CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {51dd3535-abea-484a-b1cf-06ab7b092c0c} | Babylon Toolbar by Visicom | babylon01X.dll | Babylon Toolbar by Visicom, bundled with various third party software - remove unless you wittingly installed it and/or intend it to be there. | O BHO, TB |
| {60D7BB10-6C94-4004-8AA6-A0420B58D867} | DVA Media | temlxopqblp.dll | Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec aka NewMediaCodec malware family | X BHO |
| {82B8E0B5-45F5-4779-966A-C474164F8F7F} | DVA Media | temlxopqgdk.dll | Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec aka NewMediaCodec malware family | X BHO |
| {90B286E7-377B-4C7C-8859-9D961E8DD433} | DVA Media | svpekgonwvx.dll | Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec aka NewMediaCodec malware family | X BHO |
| {88425A92-EB25-4ABA-A863-3380D2C570B7} | DVA Media | svpekgonwdn.dll | Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec aka NewMediaCodec malware family | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| Go My Media | Go-My-Media.exe | Added by the Go My Media Browser hijacker. Note: Located in \%Program Files%\SecuredNet\ | X |
| TV Media | Tvm.exe | CleverIEHooker hijacker variant | X |
| Microsofts media | wingtp.exe | Added by the W32/RBOT-VO WORM! | X |
| Media Server | msdts.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. | X |
| Media service | msnmsgxr.exe | WORM_SDBOT.TF | X |
O20 List Results
AppInit_DLLs & Winlogon Notify
AppInit_DLLs & Winlogon Notify
| Name | Filename | Description | Status |
| Extensions, H323TSP, Hints, Installer, Internet Settings, IPConfTSP, Media Center, MediaContentIndex, ModuleUsage | random named dll in the System32 folder | Variant of Adware.Look2Me | X Winlogon Notify |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| VAIO Media plus Digital Media Server (SOHDms) | SOHDms.exe | Related to Sony Corporation VAIO Media plus Digital Media Server. Note: Located in \%Program Files%\Sony\VAIO Media plus\ | L |
| PS3 Media Server | wrapper.exe | Related to Playstation 3 Media Server from Digital Trends. Note: Located in \%Program Files%\PS3 Media Server\win32\service\ Note: No longer in service | L |
| Microsoft Media | rtsecas.exe | W32/Rbot-KPH Note: Read the link, allows remote access | X |
| Microsoft Media | Rtsecar.exe | W32/Vanebot-AX Note: Read the link, allows remote access | X |
| Universal Media Server | wrapper.exe | Related to Tanuki Software, Java Service Wrapper. Note: Located in \%Program Files%\... | L |
O16 List Results
ActiveX
ActiveX
SEH List Results
ShellExecuteHook
ShellExecuteHook
| CLSID | Name | Filename | Description | Status |
| {367BDF4B-04E5-46C9-9D83-D68307F659E3} | NSIS Media Extension | wmdmb32.dll, ns**.dll (** two random numbers) | NSIS Media adware | X |
| {D0ABAB9C-4F67-46C8-8061-11489EDE03DF} | NSIS Media Extension | ns**.dll (** two random numbers) | NSIS Media adware | X |
| {DDBB6F2B-E2B7-4645-81AF-ECD28FA4E87D} | NSIS Media Extension | ns**.dll (** two random numbers) | NSIS Media adware | X |
| {955F7C01-3417-4F1E-8C31-5A2EF48897CB} | NSIS Media Extension | ns**.dll (** two random numbers) | NSIS Media adware | X |
| {097F10A7-487F-4457-AB1F-827C59479A72} | NSIS Media Extension | ns**.dll (** two random numbers) | NSIS Media adware | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| Windows Media Help | wnhelp.exe | Added by the wnhelp.exe Trojan-Banker.Win32.Agent.fyn | X |
| DiXiM Media Server | dmsf.exe | Related to dmsf.exe DiXiM Media Server from DigiOn | L |
| Anon Mobile Media Reminder Service | MobileMediaReminderService.exe | Related to the MobileMediaReminderService.exe Mobile Media Reminder Service from Accenture | L |
| CyberLink PowerDVD 13 Media Server Service | CLMSServerPDVD13.exe | Related to the CLMSServerPDVD13.ex CyberLink PowerDVD 13 Media Server Monitor from CyberLink Corp. | L |
| CyberLink PowerDVD 12 Media Server Monitor Service | CLMSMonitorServicePDVD12.exe | Related to CLMSMonitorServicePDVD12.exe CyberLink Media Server Monitor Service from CyberLink | L |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| jid0-24BIZo5c9uA4Q8HWFUDjHB0pzHA@jetpack | Visicom Search | jid0-24BIZo5c9uA4Q8HWFUDjHB0pzHA@jetpack .xpi | Visicom Search allows you to search the selected text on maps.visicom.ua site. Note: Ukrainian Visicom providing digital maps is different than Visicom Media Inc. associated with adware/PUP distribution. | L |
| aboutmedia@gavinsharp.com | about:media | aboutmedia@gavinsharp.com.xpi | about:media adds an about:media page that provides debugging information about media elements in Firefox. This is a fork of about:media by Chris Double and about:media by Gavin Sharp. All versions share the same ID. | L |
| ext@MediaViewV1alphaX.net | Media View | Media View - a variant of "BetterSurf" adware. Displays advertisements through various ways like banners or contextual ads with the note "Ads by Media View". Detected by Malwarebytes Anti-Malware as "PUP.Optional.MediaView.A". See also here. Note: The "X" in the ID and the folder name indicates random number: MediaViewV1alpha3570, MediaViewV1alpha8383 etc. Note: Installed outside of Firefox profile as Windows Registry (machine-level) extension - the Remove button is unavailable. | X | |
| {1D355335-BE86-4418-AC98-2436CC3D6D74} | Media Saver | Browser hijacker from the Neobar family. | X | |
| jid1-4GP7z3tkUd3Tzg@jetpack | Media Keys | jid1-4GP7z3tkUd3Tzg@jetpack.xpi | Media Keys lets you control various media sites using the media keys on your keyboard without having the Firefox window active. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {6b555f46-41db-4c72-ab0d-e53052dcaffb} | Media Watch, MediaWatchV1home997 | MediaWatchV1home997.dll | Parasite, a variant of Adware:Win32/BetterSurf, shows popups and advertisements - detected by Malwarebytes Anti-Malware as PUP.Optional.MediaWatch.A | X |
| {6BF52A52-394A-11d3-B153-00C04F79FAA6} | Microsoft Windows Media Player | unregmp2.exe [command line:] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStu b", | Microsoft Windows Media Player | L |
| {22D6F312-B0F6-11D0-94AB-0080C74C7E95} | Microsoft Windows Media Player | unregmp2.exe | Microsoft Windows Media Player | L |
| {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} | Microsoft NetShow Player, NSPlay, Microsoft Windows Media Player | wmpdxm.dll, Msdxm.ocx | Microsoft NetShow or Windows Media Player | L |