CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {00000273-8230-4DD4-BE4F-6889D1E74167} | (no name) | host.dll | BetterInternet adware variant, also detected as Adware-StopPop | X BHO |
| {11111111-1111-1111-1111-110211971101} | CrossriderApp0029701, service-x86 | service-x86.dll, service-x86-bho.dll | Crossrider cross-browser plugin, often bundled with third party software or foistware - detected as Adware.GamePlayLabs or Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.215Apps, PUP.CrossFire or PUP.CrossRider | X BHO |
| {5574E139-F59C-4bee-9A61-150B0D3A16C7} | MSDNS System | service.dll | MyGeek/Cpvfeed.com adware variant, detected by AntiVir antivirus as ADSPY/BHOApp - logs search engine queries to a %Windir%\search_res.txt file. Also see here | X BHO |
| {15DECBF0-3139-4AC3-9232-51E7172B90C0} | mon service e-paiement | mon service e-paiement.dll | Cofidis Electronic payment solution | L BHO |
| {ae07101b-46d4-4a98-af68-0333ea26e113} | SafeFinder Smartbar | mscoree.dll ( MS file!) [codebase: %APPDATA%\SmartBar\Application\Smar tbarInternetExplorerBHO.dll] | SafeFinder Smartbar - a browser hijacker - installer detected by ESET's Nod32 antivirus as MSIL/Toolbar.Linkury | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| Windows host service | Windows host service.exe | Added by the Windows host service Tojan Miner or BitCoin Miner. Note: Located in \%AppData%\Roaming\scwcknzrjf\ | X |
| Application Launcher | Application Launcher.exe | Application launcher from the Sony Ericsson PC Suite for their mobile phones. Note: Located in \%Program Files%\Sony Ericsson\Mobile2\Application Launcher\ | U |
| Sony Ericsson PC Suite | Application Launcher.exe | Related to the Application_Launcher from the Sony Ericsson PC Suite. Note: Located in \%Program Files%\Sony Ericsson\Mobile2\Application Launcher\ | U |
| Mobile Connectivity Suite | Application Launcher.exe | Related to HTC's mobile phone application. Note: Located in %ProgramFiles%\HTC\HTC Sync\Application Launcher | U |
| winlogon.exe | helper.exe | Added by the FAKESPY-A TROJAN! | X |
O20 List Results
AppInit_DLLs & Winlogon Notify
AppInit_DLLs & Winlogon Notify
| Name | Filename | Description | Status |
| glowext | %USERPROFILE%\Local Settings\Application Data\glowext.dll | Glowroni trojan | X Winlogon Notify |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| CmostHostService2 | cmost.host.service.exe | Related to Computer Modelling Group CMG develops market-leading reservoir simulation software. Note: Located in \%Program Files%\CMG\CMOSTHostService\ | L |
| PatientBaseSyncService | Starkey.PatientBase.Sync.Service.Ho st.exe | Related to Patient Base Sync from Starkey Hearing Technologies Note: Located in \%Program Files%\Starkey Laboratories\Inspire OS\PatientBaseSync\ | L |
| NinjaVideo Helper (NinjaVideo Helper.exe) | NinjaVideo Helper.exe | Related to NinjaVideo_Helper is required in order to view videos on NinjaVideo.net. Note: Located in \%Program Files%\NinjaVideo\NinjaVideo Helper\ | L |
| GhosteryMidnightHelper | Ghostery Midnight Helper.exe | Related to Ghostery Ghostery Midnight intercepts and blocks trackers to protect your entire device putting control of your data back in your hands. Note: Located in \%Program Files%\Ghostery Midnight\Resources\ | L |
| host (host) | host.exe | Added by the Troj/GrayBrd-AR TROJAN! Note: This trojan file is found in the Windows or Winnt folder. | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| Off-Helper | Off-Helper Service.exe | Related to Off-Helper Service.exe Turn things/programs off remotely in just a few minute. from Hobbyist Software | L |
| ActService | Act.Server.Host.exe | Related to Act.Server.Host.exe Act.Server.Host from Microsoft | L |
| PayClock_Terminal_Service64 | Lathem.USBTM.Service.PC600.Service. exe | Related to the Lathem.USBTM.Service.PC600.Service.exe PayClock from Lathem Time Corporation | L |
| XAMPP | service.exe | Related to XAMPP Apache Distribution for Linux Service. | L |
| ManageEngine AssetExplorer RemoteControl | Service.exe | Related to Service.exe IT asset management solution that offers maximum visibility and control over the inventory, usage, entitlements, and purchasing data related to your IT assets. from Zoho Corporation Pvt. Ltd. | L |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| service@touchpdf.com | pdfit | service@touchpdf.com.xpi | pdfit allows to convert a current page to PNG/JPG image, or PDF format. During the page to image conversion some image filters can be applied (e.g. rotate, reflection). | L |
| checkhost@check-host.net | Check-Host | checkhost@check-host.net.xpi | Check-Host is an extension for checking availability of hosts, DNS records, IP addresses from different locations. All check are performed with http://check-host.net/. | L |
| helper@savefrom.net | SaveFrom.net helper | helper@savefrom.net.xpi | SaveFrom.net helper will enable you to download files from YouTube.com, FaceBook.com, Vimeo.com, Daylimotion.com, VK.com, Odnoklassnoki.ru, Soundcloud.com and more than 40 other just in one click. See also Video Downloader Pro from the same family. Note: Adware/spyware functionality - see here, here, here, here. Detected by Malwarebytes Anti-Malware as "PUP.Optional.SaveFrom". | X |
| @strava-helper | Strava Helper | @strava-helper.xpi | Strava Helper provides some tweaks for Strava. Adds a "Give Kudos to All" button, removes clutter and provides UI tweaks. | L |
| @currency-helper | CURRENCY HELPER - fast conversion of currencies, CURRENCY HELPER - one decision for many currencies | @currency-helper.xpi | CURRENCY HELPER - fast conversion of currencies simplifies the work with different currencies. The extension provides handy conversion of currencies on web pages. Currency calculator helps you to make mathematical calculations in different currencies. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {34DE2E86-448C-1043-D278-C658D8DBB0A9} | (no name) | service.exe | Infostealer trojan, detected as Troj/Keylog-JM | X |
| {142N17QN-7242-4Y16-VL87-163VOW2S617J} | (no name) | service.exe | Infostealer trojan, dropper detected by Kaspersky antivirus as Trojan-Spy.Win32.KeyLogger.qzp | X |
| {5RVVQ68W-5N7O-QS88-26L7-D246360F6U7P} | (no name) | Service.exe | Infostealer trojan, dropper detected by Kaspersky antivirus as Backdoor.Win32.Androm.anvo - also see here | X |
| {P1BNAT87-4W87-810E-TNM3-18286C5HV2H4} | (no name) | service.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |
| {D81A9E1D-8244-4313-A73F-3C6C39A18D01} | (no name) | Service.exe | Infostealer trojan, detected by Kaspersky as Backdoor.Win32.Poison.flcu - also see here | X |