Global Search

Not sure what a file is? Sort through the possibilities with a quick search of all of the lists.
Or get more accurate results by browsing and searching by list.
CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars

CLSID Name Filename Description Status
{7FFBBA7A-4237-40A2-9FF0-E600A34AA000}Microsoft.SupportCenter 0Windows-LEIC.SCenter, Windows-****.SCenterKeylogger, detected by Kaspersky antivirus as Trojan-Downloader.Win32.BHO.dw and by AntiVir as TR/Spy.Agen.35328.BX BHO
{0B56B5C3-3D91-4E1D-A234-EB1068624EDA}Microsoft.WirelessNetworks 0Windows-BETE.wirellesn, Windows-****.wirellesnKeylogger, detected by Kaspersky antivirus as Trojan-Downloader.Win32.BHO.dw and by AntiVir as TR/Spy.Agen.35328.BX BHO
{5574E139-F59C-4bee-9A61-150B0D3A16C7}MSDNS Systemservice.dllMyGeek/Cpvfeed.com adware variant, detected by AntiVir antivirus as ADSPY/BHOApp - logs search engine queries to a %Windir%\search_res.txt file. Also see hereX BHO
{11111111-1111-1111-1111-110211971101}CrossriderApp0029701, service-x86service-x86.dll, service-x86-bho.dllCrossrider cross-browser plugin, often bundled with third party software or foistware - detected as Adware.GamePlayLabs or Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.215Apps, PUP.CrossFire or PUP.CrossRiderX BHO
{30F9B915-B755-4826-820B-08FBA6BD249D}Conduit Engine, Conduit MotorConduitEngin.dll, ConduitEngine.dll, ConduitEngin0.dll, ConduitEngin1.dll, prxConduitEngin.dll, prxConduitEngine.dll, prxConduitEngin0.dll, prxConduitEngin1.dll, prxConduitEngin2.dll, ldrConduitEngine.dll, Local.DLLBrowser plugin bundled with various Conduit "Community Toolbars", also see here and hereO BHO, TB

Startup List Results
Startup Entry

Name Filename Description Status
ctfnnonctfmon.exeIdentified as a variant of the Backdoor.Win32.Turkojan.ake malware. Note: located in \%WINDIR%\ Note: Use SDFix under supervision. Note: Please notethat C:\Windows\System32\ctfmon.exe is legitimate and should not be deleted.X
Windows Live Messenger 8.12ctfmon.exeAdded by a W32/LiPark-A WORM! Note: Located in \%User%\ Note: Do not remove the legitimate program file in \%WINDIR%\%System%\ Note: The worm spread by copying itself into shared folders used by common Peer to Peer (P2P) filesharing applications.X
ctfmonctfmon.exeAdded by the Worm.Win32.AutoRun.ctz Note: Located in \%WINDIR%\ Note: Do not remove the legitimate ctfmon.exe file which is always found in \%WINDIR%\%System%\X
MsWerrctfmon.dllAdded by the W32.Virut.CF VIRUT! Note: Located in \%WINDIR%\%System%\X
Firewallctfmon.exeAdded by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. Not to be confused by the original file in \%WINDIR%\%SYSTEM%\ folder.X

O20 List Results
AppInit_DLLs & Winlogon Notify

Name Filename Description Status
st3C:\WINDOWS\system32\st3.dllTrojanDownloader.Delf.NBHX Winlogon Notify
sunotifyWINDOWS\SYSTEM32\sunotify.dllShadowUser_Pro - Create a virtual copy of your system for private and safe Web surfing.L Winlogon Notify
(no name)Windows\System32\vsmvhk.dll folder in (XP)ShadowUser_Pro - Create a virtual copy of your system for private and safe Web surfing.L AppInit_DLLs
nvmtfga-x32%userappdata%\Local\nvmtfga.dllTroj/HkMain-CTX Winlogon Notify
stifolo%AppData%\Local\stifolo.dllTrojan.DownloaderX Winlogon Notify

O21 List Results
ShellServiceObjectDelayLoad

CLSID Name Filename Description Status
{1DBD6574-D6D0-4782-94C3-69619E719765}(no name)%WINDOWS%\help\B41346EFA848.dllTroj/Lineag-FCX
{BCBCD383-3E06-11D3-91A9-00C04F68105C}AUHookC:\WINDOWS\SYSTEM\AUHOOK.DLLWindows ME Microsoft AutoUpdateL
{********-****-****-****-************}System%SYSDIR%\system32.dllCWS variant (Greatsearch)X
{7849596a-48ea-486e-8937-a2a3009f31a9}PostBootReminder%SystemRoot%\system32\SHELL32.dllMicrosoft WindowsL
{fbeb8a05-beee-4442-804e-409d6c4515e9}CDBurn%SystemRoot%\system32\SHELL32.dllMicrosoft WindowsL
O22 List Results
Shared Task Scheduler

CLSID Name Filename Description Status
{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}(no name)c:\windows\system32\mtwirl32.dllCWSChroniclesX
O23 List Results
Windows Services

Name Filename Description Status
LPTRDC server (LPTRDCsrv)ctfmon.exeIdentified as TrojanDownloader:Win32/Fourta.A Malware Note: located in \%WINDIR%\ Note: Use SDFix under supervision.X
Alternative User Input Services (Ctfmon)ctfmon.exeAdded by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note: NoteThis is not the cftmon.exe normally found in C:\WINDOWS\System32\X
Microsoft CTF Loaderctfmon.exeCTF LoaderL
Windows CTF Loaderctfmon.exeW32/Sdbot-DFSCopies itself to %Windows% directoryX
Panda VPN ServiceHydra.Sdk.Windows.Service.exeRelated to Panda Security Protection. Note: Located in \%Program Files%\Panda Security\Panda Security Protection\L

O16 List Results
ActiveX

CLSID Name Filename Description Status
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}DPFjinstall-142-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. Sun Java update site?
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}DPFjinstall-14-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. http://www.java.com/en/download/installed.jsp?
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Java Plug-in 1.4.2_03jinstall-windows-i586.cabRelated to an old version of Sun Microsystems Java Software. For your Security you are urged to update your version. Sun Java update site?
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in *.*.*_**jinstall-*_*_*_**-windows-i586.cabCould be related to an old version of Sun Microsystems Java Software. For your Security you are urged to check and update your version if required. Verify Java Version?
{8AD9C840-044E-11D1-B3E9-00805F499D93}DPFjinstall-*_*_*_**-windows-i586.cabCould be related to an old version of Sun Microsystems Java Software. For your Security you are urged to check and update your version if required. Verify Java Version?

SEH List Results
ShellExecuteHook

CLSID Name Filename Description Status
{E60A0B68-AF3A-C1D2-CD09-5A81A136D2BA}(no name)%WINDIR%\SYSTEM32\sonj32drv.dllInfostealer trojan, dropper detected by Kaspersky antivirus as Trojan-GameThief.Win32.OnLineGames.aiky - also see hereX
{003319FE-D7A2-456A-AE04-EB9ABF822FE4}(no name)%USER_PROFILE%\Local Settings\Temp\BAK*ow.dllPWS-OnlineGames.bcX
{00274BC4-F915-4741-A6F6-6EF95C5E17AA}(no name)%UserProfile%\Local Settings\Temp\con\zttz.dllPassword stealer trojan of Chinese origin, a variant of Infostealer.GampassX
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}Microsoft AntiMalware ShellExecuteHookWindows Defender\MpShHook.dllWindows DefenderL
{AEB6717E-7E19-11d0-97EE-00C04FD91974}(no name)%SYSDIR%\windows.dll, winforms.dllTSPY_ONLINEG.IOT trojanX

Drivers List Results
Driver Entry

Name Filename Description Status
System Servicectfmon.exeInfostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/PSW.OnLineGames.PSKX
Hp.Skyroom.Windows.ServiceHp.Skyroom.Windows.Service.exeRelated to Hp.Skyroom.Windows.Service.exe HP SkyRoom service from Hewlett-PackardL
Local Print AgentLocal Print Agent.exeRelated to Local Print Agent.exe collect information from local printing devices. from PrintFleet IncL
Windows RemoteHelp DeskWindows RemoteHelp Desk.DLLAdded by the Windows RemoteHelp Desk.DLL Infostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/Korplug.J Note: Located in \%AppData%\X
PayClock_Terminal_Service64Lathem.USBTM.Service.PC600.Service.
exe
Related to the Lathem.USBTM.Service.PC600.Service.exe PayClock from Lathem Time CorporationL

FF Extensions List Results
Firefox Extension

CLSID Name Filename Description Status
service@touchpdf.compdfitservice@touchpdf.com.xpipdfit allows to convert a current page to PNG/JPG image, or PDF format. During the page to image conversion some image filters can be applied (e.g. rotate, reflection).L
user@imagiris.txtimagirisuser@imagiris.txt.xpiImagiris - High definition image enlargement. Note: Discontinued extension and service - dead imagiris.com domain.L
add-to-local-website-archive@aignes.comAdd to Local Website Archiveadd-to-local-website-archive@aignes.com.xpiAdd to Local Website Archive adds the entry "Add to Local Website Archive" to the Firefox context menu. Calling this menu item adds the currently opened page to Local Website Archive. See also other *@aignes.com extensions. Note: Not listed on Mozilla Add-ons, but signed by Mozilla.L
add-to-local-website-archive-toolbar@aignes.comAdd to Local Website Archiveadd-to-local-website-archive-toolbar@aignes.com.xpiAdd to Local Website Archive adds the button "Add to Local Website Archive" to the Firefox toolbar. Clicking this button adds the currently opened page to Local Website Archive. See also other *@aignes.com extensions. Note: Not listed on Mozilla Add-ons, but signed by Mozilla.L
web2pdfextension.17@acrobat.adobe.comweb2pdfextension.17@acrobat
.adobe.com
adobe_acrobat-1.0-windows.xpiRelated to adobe.com web2pdfextension.L

Active Setup List Results
Active Setup - Installed Component

CLSID Name Filename Description Status
{F5776D81-AE53-4935-8E84-B0B284D4BCEF}(no name)ctfmon.exeInfostealer trojan, detected by Sophos as Troj/Insidoor-AX
{F2JHFP24-86P0-X154-RW82-OMT6YC4XYY2F}(no name)ctfmon.exeInfostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Bublik.axrc - also see hereX
{85KJK8K1-LMDS-807S-52CR-S28NBYG0G02D}(no name)ctfmon.exe Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see hereX
{8FCFFCDD-AFBF-FB7A-1E9C-BFCC8CAAEC7A}(no name)ctfmon.exeInfostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see hereX
{C32U1C8X-N134-NJH8-RQMK-BS54STQBTBR4}(no name)ctfmon.exeInfostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see hereX

Powered by SystemLookup Engine. © 2008-2018 BrightFort. All Rights Reserved. | Privacy Policy | Terms of Use