CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{5574E139-F59C-4bee-9A61-150B0D3A16C7} | MSDNS System | service.dll | MyGeek/Cpvfeed.com adware variant, detected by AntiVir antivirus as ADSPY/BHOApp - logs search engine queries to a %Windir%\search_res.txt file. Also see here | X BHO |
{11111111-1111-1111-1111-110211971101} | CrossriderApp0029701, service-x86 | service-x86.dll, service-x86-bho.dll | Crossrider cross-browser plugin, often bundled with third party software or foistware - detected as Adware.GamePlayLabs or Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.215Apps, PUP.CrossFire or PUP.CrossRider | X BHO |
{15DECBF0-3139-4AC3-9232-51E7172B90C0} | mon service e-paiement | mon service e-paiement.dll | Cofidis Electronic payment solution | L BHO |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
Windows_Serivce | SERVICE.exe | Added by the WORM_WOOTBOT.AH WORM! Note: Located in \%WINDIR%\system32\ | X |
servicemng | service.exe | Added by the W32/Tame-C WORM! Note: Located in \%WINDIR%\System32 | X |
systr2 | SERVICE.exe | Added by the W32/VB-DQY WORM! Note: Located in \%WINDIR%\System32 | X |
SYS_CLEAN | Service.exe | Added by the W32.HLLW.Flopcopy WORM! Note: Located in \%WINDIR%\System32 | X |
Win32 USB2.0 Driver | service.exe | Added by the W32/Sdbot-QF WORM! Note: Located in \%WINDIR%\System32 | X |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
{0CBD4F48-3751-475D-BE88-4F271385B672} | Service.exe | Related to protects your PC/laptop real environmentreal environment against malicious activities and unwanted changes from SHADOWDEFENDER.COM Note: Located in \%Program Files%\Shadow Defender\ | L |
Service Configurator (Service_v1) | service.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Note: This trojan is located in \%WINDIR%\Config\ | X |
Sleepy | service.exe | Related to Sashazur LLC A utililty to prevents computer use at night. For schools, libraries, businesses etc. | L |
System Event Service (SystemSet) | service.exe | Detected by Antivir as TR/Delphi.Downloader.Gen | X |
Windows Service Manager (WSCM) | service.exe | Added by the Backdoor.Agent.zb as reported by ewido suite. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) | X |
Drivers List Results
Driver Entry
Driver Entry
Name | Filename | Description | Status |
PayClock_Terminal_Service64 | Lathem.USBTM.Service.PC600.Service. exe | Related to the Lathem.USBTM.Service.PC600.Service.exe PayClock from Lathem Time Corporation | L |
JME Keyboard | Service.exe | Related to the Service.exe jmesoft Keyboad driver from Lenovo. | L |
M4-Service | M4-Service.exe | Related to M4-Service.exe online meeting service from Mikogo | L |
ManageEngine AssetExplorer RemoteControl | Service.exe | Related to Service.exe IT asset management solution that offers maximum visibility and control over the inventory, usage, entitlements, and purchasing data related to your IT assets. from Zoho Corporation Pvt. Ltd. | L |
Varian OSP Service | VMS.OSP.Service.exe | Related to VMS.OSP.Service.exe Varian OSP Service from Varian Medical Systems, Inc. | L |
FF Extensions List Results
Firefox Extension
Firefox Extension
CLSID | Name | Filename | Description | Status |
service@touchpdf.com | pdfit | service@touchpdf.com.xpi | pdfit allows to convert a current page to PNG/JPG image, or PDF format. During the page to image conversion some image filters can be applied (e.g. rotate, reflection). | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{34DE2E86-448C-1043-D278-C658D8DBB0A9} | (no name) | service.exe | Infostealer trojan, detected as Troj/Keylog-JM | X |
{4DA6578A-5EE1-3CA3-3AA1-4E6B1A2C6C1D} | (no name) | service.exe | Infostealer trojan, detected as BackDoor-CDC | X |
{X8ODC5C0-4FCB-11CF-AAX5-81CX1C635612} | (no name) | service.exe | Infostealer trojan, detected as W32/AutoRun-ABM Win32 - also see here | X |
{AAECD99A-AAA4-CD63-DDDF-5CF8BAD8D2F2} | (no name) | service.exe | Infostealer trojan, see here | X |
{061AF0F9-6007-B9B4-96FB-128B2A87067B} | (no name) | service.exe | Infostealer trojan, detected as Backdoor:Win32/Bifrose.ACI | X |