.Fam rootkit.
ro0 Service ro0.exe
X
 Identified as a Spambot variant.
MSDV Driver msdvdr.pif
X
 A variant of the HackerDefender rootkit.
SysLibrary DefLib.sys
X
 Added by the Troj/NtRootK-CA rootkit.
Object memory mapping 8.0 ati2ksag.sys
X
 Added by a variant of the Goldun.Fam rootkit.
ytghyuiokjnmvrq wincab.sys
X
 Added by the Mal/RootKit-A rootkit. The service and display name are typically random.
spooldr spooldr.sys
X
 Added by the Trojan.Peacomm.C rootkit.
yscpsdfh zscpsdfh.sys
X
 Added by the Troj/RKPort-Fam Trojan rootkit.
yvaeypeb zvaeypeb.sys
X
 Added by the Troj/Bckdr-QJB rootkit.
yxwituxh zxwituxh.sys
X
 Added by the Troj/Dropper-QV rootkit.
<not used> WINFBI32.dll
X
 Added by the Backdoor.Ginwui.F backdoor. Backdoor.Ginwui.F is a Trojan horse that opens a back door and uses rootkit techniques to hide its presence.
atietbxx atietbxx.sys
X
 A variant of the Goldun rootkit.
symavc32 symavc32.sys
X
 Rootkit added by the Troj/Agent-FZV Trojan.
UPS COMcontrol upsctrl3.sys
X
 A variant of the Goldun rootkit.
rlx6dob6 rlx6dob6.sys
X
 A variant of the Goldun rootkit.
IsDrv118 IsDrv118.sys
X
 Added by the Troj/NTRootK-BU rootkit.
runtime2 runtim2.sys
X
 Added by the Troj/Rootkit-BI rootkit.
HDTV video output mswsaf.sys
X
 Rootkit used by a variant of the Goldun Trojan.
Windows Notification Service winntify.exe
X
 Rootkit found with SmitFraud infections.
windbg48 windbg48.sys
X
 Added by the Troj/RKAgen-A rootkit.
Local Network Spooler lspooldrv.sys
X
 A variant of the Hacker Defender rootkit.
xpdx system driver xpdx.sys
X
 Added by the Troj/Rustok-B rootkit.
atixdaxx atixdaxx.dll
X
 A variant of the Goldun Trojan. This infection utilizes the atixdbxx.sys rootkit to hide itself.
ATI Hardware TnL Rendering atixdbxx.sys
X
 A variant of the Goldun rootkit.
lololol _hideme_imhiddenlololol.exe
X
 Added by the Troj/Hideme-A Trojan. This infection is hidden by the rootkit file C:\_hideme_MYFILE.SYS.
NVIDIA Compatible Windows Miniport Driver nvmini.sys
X
 Added by the PE_CORELINK.C-O rootkit.
core core.sys
X
 Identified by Spybot - Search and Destroy as Smitfraud-C.CoreService. This infection is a rootkit found with certain smitfraud infections.
runtime2 runtime2.sys
X
 Identified by Kaspersky as Rootkit.Win32.Agent.ey.
ATI TnL Rendering atiddbxx.sys
X
 A variant of the Haxdoor rootkit.
windev-b51-433 windev-b51-433.sys
X
 Added by the Troj/Dorf-H rootkit.
xpdt system driver xpdt.sys
X
 Added by the Troj/Rustok-Q Trojan.
<unknown> gdow2k.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
FPU mainboard extention ramvxt.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
<unknown> eps32sys.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
MTdX main controller linksrvd.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
RGB video output mswsaf.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
IPSTK driver mswsag.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
VISSV symvcs.sys
X
 A variant of the Troj/Haxdor-Fam family of rootkits.
cmdriver cmdriver.sys
X
 Added by the SecurityRisk.Cashmoa rootkit. SecurityRisk.Cashmoa is a security risk that hides any processes that are named cmc.exe.
Routing and Remote Access muniu.exe
X
 Added by the W32.Niumu worm. W32.Niumu is a worm that spreads through network shares and infects .exe and .scr files. The threat also steals passwords typed into Internet Explorer.

This service is actually a legitimate Microsoft service that was altered by the infection to start the muniu.exe infection. Therefore, instead of deleting the service you should instead changes it's ImagePath value back to %SystemRoot%\System32\svchost.exe -k netsvcs.
Zxftajzo Zxftajzo.sys
X
 Added by the Backdoor.Darkmoon.D backdoor.
TestUSB TestUSB.sys
X
 Added by the Troj/NtRootK-M rootkit.
lanmandrv lanmandrv.sys
X
 Added by the Troj/Agent-ELF rootkit.
EXAMPLE main.sys
X
 Added by the Troj/SpyAge-B Trojan. Main.sys has been further identified as Troj/NTRootK-BP.
<unknown> ppdriver.sys
X
 Added by the Troj/RKProc-Fam rootkit. More info here.
<unknown> pnpdrv.sys
X
 Added by the Troj/RKProc-Fam rootkit. Can be installed with SmitFraud related Trojans.
Plug and Play Support Driver driverpp.sys
X
 Added by the Troj/RKProc-Fam rootkit. Can be installed with SmitFraud related Trojans.
IPODT1000 ssipod1.sys
X
 Added by the Troj/Haxdor-Gen rootkit.
WDVB 05 drtw6a.sys
X
 Added by the Troj/Haxdoor-DO rootkit.
rlx66dob rlx66dob.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
msfsr msfsr.sys
X
 Added by the Troj/NTRootK-BB rootkit.
syswav syswav.sys
X
 Added by the TROJ_KILLAV.GG rootkit. This infection will also close running security software.
!!!! new_drv.sys
X
 Added by the Troj/NTRootK-BE rootkit Trojan.
drivemngr drivemngr.sys
X
 Added by the Troj/LdPinch-QB rootkit. This program, once loaded, hides other files related to this infection.
wincom32 wincom32.sys
X
 Added by the Trojan.Peacomm downloader Trojan. This infection contains rootkit functionality that enables it to hide some of its associated files.
KWatch1 KWatch1.sys
X
 Rootkit added by the Troj/Agent-DZY Trojan.
ASUS PCI controller mi5035a5.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
MMX2 virtualization service mmx19g.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
MMX virtualization service mmx19g.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
MCRT accelerator eexvpn.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
ROME ROTYUS hxdefdrv.sys
X
 Added by the Troj/HacDef-DR rootkit.
IPSTK driver ufgrbe.sys
X
 A variant of the Troj/Haxdor-Fam of rootkits.
SECURE SHELL access driver wartamd.sys
X
 A variant of the Haxdoor Trojan rootkit.
MsDLObjDrv MsDLObjDrv.sys
X
 Added by the Hacktool.Rootkit rootkit.
HWRegProt HWRegProt.sys
X
 Added by the Hacktool.Rootkit rootkit.
STK Bi 002 xcttgm.sys
X
 A variant of the Haxdoor Trojan rootkit.
STK Bi 001 xcttgm.sys
X
 A variant of the Haxdoor Trojan rootkit.
phide_ex.sys phide_ex.sys
X
 Added by the Troj/RusDrp-H rootkit.
System SSDP Services <random letters>.sys
X
 Added by the Troj/Pardot-A rootkit.
wsfit32 wsfit32.sys
X
 Rootkit used by the Rogoo LSP Hijacker to protect it's files. Other associated files are discussed here.
NvVideoCenter NvVid.sys
X
 Added by the W32.Ovagur virus. This file acts a rootkit to hide the rest of the infection's files.
<unknown> regepsrvc.sys
X
 Added by a variant of the Goldun.Fam rootkit.
NdisFilter ndisfilter.sys
X
 Added by the Troj/NetAtk-F rootkit.
<unknown> prt21sks.sys
X
 Added by a variant of the Goldun.Fam rootkit.
<unknown> satad645.sys
X
 Added by a variant of the Goldun.Fam rootkit.
<unknown> arprmdg5.sys
X
 A variant of the HaxDoor rootkit.
Kernel Objects Manager xartcd7.sys
X
 A variant of the Goldun rootkit.
!!!! hide_evr2.sys
X
 Added by the Troj/PWS-ABD rootkit Trojan.
Print Spooler Service <random file name>.exe
X
 Added by the Troj/HacDef-DJ backdoor Trojan and rootkit.
MZU_RK mzu_drv.sys
X
 Added by the Troj/DwnLdr-FTB downloader Trojan.
Miniport FT32 yvbb01.sys
X
 Added by a variant of the Troj/Haxdor-Gen. rootkit.
Miniport FT yvbb02.sys
X
 Added by a variant of the Troj/Haxdor-Gen. rootkit.
<unknown> fanxctrld.sys
X
 A variant of the Troj/Haxdor-Gen rookit.
<not used> myqq_.exe
X
 Added by the Troj/QQPass-AIS Trojan rootkit.
BlueODrv blueodrv.sys
X
 Added by the Infostealer.Blurax Trojan. Infostealer.Blurax is a Trojan horse that logs keystrokes and steals confidential information from the compromised computer. The Trojan may use rootkit techniques to hide its presence on the compromised computer. This part of the infection acts as a rootkit in order to the services.
<not used> winfkhide.dll
X
 Added by the Backdoor.Ginwui.E rootkit.
MMX virtualization service rmk8ot.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
MMX2 virtualization service rmk9ot.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
FClear Service wnmifc.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
MClear Service wnmicf.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
CsdDriver CsdDriver.sys
X
 Added by the Troj/Goldun-EE password-stealing Trojan.
USB p79bsksb p79bsksb.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
mm77lgn control service mm77lgn.sys
X
 Added by a variant of the Troj/Haxdor-Gen. rootkit.
<unknown> agpbrdg5.sys
X
 Added by a variant of Troj/Haxdor-Gen.
<unknown> scsipsrvc.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
DCode emulator A37 emul37.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
DCode emulator emul65.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
winsis32 winsis32.dll
X
 Added by the Troj/Nebuler-H Trojan. Troj/Nebuler-H gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
winnok32 winnok32.dll
X
 Added by the Troj/Nebuler-F Spyware Trojan. Troj/Nebuler-F gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
PRT4701 Printer driver prt47sys.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
YVPB video output svjvpn.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
RGB video output svkvpn.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
MMC card reader mmccrd.sys
X
 A variant of the HaxGen/Goldun rootkit.
Kernel Objects Manager obbf117.sys
X
 A variant of the HaxGen/Goldun rootkit.
VMemory protect k53lock.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
winxtx32 winxtx32.dll
X
 Added by the Troj/Nebuler-D Trojan. Troj/Nebuler-D gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.
YVPB video output xdpptp.sys
X
 A variant of the Troj/Haxdor-Fam rootkit.
NDIS OSI ycsvgd.sys
X
 The Troj/Haxdor-Fam rootkit.
<unknown> asusrx25.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
TCP x IP2 Kernel32 seppgm.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
TCP x IP2 Kernel seppgm.sys
X
 Variant of the Troj/Haxdor-Fam rootkit.
IRDa Modem device #12 se633mxxd.sys
X
 Added by a variant of the Goldun rootkit.
<unknown> fpuext.sys
X
 Added by a variant of the Goldun rootkit.
ARM FDCG850 device armrfc.sys
X
 Added by a variant of the Goldun rootkit.
<unknown> estsprt.sys
X
 Added by a variant of the Goldun rootkit.
<unknown> socket573.sys
X
 Added by a variant of Goldun rootkit.
ARM TSL device armdvc.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
RGB video output ycsrga.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
YVPB video output ycsrgb.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
IP2 UDPB2 ipudpb2.sys
X
 Added by a variant of the Goldun rootkit.
<unknown> mmx19g.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
<unknown> mmx17g.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
<Unknown> armdvc.sys
X
 Added by a variant of the Goldun.Fam rootkit.
<Unknown> vxdgfx.sys
X
 Added by a variant of the Goldun.Fam rootkit.
<Unknown> nuclab.sys
X
 Added by a variant of the Goldun.Fam rootkit.
<Unknown> openglssd.sys
X
 Added by a variant of the Goldun.Fam rootkit.
OPENSSL cryptoapi axdebugld.sys
X
 A variant of the Haxdoor rootkit.
[Unknown] docentd.sys
X
 A variant of the Haxdoor rootkit.
[Unknown] mmlogon.sys
X
 A variant of the Haxdoor rootkit.
[Unknown] socketx113.sys
X
 A variant of the Haxdoor rootkit.
[Unknown] nclaby.sys
X
 A variant of the Haxdoor rootkit.
[Unknown] xcdkernl.sys
X
 A variant of the Haxdoor rootkit.
YVPB video output ycsrgb.sys
X
 A variant of the Haxdoor rootkit.
<unknown> idersrvc.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
NDIS OSI ycsvga.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
LAN FW adapter lannui.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
LAN MSFW adapter lannui.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
SATA bus driver satau325.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
UDP32 netbios mapping twpkbd.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
Win23 lzx files loader lzx32.sys
X
 Added by the Troj/RKRustock-A rootkit. This infection utilizes Alternate Data Streams in order to hide itself.
mvrescue mvrescue
U
 Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004.
Registry protect service regP64.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
Registry protect service 2 regP32.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
USB p76xxsks p76xxsks.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
LOGON support service iesservice4.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
NOD AV service nodantivir.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
msdirect msdirect.sys
X
 Added by the Troj/RKFu-C rootkit.
INPUT/OUTPUT printing ddirectxt.sys
X
 A variant of the Haxdoor rootkit.
<unknown> mkey.sys
X
 Rootkit used by the Troj/IRCBot-HG infection.
SECURE SHELL access driver xkeyshd.sys
X
 Rootkit identified by Kaspersky Anti-Virus as Trojan-Spy.Win32.Goldun.kr.
DVBa X11 controller bmtdhk.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
DVB X11 controller bmtdhk.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
m_hook m_hook.sys
X
 Added by the Trojan.Rootserv rootkit.
MMX2 virtualization service dxtpdx.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
MMX virtualization service dxtpdh.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
KMX direct access sdcardX2.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
BLUETOOTH IPv4 service wnlogow.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
GDI kernel srvc gdiw2k.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
OPENGL technology access flashdrv3.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
UDPservice msudp4.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
Windows Objects manage obbn13rt.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
SE500 Generic se500mdmd.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
LOGON suport service ies4service.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
CDRW overrun protection cdscsix3r.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
IO Direct printing service directprt.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
MMX2 virtualization service pptp24.sys
X
 Added as variant of the Troj/Haxdor-Gen family of rootkits.
Unknown m32lock.sys
X
 A variant of the Troj/Haxdor-Gen rootkit.
<non alphabetical characters>IPX/SPX usbmini.sys
X
 Added by the Troj/Proxy-CY rootkit.
USB prw76sks prw76sks.sys
X
 Rootkit component of Backdoor.Haxdoor.L.
pe386 <random number>
X
 Added by the Backdoor.Rustock.A backdoor Trojan. This infection uses Alternate Data Streams and rootkit technology to hide itself and the service entry.
hpdriver hpdriver.sys
X
 A variant of the Troj/Rootkit-AA kernel-mode rootkit family.
vvcxqgpq vvcxqgpq.sys
X
 Added by the Trojan.Agentdoc.B rootkit.
NK45 file system driver nkcfg.sys
X
 Added by the TSPY_HAXSPY.AD rootkit.
bridges bridges.sys
X
 A rootkit driver service.
msinfmgr msinfomgr.sys
X
 Added by the W32.Naras virus with keylogging and rootkit functionality.
WDVB 05 dvb06a.sys
X
 A variant of Troj/Haxdor-Fam rootkit.
squell vook.sys
X
 Added by the Troj/NTRootK-AC rootkit.
SE 3.0 memory driver vistaj.sys
X
 Added by the Haxdoor-gen rootkit.
SE 3.2 memory driver vistaj.sys
X
 Added by the Haxdoor-gen rootkit.
wxtw PNP DRIVER wxtwdx.sys
X
 Added by the Troj/Haxdor-Gen rootkit.
wxtwdu PNP DRIVER wxtwdu.sys
X
 Added by the Troj/Haxdor-Gen rootkit.
VXV CPU device vxvgfv.sys
X
 Troj/Haxdor-Gen rootkit.
OPENGL technology access openglwxd.sys
X
 Added by the TSPY_GOLDUN.EI rootkit.
Printer direct access directout.sys
X
 Added by the TSPY_GOLDUN.EG rootkit.
virdr virdr.sys
X
 Added by the Troj/Rootkit-W rootkit.
winm TCP winm32.sys
X
 Troj/Haxdor-Gen rootkit utilized by the Troj/Haxdoor family.
winm64 TCP winm64.sys
X
 Troj/Haxdor-Gen rootkit utilized by the Troj/Haxdoor family.
MMX2 virtualization service mmxF64.sys
X
 Added by the Troj/Haxdor-Gen rootkit.
MSDN Driver msdndr.pif
X
 Added by the Troj/HacDef-EQ rootkit.
XPPTP 0x25 winsock xptpmm.sys
X
 Added by the Troj/Haxdor-Fam rootkit variant.
XPPTP 0x24 winsock xptpmm.sys
X
 Added by the Troj/Haxdor-Fam rootkit variant.
mdojtgmr mdojtgmr.sys
X
 Added by the Keylogger.Mose keylogger with rootkit capabilities.
NDIS OSI32 yvpp01.sys
X
 Added by the Troj/Haxdoor-BM rootkit.
delphi voot.sys
X
 Added by the W32.Detnat rootkit. May download PWSteal.Lineage and stealth it.
pptp64 pptp64.sys
X
 Added by the Troj/Haxdor-Fam rootkit.
pptp32 pptp64.sys
X
 Added by the Troj/Haxdor-Fam rootkit.
Zcjflmoj Zcjflmoj.sys
X
 Added by the Troj/Bckdr-GPJ backdoor Trojan with rootkit capabilities.
AVXSearch service ke7dnl.sys
X
 Added by the Troj/Haxdoor-BH rootkit Trojan.
taskdir taskdir.exe
X
 Added by the Trojan.Abwiz.F rootkit/downloading Trojan. This infection has rootkit capabilities that it uses to hide its presence. This infection is marked as a rootkit as it injects the C:\Windows\System32\taskdir.dll file into all running processes.
OPENSSL cryptoapi zopenssld.sys
X
 Added by the Trojan.Goldun.K rootkit.
UDP checksum correction dvdkernl.sys
X
 Added by the Troj/Haxdoor-BC Trojan.
Zxbnredm Zxbnredm.sys
X
 Added by the Backdoor.Hesive.E rootkit driver. This driver will attempt to stealth certain registry keys and files so they are not detectable or visible.
xmsk64 xmsk64.sys
X
 Added by the Backdoor.Haxdoor.H rootkit.
Zrwchrhu Zrwchrhu.sys
X
 Added by the Backdoor.Hesive.C backdoor Trojan. This particular part of the infection acts as a rootkit to hide and files or registry entries it creates.
InvisibleDrvNT InvisibleDrvNT.sys
X
 Added by the Troj/Haxdor-Fam Trojan. This driver utilizes rootkit stealthing technology to hide other malware.
remon REMON.SYS
X
 Rootkit used by some infections to hide other files and configuration information.
HP32X Printer driver hpprintdrv.sys
X
 Added by the Troj/Haxdoor-AU rootkit Trojan.
iesdl4l iesdl4l.dll
X
 Added by the Troj/Haxdoor-AQ backdoor Trojan. This infection utilizes the C:\Windows\System32\iesservice4.sys rootkit.
EPS Printer driver epsn2sys.sys
X
 Identified as Trojan.NtRootKit.75.
EPS Printer Driver EPSONSYS.SYS
X
 Added by the Trojan.Goldun.I password-stealing Trojan for online banks. This is a rootkit that attempts to hide itself and its components.
NetSTrSvc netsvcs.sys
X
 Added by the Troj/HacDef-AM rootkit.
MiniPCI MiniPCI.sys
X
 Added by the Troj/NtRootK-M rootkit.
TCPIP2 Kernel32 avpe64.sys
X
 Added by the Troj/Haxdoor-AP rootkit.
XRW005 <random filename>
X
 Added by the Troj/Hackvan-B Trojan rootkit.
DER005 <random filename>
X
 Added by the Troj/Hackvan-B Trojan rootkit.
UDP Packet Correction Wnlogon.sys
X
 Identified as part of a variant of Trojan.PWS.Egold. This file will usually be hidden by the rootkit logon032.dll.
Microsoft Information Driver xxxdefdrv.sys
X
 Added by the Troj/HacDef-AB rootkit. Other files associated with this infection are wdl.exe, wdl.dll, xxxdefdrv.sys, windows.exe, xmlsvc.exe, , mldata.dll ,xmlsvc.dll ,.tmp ,rpcsvc.exe ,ioservice.exe, ioservice.ini, rpcsvr.exe, smap.exe, sv.exe, diketraffic.conf, dikeentry.conf ,bitsm.exe, kern32.dll, bitsm.exe -start, iobanana.exe, and ioA.exe.
SLMDriver SLM32.sys
X
 Added by the Troj/Rootkit-AA rootkit.
[not used] stealth.worm.exe
X
 Added by the PE_THEALS.A file infector. This infection also utilizes rootkit technology.
Network Control Manager aries.sys
X
 Added by the Sony/XCP DRM Rootkit. This file is the actual rootkit driver for the Sony DRM application.
CPU microcode correction cpudev.sys
X
 Added by the Troj/Haxdoor-AO Trojan.
sks2drvr sks2drvr.sys
X
 Added by the Backdoor.Haxdoor.G backdoor Trojan.
WRM CPU driver wrmdrv.sys
X
 Added by the W32/Goldax-B worm.
rofl rofl.sys
X
 Added by the Hacktool.Rootkit rootkit.
IP correction service msrdr2.sys
X
 Added by the Troj/Haxdoor-AJ backdoor Trojan.
MCFservice mcfdrv.sys
X
 Added by the W32/Goldax- Peer to Peer (P2P) worm with backdoor functionality.
TCPIP Kernel32 avpu32.sys
X
 Added by the Troj/Haxdoor-ED. The rootkit logs the keypress in the file klogini.dll.
VANTI God.sys
X
 A variant of the Troj/Hackvan-A rootkit.
TCPservice msftcpip.sys
X
 Added by a variant of the Troj/Haxdor-Gen rootkit.
msriv1 msriv1.sys
X
 Added by the W32/Rbot-AGE worm. When started, this infection connects to a remote IRC server and waits for commands to execute. This particular Rbot also uses rootkit technology to hide itself.
AVPX64 TCP AVPX64.SYS
X
 Added by the Troj/Haxdoor-Y backdoor trojan. This infection uses rootkit technology to hide itself from being seen.
AVPX TCP AVPX32.SYS
X
 Added by the Troj/Haxdoor-Y backdoor trojan. This infection uses rootkit technology to hide itself from being seen.
NGate service tage32.sys
X
 Added by the Troj/Haxdoor-R rootkit. This infection makes it so you can not see certain processes, files, or registry keys on your computer. It is usually installed in conjunction with other malware.
msdirectx msdirectx.sys
X
 Added by the W32/Sdbot-XP, W32/Sdbot-XQ, and W32/Sdbot-XR worms as a new service. They will use the same display name, and exploit IRC channels.
iesprt IESPRT.SYS
X
 Added by the Troj/Goldun-G password stealing trojan. If you have this infection you should change all your passwords.
rdriv rdriv.sys
X
 A rootkit bundled with various infections in order to hide them.
msdirectx msdirectx.sys
X
 This infection hijacks Internet Explorer to redirect to search-area.com. More information can be found here - Troj/Malche-A.
KeBoot Boot32.sys
X
 Added by the HaxDoor.B rootkit/backdoor Trojan. This service is installed as a system driver and is part of the rootkit functionality of this infection.
KeSDM Sdmapi.sys
X
 Added by the HaxDoor.B rootkit/backdoor Trojan. This service is installed as a system driver and is part of the rootkit functionality of this infection.
VIRTwin VDMT16.SYS
X
 Added by the Troj/Haxdoor-CN rootkit infection. This file is installed as system driver and is used to hide processes, files, and registry keys from being seen.
SCNDmem WINLOW.SYS
X
 Added by the Troj/Haxdoor-CN rootkit infection. This file is installed as system driver and is used to hide processes, files, and registry keys from being seen.
MemDRV vdnt32.sys
X
 Part of the Troj/Haxdoor-AE rootkit. This is installed as a system driver service so will not be seen in the services.msc control panel.
LMMngr memlow.sys
X
 Part of the Troj/Haxdoor-AE rootkit. This is installed as a system driver service so will not be seen in the services.msc control panel.


> Status Key
Each entry in the database will have a Status assigned to it. The key to this status is the following:
  • Y - This status flag means that this entry should be left alone and be allowed to run as if it is unchecked it may break the functionality or use of a particular program.
  • N - This status flag means it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
  • U - This status flag means it is up to you whether or not you feel this program needs to run automatically.
  • X - This status flags means the item should definitely not start up automatically. Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.
  • ? - This status flag means the status of this entry is unknown at this time and more research is necessary.
If you require assistance in removing one of these files you can ask us in the Startup Database Forum.

> Disclaimer
It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides


Portions of this database © Paul Collins
© 2003-2009 All Rights Reserved Bleeping Computer LLC.
PGT: 0.166 Queries: 5