CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{FA792102-D4F3-4841-B5EB-724DB79315EE} | userinit | userinit.dll | Password stealer, detected by Kaspersky antivirus as Trojan.Win32.Agent.ecf | X BHO |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
userinit.exe | userinit.exe | Added by the Troj/Haxdoor-DP TROJAN! Note: Located in \%WINDIR%\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ | X |
Windows Service Hosting | USERINIT.exe | Added by the W32/Gommer-A WORM! Note: Located in \%Common Files%\system\(5BB5AD01-5EF7-40EC-93C7-5B152124146CA)\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ | X |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
User Initialization (usrinit32) | userinit.exe | Added by the IRC/BackDoor.SdBot2.QV as detected by Avast AVG. TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) | X |
Userinit Logon Verification (UsrInitVerif) | userinit.exe | Added by the W32/Tilebot-EVWORM! Located in the Windows or Winnt folder. | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{CD5AC91B-AE7B-E83A-0C4C-E616075972F3} | (no name) | userinit.exe | Infostealer trojan, detected as W32.Feebs.J@mm - also see here | X |
{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC} | (no name) | svhost.exe, userinit.exe, svchost.exe, mshyet.exe, other filenames | Infostealer trojan, detected by Microsoft as TrojanSpy:Win32/Ardamax.AU - also see here | X |