CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{32099AAC-C132-4136-9E9A-4E364A424E17} | DAEMON Tools Toolbar | DTToolbar.dll, DTToolbar64.dll | Adware toolbar bundled with Daemon Tools software - also see here | X TB |
{3EFC4B83-F070-11D2-9CA3-0080C7C48CC1} | Daemon Class | IEHelper.dll | Infotizer, a software program used for advertising and storing of demographic data, see here | O BHO |
{0c391282-d066-45ec-92ab-a28c6d5bb611} | FB Tools Toolbar | tbFB_T.dll, tbFB_0.dll, tbFB_1.dll | FB Tools Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. | O BHO, TB, SH |
{2e7292e7-3386-49d9-9fcd-3f2ecce9883a} | nlc tools Toolbar | tbnlc_.dll, tbnlc0.dll, tbnlc1.dll, tbnlc2.dll | nlc tools Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. | O BHO, TB, SH |
{33a159b0-5d44-40b2-8b21-dc978d5786e0} | FB Tools Toolbar | tbFB_T.dll, tbFB_0.dll, tbFB_1.dll | FB Tools Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. | O BHO, TB, SH |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
DAEMON Tools | daemon.exe | Related to Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive. Note: Located in \%Program Files%\DAEMON Tools\ | U |
Daemon Tools | windaemon.exe | Identified by Trend as WORM_AGENT.AESF Note: Located in \%WINDIR%\system32\ | X |
DAEMON Tools Pro Agent | DTProAgent.exe | Related to DAEMON_Tools_Pro CD & DVD emulation software which allows users to make CD/DVD disc images, create a virtual CD / DVD drives and play CDs & DVDs without the need for the physical disc. Note: Located in \%Program Files%\DAEMON Tools Pro\ | U |
DAEMON Tools Lite | daemon.exe | Related to Daemon Tools Lite - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive. Note: Located in \%Program Files%\DAEMON Tools Lite\ | U |
DAEMON Tools-1033 | Daemon.exe | Related to Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive. Note: Located in \%Program Files%\D-Tools\ | U |
O9 List Results
Internet Explorer Buttons
Internet Explorer Buttons
CLSID | Name | Filename | Description | Status |
{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} | 'Tools' menuitem: IExplorer Security | redirect.php | Added by the VirusTrigger rogue anti-spyware program. | X |
{0b83c99c-1efa-4259-858f-bcb33e007a5b} | AIM Toolbar | aimtb.dll | Related to AIM Toolbar AOL Service. Note: Located in \%Program Files%\AIM Toolbar\ | L |
{4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to AOL | L | |
{4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to the AOL Toolbar. | L | |
{3369AF0D-62E9-4bda-8103-B4C75499B578} | AOL Toolbar | aoltb.dll | Added by version 2.0 of AOL_Toolbar | L |
O22 List Results
Shared Task Scheduler
Shared Task Scheduler
CLSID | Name | Filename | Description | Status |
{8C7461EF-2B13-11d2-BE35-3078302C2030} | Component Categories cache daemon | %SYSDIR%\browseui.dll | Microsoft® Windows® Operating System Shell Browser UI Library | L |
{553858A7-4922-4e7e-B1C1-97140C1C16EF} | IE Component Categories cache daemon | ieframe.dll | IE7 component | L |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
AVG Security Toolbar Service | ToolbarBroker.exe | Related to AVG Security Toolbar, here here Note: Located in \%Program Files%\AVG\AVG9\Toolbar\ | O |
WebSeach Toolbar support NT service | TBPSSvc.exe | Related to the Neo/Huntbar Toolbar | X |
eWoss Toolbar Updater (eWossUpdaterService) | eWossToolbarUpdaterService.exe | Related to eWoss Updater for the news related toolbar. Note: Located in \%Program Files%\eWoss Toolbar\ | L |
Updater Service for Feather Mail Toolbar | ToolbarUpdaterService.exe | Added by the Feather Mail Win32/Toolbar.Zugo Note: Located in \%Program Files%\Feather Mail Toolbar\ | X |
AVG Tools | avgToolsSvc.exe | Related to AVG Techn Antivirus. Note: Located in \%Program Files%\AVG\Antivirus\ | L |
O16 List Results
ActiveX
ActiveX
SEH List Results
ShellExecuteHook
ShellExecuteHook
CLSID | Name | Filename | Description | Status |
{09F8A0EB-ED61-4714-B0AD-7EAFF5361A8B} | Microsoft Data Tools Query Designe | %SYSDIR%\zhjtrx.dll | Trojan-PSW.Win32.OnLineGames.mmq | X |
Drivers List Results
Driver Entry
Driver Entry
Name | Filename | Description | Status |
Varian Syslog Daemon | Syslogd_Service.exe | Related to Syslogd_Service.exe Medical system. from Varian Medical Systems, Inc | L |
FlvTube Toolbar Helper | FLVTubeSvc.exe | Related to FLVTubeSvc.exe AdWare.Win32.Zwangi.cea ADWARE! | X |
Mp3Rocket Toolbar Helper | Mp3RocketSvc.exe | Added by the Trojan-Downloader.Win32.Adload.tsi TROJAN | X |
Toolbar Updater Service | ToolbarUpdaterService.exe | Added by the ToolbarUpdaterService.exe Zugo adware toolbar variant, connects to installmonetizer.com | X |
Mp3Tube Toolbar Service | Mp3TubeSvc.exe | Related to Mp3TubeSvc.exe Toolbar Helper Service from Mp3Tube | L |
FF Extensions List Results
Firefox Extension
Firefox Extension
CLSID | Name | Filename | Description | Status |
DTToolbar@toolbarnet.com | DAEMON Tools Toolbar | Adware toolbar bundled with Daemon Tools software - also see here | X | |
toolbar@ask.com | Ask Toolbar, Alawar Ask Toolbar, Auslogics Toolbar, CrowdStar Gamebar, Foxit Toolbar, KMPlayer Toolbar, MAGIX Toolbar, Nero Toolbar, PandoraTV Toolbar, Social Point Toolbar, Support.com Toolbar, VDownloader Toolbar, ZiggyTV Toolbar, etc. | Ask.com toolbars bundled with many third party applications - focused on setting the browser's search engine to ask.com. A detailed Ask/IAC Toolbars analysis is available here. See also here. Note: The ID is an older format shared among various programs. Newer APN (Ask Partner Network) toolbars use a different schema uniquely identifying items: toolbar_PartnerID@apn.ask.com. Note: Some security vendors released Ask based toolbars. | X | |
devtoolsmenu@AccessFirefox.org | Developer Tools - toolbar button | devtoolsmenu@AccessFirefox.org.xpi | Developer Tools - toolbar button provides a simple toolbar button (can be placed on any toolbar), with a drop down menu giving you quicker access to the native Firefox Web Developer tools. Note: Firefox 29 and above: a native Developer tools button is included by default. Note: Legacy Add-on removed from Firefox Add-ons. More information here. | L |
{cf15270e-cf08-4def-b4ea-6a5ac23f3bca} | eShield, FindWide Toolbar, TNT2-[Version] Toolbar, Yahoo Toolbar | {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi | Browser hijacker related to Cliff Bar by FindWide ("TNT2") - detected as PUA:Win32/Findwide (Microsoft), PUA.FindWide (Symantec), Win32/Toolbar.TNT2 (ESET). Note: Legit JSView add-on uses the same ID. [Version] indicates various numeric strings, eg.: TNT2-11467. | X |
avg@toolbar | AVG Web TuneUp, AVG SafeGuard toolbar, AVG Security Toolbar, AVG Nation toolbar | avg@toolbar.xpi | AVG Web TuneUp (formerly AVG Secure Search or AVG Nation) provides Site Safety ratings, Do Not Track functionality and Browser Cleaner. Depending on the variant, different branding and search engine provider: mysearch.avg.com (Yahoo), avg.nation.com (Infospace), or isearch.avg.com (Google). Bundled with AVG programs and other third party software or installed on demand from the official websites. Note: Considered as PUP (Potentially Unwanted Program) due to unfair distribution methods, browser hijacking and Infospace relationship. See here, here, here. Note: Older versions: [AVG toolbar edition] in the path indicates the same names as display names and [x.x.x.x] indicates versions: 18.0.0.248, 3.1.0.8, etc. Note: Older versions: Windows Registry (machine-level) extension installed outside of the Firefox profile - no Remove button in the Add-ons Manager. Official instructions here and here. | O |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{94B8EB3A-B495-4285-8A0C-A02CA35EBF6A} | IE Toolbar | svsnjleie4.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
{A9865CC7-A5AA-46C6-A8A1-F6FE04C47D8D} | IE Toolbar | xcefuq1.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
{D71CCD9D-3AE6-46CA-B3F5-161BCF51A184} | Browser Toolbar Helper | ysdzac23.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |