CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {D940F380-49C7-4A05-9E33-53930AF5768F} | IstartHere Toolbar | setup.dll | IStart aka IStartHere toolbar | X TB, SH |
| {8D91EEF6-070C-4a47-B186-86F882463A53} | XBTB06823 | setup.dll | IStart aka IStartHere toolbar | X BHO |
| {2E65A557-173C-4DE9-860B-28FC5CACA542} | Setup.Setup1 | Setup.dll | FastFind/Pribi adware variant | X BHO |
| {3E8C8EA5-9581-4527-968D-CFA7E6731E48} | setup | setup.dll | Unidentified browser plugin - should you have any information about this application, such as its exact purpose and whether you did or did not install it wittingly, do email us - if you actually have a copy of the file, please attach it to your email for analysis. Thanks! | ? BHO |
| {36DBC179-A19F-48F2-B16A-6A3E19B42A87} | (no name) | systeminfo.dll, rundll32.dll, esentutl.dll, tskill.dll, odbcad32.dll, winver.dll, rasdial.dll, setup.dll, spoolsv.dll, finger.dll, charmap.dll, runonce.dll, scardsvr.dll, winspool.dll, any filename taken at random from the System or System32 folder | Password stealer trojan, detected by Symantec as Infostealer.Bzup.B | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| MM Install | setup.exe | Note: Possibly Money Manager from Moneysoft? | ? |
| Autodesk Revit 2019 | Setup.exe | Related to Autodesk RevitĀ® building design software features support consistent, coordinated, and complete modeling for multidiscipline design that extends to detailing and construction. Note: Located in \%Root%\Autodesk\Revit_2019_G1_Win_64bit_Trial_wi_en-US\ | U |
| MCAFEEIPS | setup.exe | Identified by Trend as TROJ_SCAR.AGQX Note: Located in %temp% | X |
| MCAFEEIPS | setup.exe | Added by the Trojan.Whitewell TROJAN! that opens a back door on the compromised computer. Note: Located in \%UserProfile%\local settings\temp\ | X |
| zzzhpsetup | setup.exe | Note: ?? | ? |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| DLANX | setup.exe | Added by the TROJ_CORELINK.D TROJAN! Note: Located in \%ROOT%\ | X |
O16 List Results
ActiveX
ActiveX
| CLSID | Name | Filename | Description | Status |
| {36EC1E98-9526-4BA2-935A-27C561F24877} | (no name) | setup.cab | Related to online games | U |
| {BA61B6AE-9EDE-42EE-92C6-C938DEBCAFF3} | (no name) | setup.cab | Related to online games | U |
| {D97287B6-4018-4060-948D-54D2122FC5C3} | FastFind | setup.exe | Adware - more here | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| CloudAvUpdater | setup.exe | Related to setup.exe Cloud Antivirus from Panda | L |
| AMService | setup.exe | Identified as a FakeAlert (Worm.Koobface) | X |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| infonotary-mozilla-setup@infonotary.com | InfoNotary Configurator | infonotary-mozilla-setup@infonotary.com.xpi | InfoNotary Configurator configures Mozilla for work with certificates issued by InfoNotary Plc. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {77BCK2V0-3HKJ-89VV-XAF2-88KL5R921215} | (no name) | setup.exe | Infostealer trojan, detected as Worm:Win32/Autorun.WM or TR/Autorun.40960 | X |
| {3CE7H8H8-S1U6-32R8-6717-U386XCYYYGE6} | (no name) | setup.exe | Infostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Llac.azso, see here | X |
| {LX37OEG4-RI4M-M1N3-5C72-PFV77476H830} | (no name) | setup.exe | Infostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Sasfis.bpjj - see here | X |
| {DE7F89EE-EFDB-8FC1-D13C-2391CED1B961} | (no name) | setup.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see here | X |
| {SBS737N8-4HU8-W0TY-E173-1G6V2W4300A2} | (no name) | setup.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |