CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {00cbb66b-1d3b-46d3-9577-323a336acb50} | script helper for ie, Browser Companion Helper, Chatvibes Browser Helper, Ginyas Browser Companion | jsloader.dll | Blabbers "Browser Companion" - search hijacker, often bundled with various third party software or foistware - detected by Malwarebytes Anti-Malware as "PUP.Blabbers" - also see here | X BHO |
| {963b125b-8b21-49a2-a3a8-e37092276531} | Browser Companion Helper Verifier, ytg timer, Chatvibes Browser Helper Verifier, Ginyas Browser Companion, Update Timer | updatebhoWin32.dll | Blabbers "Browser Companion" - search hijacker, often bundled with various third party software or foistware - detected by Malwarebytes Anti-Malware as "PUP.Blabbers" - also see here and here | X BHO |
| {2d8c4843-765f-4827-bafa-8c318284e4d8} | Ginyas Browser Companion | jsloader.dll | Blabbers "Browser Companion" - search hijacker, often bundled with various third party software or foistware - detected by Malwarebytes Anti-Malware as "PUP.Blabbers" - also see here | X BHO |
| {F9765480-72D1-11D4-A75A-004F49045A87} | eXact Browser Companion | eXactToolbar.dll, Exacttoolbar*****.dll, (* = random digit) | ExactSearchbar adware | X BHO |
| {50156A94-1E74-4817-B309-008C49294A9A} | Gomper Companion Helper | GomperCompanionIEHelper.dll | Unidentified browser plugin hailing from Gomper.com - should you have any information about this application, such as the site where it was downloaded or installed, its exact purpose and whether you did or did not install it wittingly, do email us - if you actually have a copy of the file, please attach it to your email for analysis. Thanks! | ? BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| Browser companion helper | BCHelper.exe | Identified as Blabbers "Browser Companion" - search hijacker, often bundled with various third party software or foistware Note: Located in %ProgramFiles%\BrowserCompanion | X |
| Browser Infrastructure Helper | SnapDo.exe, Linkury.exe, QuickShare.exe | Related to SnapDo.exe Parasite of Korean origin hailing from smartbar.co.kr, comes bundled with this adware BHO. Note: Located in \%AppData%\Local\Smartbar\Application\ | X |
| AOL Companion | companion.exe | Related to the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use. Note: Located in \%Program Files%\AOL Companion\ | N |
| Web Companion | WebCompanion.exe | Related to Lavasoft Limited Web Companion. Note: Located in \%Program Files%\Lavasoft\Web Companion\Application\ | U |
| Mobipocket Web Companion | webcomp.exe | Related to Mobipocket Reader to create readable documents from RSS or eNews feeds on the web. Note: Located in \%Program Files%\Common Files\Mobipocket Shared\ | U |
O9 List Results
Internet Explorer Buttons
Internet Explorer Buttons
| CLSID | Name | Filename | Description | Status |
| {********-****-****-****-************} | Microsoft AntiSpyware helper | wldr.dll | TrojanDownloader.Win32.Agent.kf | X |
| {44EFB53C-C965-43CF-9F45-52242D134187} | CUseeMe Conferencing Companion | Part of CUSeeMe webcam | L | |
| {0000036B-C524-4050-81A0-243669A86B9F} | @C:\Program Files (x86)\Windows Live\Companion\companionlan g.dll,-600 | companioncore.dll | Related to Windows Live Note: Located in \%Program Files%\Windows Live\Companion\ | L |
| {07B7F771-1B8E-4B7B-823E-FFAC1732AA9F} | Browser Pal Toolbar | Added by BrowserPal_Adware Note: BrowserPal is an Internet Explorer toolbar that may redirect your browser search requests to its controlling server, and may also generate pop-up advertisements. BrowserPal may also provide automatic updates, which may include downloading third-party software. A variant of BrowserPal is BrowserAid. | X | |
| {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} | Browser Spy Inspector | Added by BrowserSpy_Spyware Note: File found in C:\Program Files\ChironexSoftware\BrowserSpy. | X |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| Computer Browser (Browser) | browser.dll | Part of Windows Vista Note: Located in C:\%WINDIR%\System32 | L |
| Computer Browser (Browser) | ProtectService.exe | Added by common infection spread via FaceBook and MySpace. Note: Forum Helpers should read miekiemoes' Blog before removing this service. Removal instructions miekiemoes' Blog Note: Located in \%Program Files%\ProtectService\ | X |
| Retrospect Express HD Restore Helper (RetroExp Helper) | rthlpsvc.exe | Related to EMC corp. (Previously Dantz Development) Software. Note: Located in \%Program Files%\Dantz\Retrospect\ Note: A Division of DELL/emc | L |
| Retrospect Express HD Helper (RetroExp Helper) | rthlpsvc.exe | Related to EMC corp. (Previously Dantz Development) Software. Note: Located in \%Program Files%\Retrospect\Retrospect Express HD 2.5\ Note: A Division of DELL/emc | L |
| Browser | svchost.exe -k Browser | Added by the Fuwudoor TROJAN! | X |
O16 List Results
ActiveX
ActiveX
SEH List Results
ShellExecuteHook
ShellExecuteHook
| CLSID | Name | Filename | Description | Status |
| {4F07DA45-8170-4859-9B5F-037EF2970034} | OA Shell Helper | %Program Files%\Tall Emu\Online Armor\oaevent.dll | Online Armor | L |
| {E37CB5F0-51F5-4395-A808-5FA49E399003} | G-Buster Browser Defense CEF [GbPluginObj Class] | %CommonAppData%\GbPlugin\gbiehCef.d ll | "G-Buster_Browser_Defense" - Brazilian e-commerce and e-banking transaction protection software | L |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| Browser Manager | browsemngr.exe, brwmngr.exe, mngr.exe, browsermngr.exe | Installs the BabylonToolbar without your consent. | X |
| MyWebFace_5a Browser Plugin Loader | 5abrmon.exe | Added by the 5abrmon.exe Adware.MyWebSearch-18 | X |
| Off-Helper | Off-Helper Service.exe | Related to Off-Helper Service.exe Turn things/programs off remotely in just a few minute. from Hobbyist Software | L |
| Roozz Helper | RoozzHelper.exe | Related to RoozzHelper.exe RoozzHelper from Roozz.com | L |
| Process Helper | Lab10-03.sys | Added by the Lab10-03.sys Infostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/Injector.RET | X |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| bbrs_002@blabbers.com | Browser Companion Helper, Ginyas Browser Companion | Blabbers "Browser Companion" adware, often bundled with various third party software or foistware - detected by Malwarebytes Anti-Malware as "PUP.Blabbers". See also here. | X | |
| @xkcd-companion | xkcd Companion | @xkcd-companion.xpi | xkcd Companion is a helpful add-on for xkcd fans, which provides the alt text and a link to the corresponding explainxkcd wiki page for all xkcd comics. | L |
| {667e9f3d-0096-4d2b-b171-9a96afbabe20} | Mozilla QA Companion | Mozilla QA Companion - Help the Mozilla Quality Assurance (QA) team test new versions of Firefox and stay connected with the QA community. Note: Discontinued and no longer listed on Mozilla Add-ons. | L | |
| oyax@ehsanakhgari.org | OYAX Companion | OYAX Companion: addon for the oyax social bokmarking service. | L | |
| inodhwnfgtr463428675drebcs@jetpack | Inoreader Companion | inodhwnfgtr463428675drebcs@jetpack. xpi | Inoreader Companion is the official Firefox extension for Inoreader. It lets you quickly view your updated feeds, subscribe to your currently opened site and more. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {D71CCD9D-3AE6-46CA-B3F5-161BCF51A184} | Browser Toolbar Helper | ysdzac23.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
| {C2BAFBE2-DBC4-4B97-B305-850B510B108F} | FF helper | wxiauid23.dll | Infostealer trojan, detected as TSPY_AMBLER.MBE | X |
| {147667FF-8952-4282-9238-F496987D262E} | IE helper | lvvugf.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
| {1C16EF88-5C73-4A37-A63F-DE9BD630B1FF} | IE helper | tvwfd.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
| {3513A6A1-9E64-411E-A763-BE8CF8F8F1BC} | IE helper | ewrybn13.dll, iwauqng5.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |