CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{11111111-1111-1111-1111-110311581152} | CrossriderApp0035852, Coupon Server | Coupon Server-bho.dll, Coupon Server-bho64.dll | Crossrider cross-browser plugin, often bundled with third party software or part of an adware bundle - detected as Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.215Apps, PUP.CrossFire or PUP.CrossRider | X BHO |
{CDC3EC12-946E-49CF-BD94-C0EC4EEEF10C} | ys-search-server | ys-search-server.dll | Unidentified browser plugin - should you have any information about this application, such as its homepage or the site where it was downloaded or installed, its exact purpose and whether you did or did not install it wittingly, do email us - if you actually have a copy of the file, please attach it to your email for analysis. Thanks! | ? BHO |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
easyServ | Server.exe | Added by the EASYSERV VIRUS! | X |
USB Server | USB Server.exe | Related to Winstars Technology Ltd Networking USB 2.0 Server. Note: Located in \%Program Files%\USB Server 2\ | U |
TotalMedia Server | TM Server.exe | Related to ArcSoft, Inc. All-in-one media player for videos, Blu-ray, DVDs, and AVCHD. Note: Located in \%Program Files%\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\ | U |
Spy-Net | server.scr | Added by the Backdoor.Trojan TROJAN! Note: Located in \%WINDIR%\%System%\Spy-Net\ | X |
sysdriver | server.exe | Identified by Kaspersky as Backdoor.Win32.VB.bqu. Information at Threat Expert Note: Located in %windir%\system32 Note: This entry is loaded through one of the "Policies" startup keys. | X |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
Black Hole2005 Professional Version (Black Hole2005 Professional) | server.exe | Added by the Troj/Singu-W TROJAN! Note: Located in \%WINDIR%\ | X |
CesarFTP FTP Server (CesarFTP) | server.exe | Related to CesarFTP from ACLogic. FTP server. Note: Located in \%Program Files%\CesarFTP\ | L |
Pigeon_Server (PigeonServer) | Server.exe | Added by the Backdoor.Graybird.R TROJAN! Note: Located in \%WINDIR%\ | X |
Server 2.0 (Server 2.0) | Server.exe | Added by the Troj/GrayBrd-AN TROJAN! Note: Located in \%WINDIR%\ | X |
VMWare Authorization Servicec (GrayPigeonServer) | Server.exe | Added by the Backdoor.Graybird.O TROJAN! Note: Located in \%Program Files%\Server\ | X |
Drivers List Results
Driver Entry
Driver Entry
Name | Filename | Description | Status |
GsServer | Gs-Server.exe | Related to Gs-Server.exe GoodSync will automatically backup and synchronize all your important file from Siber Systems Inc. | L |
Microsoft Devicger | Server.dll | Added by the Server.dll Backdoor.Win32.FirstInj.hci [Kaspersky Lab] | X |
GJService | Server.exe | Related to Server.exe Game Jackal from SlySoft | L |
Teleflora.TFO.POS.Server.Ap p.POSWinService | Teleflora.TFO.POS.Server.App.exe | Related to Teleflora.TFO.POS.Server.App.exe Teleflora's floral point-of-sale system from Teleflora | L |
ActService | Act.Server.Host.exe | Related to Act.Server.Host.exe Act.Server.Host from Microsoft | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{GK18528P-NIEG-C000-LI3J-76D8R7EB4VNR} | (no name) | Server.exe | Infostealer trojan, see this ThreatExpert Report | X |
{2Y7A82MK-6ACM-MVUH-717M-5NC7SH1J1272} | (no name) | Server.exe | Infostealer trojan, detected by Kaspersky antivirus as Worm.Win32.VBNA.b - also see here | X |
{V2HIV47O-EO52-SPY5-2GK5-23IY4H4XC7GW} | (no name) | server.exe | Infostealer trojan, detected by Sophos antivirus as Troj/RebhipCn-A - also see this ThreatExpert Report | X |
{BV0N8L14-CTJ2-TR12-12AT-MLK0DE722435} | (no name) | Server.exe | Infostealer trojan, detected by Symantec as W32.Spyrat - also see this ThreatExpert Report | X |
{U373RLUC-1J6Q-2675-Y7B5-1438V8HNWJX4} | (no name) | server.exe | Infostealer trojan, detected by Kaspersky antivirus as Trojan.MSIL.BitMiner.bp - also see this ThreatExpert Report | X |