Global Search

Not sure what a file is? Sort through the possibilities with a quick search of all of the lists.
Or get more accurate results by browsing and searching by list.
CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars

CLSID Name Filename Description Status
{7FFBBA7A-4237-40A2-9FF0-E600A34AA000}Microsoft.SupportCenter 0Windows-LEIC.SCenter, Windows-****.SCenterKeylogger, detected by Kaspersky antivirus as Trojan-Downloader.Win32.BHO.dw and by AntiVir as TR/Spy.Agen.35328.BX BHO
{0B56B5C3-3D91-4E1D-A234-EB1068624EDA}Microsoft.WirelessNetworks 0Windows-BETE.wirellesn, Windows-****.wirellesnKeylogger, detected by Kaspersky antivirus as Trojan-Downloader.Win32.BHO.dw and by AntiVir as TR/Spy.Agen.35328.BX BHO
{5574E139-F59C-4bee-9A61-150B0D3A16C7}MSDNS Systemservice.dllMyGeek/Cpvfeed.com adware variant, detected by AntiVir antivirus as ADSPY/BHOApp - logs search engine queries to a %Windir%\search_res.txt file. Also see hereX BHO
{11111111-1111-1111-1111-110211971101}CrossriderApp0029701, service-x86service-x86.dll, service-x86-bho.dllCrossrider cross-browser plugin, often bundled with third party software or foistware - detected as Adware.GamePlayLabs or Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.215Apps, PUP.CrossFire or PUP.CrossRiderX BHO
{30F9B915-B755-4826-820B-08FBA6BD249D}Conduit Engine, Conduit MotorConduitEngin.dll, ConduitEngine.dll, ConduitEngin0.dll, ConduitEngin1.dll, prxConduitEngin.dll, prxConduitEngine.dll, prxConduitEngin0.dll, prxConduitEngin1.dll, prxConduitEngin2.dll, ldrConduitEngine.dll, Local.DLLBrowser plugin bundled with various Conduit "Community Toolbars", also see here and hereO BHO, TB

More results in the CLSID List...
Startup List Results
Startup Entry

Name Filename Description Status
MsWerrctfmon.dllAdded by the W32.Virut.CF VIRUT! Note: Located in \%WINDIR%\%System%\X
SetUpctfmon.exeAdded by the Trojan.Win32.Pasta.fuw Note: Located in \%Program Files%\Windows NT\X
Firewallctfmon.exeAdded by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. Not to be confused by the original file in \%WINDIR%\%SYSTEM%\ folder.X
ctfmonctfmon.exeAdded by the Troj/SDBot-06 Trojan! which allows a remote user to access and control the computer via IRC channels. Note: Located in \%WINDIR%\ Note: Do not confuse with the MS Office file of the same name as described hereX
ctfmonctfmon.exeAdware responsible for tenmonkey.com popups Note: Located in \%WINDIR%\ Note: do not confuse with the MS Office file of the same name as described hereX

More results in the Startup List...
O20 List Results
AppInit_DLLs & Winlogon Notify

Name Filename Description Status
st3C:\WINDOWS\system32\st3.dllTrojanDownloader.Delf.NBHX Winlogon Notify
sunotifyWINDOWS\SYSTEM32\sunotify.dllShadowUser_Pro - Create a virtual copy of your system for private and safe Web surfing.L Winlogon Notify
(no name)Windows\System32\vsmvhk.dll folder in (XP)ShadowUser_Pro - Create a virtual copy of your system for private and safe Web surfing.L AppInit_DLLs
nvmtfga-x32%userappdata%\Local\nvmtfga.dllTroj/HkMain-CTX Winlogon Notify
stifolo%AppData%\Local\stifolo.dllTrojan.DownloaderX Winlogon Notify

More results in the O20 List...
O21 List Results
ShellServiceObjectDelayLoad

CLSID Name Filename Description Status
{1DBD6574-D6D0-4782-94C3-69619E719765}(no name)%WINDOWS%\help\B41346EFA848.dllTroj/Lineag-FCX
{BCBCD383-3E06-11D3-91A9-00C04F68105C}AUHookC:\WINDOWS\SYSTEM\AUHOOK.DLLWindows ME Microsoft AutoUpdateL
{********-****-****-****-************}System%SYSDIR%\system32.dllCWS variant (Greatsearch)X
{7849596a-48ea-486e-8937-a2a3009f31a9}PostBootReminder%SystemRoot%\system32\SHELL32.dllMicrosoft WindowsL
{fbeb8a05-beee-4442-804e-409d6c4515e9}CDBurn%SystemRoot%\system32\SHELL32.dllMicrosoft WindowsL
O22 List Results
Shared Task Scheduler

CLSID Name Filename Description Status
{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}(no name)c:\windows\system32\mtwirl32.dllCWSChroniclesX
O23 List Results
Windows Services

Name Filename Description Status
Alternative User Input Services (Ctfmon)ctfmon.exeAdded by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note: NoteThis is not the cftmon.exe normally found in C:\WINDOWS\System32\X
Microsoft CTF Loaderctfmon.exeCTF LoaderL
Windows CTF Loaderctfmon.exeW32/Sdbot-DFSCopies itself to %Windows% directoryX
LPTRDC server (LPTRDCsrv)ctfmon.exeIdentified as TrojanDownloader:Win32/Fourta.A Malware Note: located in \%WINDIR%\ Note: Use SDFix under supervision.X
Windows Updates ServiceWindows Updates Service.vbeAdded by the Windows Updates Service description. Note: Located in \%AppData%\Roaming\Windows Updates Files\X

More results in the O23 List...
O16 List Results
ActiveX

CLSID Name Filename Description Status
{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}DPFjinstall-*_*_*_**-windows-i586.cabCould be related to an old version of Sun Microsystems Java Software. For your Security you are urged to check and update your version if required. Verify Java Version?
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}DPFjinstall-14-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. http://www.java.com/en/download/installed.jsp?
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Java Plug-in 1.5.0_06jinstall-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. Sun Java update site?
{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0jinstall-6u**-windows-i586.cabCould be related to an old version of Sun Microsystems Java Software. For your Security you are urged to check and update your version if required. Verify Java Version?
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Java Plug-in 1.4.2_13jinstall-142-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. Sun Java update site?

More results in the O16 List...
SEH List Results
ShellExecuteHook

CLSID Name Filename Description Status
{E60A0B68-AF3A-C1D2-CD09-5A81A136D2BA}(no name)%WINDIR%\SYSTEM32\sonj32drv.dllInfostealer trojan, dropper detected by Kaspersky antivirus as Trojan-GameThief.Win32.OnLineGames.aiky - also see hereX
{003319FE-D7A2-456A-AE04-EB9ABF822FE4}(no name)%USER_PROFILE%\Local Settings\Temp\BAK*ow.dllPWS-OnlineGames.bcX
{00274BC4-F915-4741-A6F6-6EF95C5E17AA}(no name)%UserProfile%\Local Settings\Temp\con\zttz.dllPassword stealer trojan of Chinese origin, a variant of Infostealer.GampassX
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}Microsoft AntiMalware ShellExecuteHookWindows Defender\MpShHook.dllWindows DefenderL
{AEB6717E-7E19-11d0-97EE-00C04FD91974}(no name)%SYSDIR%\windows.dll, winforms.dllTSPY_ONLINEG.IOT trojanX

More results in the SEH List...
Drivers List Results
Driver Entry

Name Filename Description Status
System Servicectfmon.exeInfostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/PSW.OnLineGames.PSKX
Hp.Skyroom.Windows.ServiceHp.Skyroom.Windows.Service.exeRelated to Hp.Skyroom.Windows.Service.exe HP SkyRoom service from Hewlett-PackardL
Local Print AgentLocal Print Agent.exeRelated to Local Print Agent.exe collect information from local printing devices. from PrintFleet IncL
Windows RemoteHelp DeskWindows RemoteHelp Desk.DLLAdded by the Windows RemoteHelp Desk.DLL Infostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/Korplug.J Note: Located in \%AppData%\X
PayClock_Terminal_Service64Lathem.USBTM.Service.PC600.Service.
exe		Related to the Lathem.USBTM.Service.PC600.Service.exe PayClock from Lathem Time CorporationL

More results in the Drivers List...
FF Extensions List Results
Firefox Extension

CLSID Name Filename Description Status
service@touchpdf.compdfitservice@touchpdf.com.xpipdfit allows to convert a current page to PNG/JPG image, or PDF format. During the page to image conversion some image filters can be applied (e.g. rotate, reflection).L
user@imagiris.txtimagirisuser@imagiris.txt.xpiImagiris - High definition image enlargement. Note: Discontinued extension and service - dead imagiris.com domain.L
add-to-local-website-archive@aignes.comAdd to Local Website Archiveadd-to-local-website-archive@aignes.com.xpiAdd to Local Website Archive adds the entry "Add to Local Website Archive" to the Firefox context menu. Calling this menu item adds the currently opened page to Local Website Archive. See also other *@aignes.com extensions. Note: Not listed on Mozilla Add-ons, but signed by Mozilla.L
add-to-local-website-archive-toolbar@aignes.comAdd to Local Website Archiveadd-to-local-website-archive-toolbar@aignes.com.xpiAdd to Local Website Archive adds the button "Add to Local Website Archive" to the Firefox toolbar. Clicking this button adds the currently opened page to Local Website Archive. See also other *@aignes.com extensions. Note: Not listed on Mozilla Add-ons, but signed by Mozilla.L
Humanity@WindowsHumanityHumanity@Windows.xpiHumanity from WinTango Patcher - Theme with Humanity Icons. Additional customizations via Humanity Extras extension. See also other WinTango themes.L

More results in the FF Extensions List...
Active Setup List Results
Active Setup - Installed Component

CLSID Name Filename Description Status
{8FCFFCDD-AFBF-FB7A-1E9C-BFCC8CAAEC7A}(no name)ctfmon.exeInfostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see hereX
{J707HCKD-A7OV-I040-X0FU-Q5F12N3EI702}(no name)ctfmon.exeInfostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Bublik.aigr - also see this ThreatExpert ReportX
{F5776D81-AE53-4935-8E84-B0B284D4BCEF}(no name)ctfmon.exeInfostealer trojan, detected by Sophos as Troj/Insidoor-AX
{EHS168S0-JO23-16C1-IP62-HFGSJUPGJ15R}(no name)ctfmon.exeInfostealer trojan, detected by Microsoft as BackDoor:Win32/Fynloski.A - also see hereX
{003M185M-XA30-WYI2-3PNK-YXN35127018N}(no name)ctfmon.exe Infostealer trojan, see hereX

More results in the Active Setup List...
Powered by SystemLookup Engine. © 2008-2018 BrightFort. All Rights Reserved. | Privacy Policy | Terms of Use