Listing Processes and DLL Files with HijackThis

This section provides a tutorial example on how to use the Process Manager in HijackThis to review running processes and their loaded DLL files on a Windows system.

Another nice feature of HijackThis is the Process Manager which allows you to review each running process and its required DLL files:

1. Double click "C:\local\HijackThis\HijackThis.exe". You will see HijackThis started with its main menu:

2. Click the "Open the Misc Tools section" button. You will see the configuration screen with the "Misc Tools" tab open.

3. Click the "Open process manager" button. You will a list of running processes.

4. Select the "C:\Program Files\McAfee\Common Framework\McTray.exe" entry and check the "Show DLLs" checkbox. You will a list of DLL files that are required by McTray.exe.

5. Click the Disk icon and save the running process list and DLL file list of the selected process to a file.

[pid] [full path to filename]   [file version]  [company name]
4860  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE    2.2.1.0 Lenovo Group ...
4296  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE     6.2.2.0 Lenovo Gro...
4968  C:\Windows\system32\taskhost.exe       6.1.7601.18010  Micro...
1788  C:\Windows\system32\Dwm.exe    6.1.7600.16385  Microsoft Cor...
1232  C:\Windows\Explorer.EXE   6.1.7601.17514  Microsoft Corporat...
5608  C:\Windows\System32\hkcmd.exe     8.15.10.2538    Intel Corp...
5648  C:\Windows\System32\igfxpers.exe       8.15.10.2538    Intel...
5784  C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe    1....
3868  C:\Program Files\McAfee\Common Framework\McTray.exe    2.1.1...
4600  C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE    14...
1852  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe   6....
3576  C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.ex...
...

DLLs loaded by process
C:\Program Files\McAfee\Common Framework\McTray.exe:

[full path to filename]   [file version]  [company name]
C:\Windows\SYSTEM32\ntdll.dll     6.1.7601.18247  Microsoft Corpor...
C:\Windows\system32\kernel32.dll       6.1.7601.18229  Microsoft C...
C:\Windows\system32\KERNELBASE.dll     6.1.7601.18229  Microsoft C...
C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL....
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1...
C:\Windows\system32\msvcrt.dll    7.0.7601.17744  Microsoft Corpor...
C:\Windows\system32\USER32.dll    6.1.7601.17514  Microsoft Corpor...
C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll
...

This tool definitely will help you to detected any process hijacked by malware.

The picture below shows the Process Manager of HijackThis for listing current processes and their loaded DLL files:

HijackThis Process Manager
HijackThis Process Manager

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

HijackThis - Browser Hijacker Diagnosis Tool

 Downloading and Installing HijackThis

 Scan Report Generated by HijackThis

 HijackThis Log File Entry Types

 Building "ignorelist" for HijackThis

 Fixing Settings Reported by HijackThis

 Generating Startup Program List by HijackThis

Listing Processes and DLL Files with HijackThis

 Listing Installed Programs with HijackThis

 HijackThis Configuration Settings

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB