CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {C41A1C0E-EA6C-11D4-B1B8-444553540000} | (no name) | rundll32.dll | Troj/Bamer-B | X BHO |
| {77962960-536E-47EC-9DDB-52651519705F} | CpapView Class | cpap.dll, cacb.dll, rundll32.dll, Rundl132.dll | Downloader trojan of Chinese origin hailing from cacb.tv - produces ad popups; also see here | X BHO |
| {36DBC179-A19F-48F2-B16A-6A3E19B42A87} | (no name) | systeminfo.dll, rundll32.dll, esentutl.dll, tskill.dll, odbcad32.dll, winver.dll, rasdial.dll, setup.dll, spoolsv.dll, finger.dll, charmap.dll, runonce.dll, scardsvr.dll, winspool.dll, any filename taken at random from the System or System32 folder | Password stealer trojan, detected by Symantec as Infostealer.Bzup.B | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| MMSystem | "%\Windows%\rundll32.exe "%System%\mmsystem.dll"", RunDll32" | Added by a FUNNER.A worm infection | X |
| cesmain.dll | Rundll32.exe [path] cmail.dll, Rundll32 | CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted | X |
| BIE | Rundll32.exe BDSrHook.dll, Rundll32 | BDplugin parasite | X |
| CnsMin | Rundll32.exe CNSMIN.DLL, Rundll32 | CnsMin (Chinese_Keywords) related | X |
| AxFilter | Rundll32 AXFILTER.DLL, Rundll32 | CnsMin (Chinese_Keywords) related | X |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| rundll32 (rundll32) | rundll32.exe | Added by the Troj/Feutel-Q TROJAN! | X |
| Windows DHCP Service (WinDHCPsvc) | rundll32.exe | Win32/Agent.ABF Note: rundll32.exe is legitimate but is being used to load the malware file %system%\windhcp.ocx Note: Read the link, collects sensitive information | X |
| Windows DLL Loader (RunDll32) | rundll32.exe | Added by the Troj/Agent-MD TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the C:\%WINDIR%\dll\ folder. | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| d73f6841 | rundll32.exe | Added by the Browsafe Trojan.Win32.Generic Note: Do not remove the legitimate (rundll32.exe) file which is always found in \%Windir%\%System%\ | X |
| 892cc6a3 | rundll32.exe | Added by the rundll32.exe Browser hijacker Note: Do not remove the legitimate (rundll32.exe) file which is always found in \%Windir%\%System%\ | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {7B0FB540-F5CD-FF9F-FE6E-6FFCB1AF66C3} | (no name) | rundll32.exe | Infostealer trojan, detected by Kaspersky antivirus as Worm.Win32.Shakblades.z , see this ThreatExpert Report | X |
| {V507H04T-KIX2-7O6Q-818E-4K7YX6T537X0} | (no name) | rundll32.exe | Infostealer trojan, dropper detected by Kaspersky antivirus as Trojan-Spy.Win32.KeyLogger.qzp - also see this ThreatExpert Report | X |
| {2H6ND1DE-237T-3322-K250-U3PP75Q7S552} | (no name) | rundll32.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here | X |
| {LN3D0AX8-R242-8EI0-455D-IQIC5PQ8XO01} | (no name) | rundll32.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |
| {4NGA25TH-VQEQ-45J7-WILL-BB8J7BYC2B8W} | (no name) | rundll32.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |