SystemLookup - Active Setup List

List Information

Started by: SystemLookup

Maintained by: TonyKlein

Active Setup List

The Active Setup list catalogues legitimate and potentially unwanted Active Setup Installed Components.

Status Key:
X = Malware, spyware, adware, or other potentially unwanted items
L = Legitimate items
O = Open to debate
? = Currently unknown status

Filename

CLSID

Name

Searching: Over 4,708 items

Search Results
(displaying 32 results)

CLSID	Name	Filename	Description	Status
{7B0FB540-F5CD-FF9F-FE6E-6FFCB1AF66C3}	(no name)	rundll32.exe	Infostealer trojan, detected by Kaspersky antivirus as Worm.Win32.Shakblades.z , see this ThreatExpert Report	X
{V507H04T-KIX2-7O6Q-818E-4K7YX6T537X0}	(no name)	rundll32.exe	Infostealer trojan, dropper detected by Kaspersky antivirus as Trojan-Spy.Win32.KeyLogger.qzp - also see this ThreatExpert Report	X
{2H6ND1DE-237T-3322-K250-U3PP75Q7S552}	(no name)	rundll32.exe	Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here	X
{LN3D0AX8-R242-8EI0-455D-IQIC5PQ8XO01}	(no name)	rundll32.exe	Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here	X
{4NGA25TH-VQEQ-45J7-WILL-BB8J7BYC2B8W}	(no name)	rundll32.exe	Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here	X
{4405N34S-8257-0ME0-02F0-82BK54R373MH}	(no name)	rundll32.exe	Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here	X
{W42C131A-8Q03-3Y04-X05L-L3064E654VE7}	(no name)	rundll32.exe	Infostealer trojan, detected by Kaspersky antivirus as Trojan-Dropper.Win32.VB.auce - also see here	X
{4FZ8RK-15AQ-16NC-23OR4-2KE0FA051515}	(no name)	rundll32.exe	Infostealer trojan, detected by Kaspersky antivirus as Backdoor.Win32.Hupigon.eyu - also see here	X
{B51YM5VT-V45B-AI6H-3162-567343OV06F7}	(no name)	rundll32.exe	Infostealer trojan, see here	X
{56E8WS3X-1MMN-WBAE-5228-SH4XYF733I28}	(no name)	rundll32.exe	Variant of the Xtreme RAT v3.0 backdoor trojan, see here	X
{JS328S5A-6JPD-43KN-467A-I1TEODA8IG11}	(no name)	rundll32.exe	Infostealer trojan, see here	X
{1D0017F5-0D0B-0CD7-FA78-1B9C0481959C}	(no name)	rundll32.exe	Infostealer trojan, detected by Microsoft as Backdoor:Win32/Poison.M, also see here	X
{1SWR852E-617J-1157-51P2-173HHHXS8R03}	(no name)	rundll32.exe	Infostealer trojan, see here	X
{1C3830RD-EK88-XLR5-KM33-2HQFG2170767}	(no name)	rundll32.exe	Infostealer trojan, see here	X
{6Y5LJEU6-YCV6-WT32-G5CE-HYIGRD741FG1}	(no name)	rundll32.exe	Variant of the "CyberGate" backdoor trojan, detected by ESET's Nod32 antivirus as "a variant of MSIL/Injector.CF"	X
{P01135R4-2H8I-Q528-JP42-3ER472AO8408}	(no name)	rundll32.exe	Infostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.VBKrypt.ejjt, see here	X
{28FAD2E5-01C3-43E5-8652-B49A7E8F26C2}	(no name)	[rundll32] updatemgr.dll	Infostealer trojan, see this ThreatExpert Report	X
{CEDC6AE9-CC31-4EB2-84AE-5AE6C150D46B}	(no name)	[rundll32] optranx32.dll	Infostealer trojan, detected by Microsoft as TrojanSpy:Win32/Ambler.D - also see here	X
{21d337f6-7548-4c7c-a931-2eeaf254b69a}	(no name)	[RunDLL32] IEDKCS32.DLL	Used by Microsoft Internet Explorer during user personalization processes	L
{4F76A5A0-9FE0-4111-AB6C-23DACC10177D}	(no name)	[rundll32] updatemgr.dll	Infostealer trojan, detected by DrWeb antivirus as Trojan.MulDrop3.51808	X
{0EA88F0F-B698-4AB1-8DBC-EBE2CD00927F}	(no name)	[rundll32] kmsvc32.dll, xlk.dll, aj32.dll	Infostealer trojan, detected by Microsoft as TrojanSpy:Win32/Ambler.D - also see here and here	X
{60B49E34-C7CC-11D0-8953-00A0C90347FF}	(no name)	(command): RunDLL32 IEDKCS32.DLL,BrandIE4	Microsoft Internet Explorer	L
{306D6C21-C1B6-4629-986C-E59E1875B8AF}	(no name)	rundll32.exe" "C:\Program Files\Messenger\msgsc.dll	Windows Messenger	L
{89B4C1CD-B018-4511-B0A1-5476DBF70820}	(no name)	Rundll32.exe C:\Windows\system32\mscories.dll,In stall	Microsoft® .NET Framework	L
{3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030}	(no name)	Coffin Of Evil.exe, rundll32.exe, spy.exe, memo.exe, lang.exe, rampo.exe, waterfall.scr	Variant of the Spy-Net backdoor trojan, see here and here	X
{969B3B70-8765-11D5-9809-0050BACBF861}	(no name)	rundll32.exe advpack.dll,LaunchINFSection c:\program files\CyberLink\MP3PowerEncoder\Cyb er.inf	Cyberlink Power Pack DVD Player and MP3 Ripping software	L
{5945c046-1e7d-11d1-bc44-00c04fd912be}	(no name)	(command): rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Quiet Install.PerUser	Windows Messenger	L
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}	(no name)	(command): rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg. Install.PerUser.NT	Microsoft NetMeeting	L
{6BF52A52-394A-11d3-B153-00C04F79FAA6}	Microsoft Windows Media Player	unregmp2.exe [command line:] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStu b",	Microsoft Windows Media Player	L
{1834C954-59CD-4B73-BE12-91E7F303FD7A}	Windows Live Messenger	[command line:] RUNDLL32 advpack.dll,LaunchINFSection WLPack.inf,Wldlog.Messenger.Remove	Windows Live Messenger	L
{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}	(no name)	(command:) rundll32.exe c:\windows\system32\advpack.dll,lau nchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall .ResetTour,,12	Microsoft Internet Explorer	L
{D58F39FF-953E-4F45-898F-59F243B9A523}	(no name)	(command line:) RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register, sidebar.exe	Windows Sidebar	L