CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} | ForceField Toolbar Registrar, ZoneAlarm Toolbar Registrar, ZoneAlarm Security Engine Registrar | TrustCheckerIEPlugin.dll | ZoneAlarm ForceField | L BHO |
| {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} | ZoneAlarm Toolbar | tbZone.dll, tbZon0.dll, tbZon1.dll, tbZon2.dll, prxtbZone.dll, prxtbZon0.dll, prxtbZon1.dll, prxtbZon2.dll, prxtbZon3.dll | ZoneAlarm Toolbar - a Conduit "Community Toolbar" - redirects searches to search.conduit.com. Conduit toolbars are also reputed to have a certain trackware functionality and will often come bundled with various third party software - remove unless you wittingly installed it and intend it to be there. | O BHO, TB, SH |
| {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} | ZoneAlarm Security Toolbar | zonealarmTlbr.dll | ZoneAlarm Security Toolbar - made by "Montera Technologeis", responsible for Claro and Babylon.Toolbar adware - remove unless you wittingly downloaded it AND intend it to be there. Also see here | O TB |
| {d7f26d0e-9801-45c3-a091-8a65e4ed73b5} | Protection ZoneAlarm Toolbar | tbProt.dll, tbPro0.dll, tbPro1.dll, tbPro2.dll, prxtbProt.dll, prxtbPro0.dll, prxtbPro1.dll, prxtbPro2.dll, prxtbPro3.dll | Protection ZoneAlarm Toolbar - a Conduit "Community Toolbar" - redirects searches to search.conduit.com. Conduit toolbars are also reputed to have a certain trackware functionality and will often come bundled with various third party software - remove unless you wittingly installed it and intend it to be there - detected by Malwarebytes Anti-Malware as "PUP.Optional.Conduit" | O BHO, TB, SH |
| {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} | ZoneAlarm Extreme Security Toolbar | tbZone.dll, tbZon0.dll, tbZon1.dll, tbZon2.dll, prxtbZone.dll, prxtbZon0.dll, prxtbZon1.dll, prxtbZon2.dll, prxtbZon3.dll | ZoneAlarm Extreme Security Toolbar - a Conduit "Community Toolbar" - redirects searches to search.conduit.com. Conduit toolbars are also reputed to have a certain trackware functionality and will often come bundled with various third party software - remove unless you wittingly installed it and intend it to be there. | O BHO, TB, SH |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| ZoneAlarm | zonealarm.exe | Firewall program from Zonelabs - free version | Y |
| ZoneAlarm | zatray.exe | Firewall program from Zonelabs - free version. Note: Located in \%Program Files%\ | Y |
| Zonealarm | iexplore.exe | Added by the W32/Forbot-CP WORM! Note: Located in \%WINDIR%\System\ Note: Do not remove the legitimate program file in \%Program Files%\Internet Explorer | X |
| ZoneAlarm Pro | Zapro.exe | Firewall program from Zonelabs - paid for version. Note: Located in \%Program Files%\Zone Labs\ZoneAlarm\ | Y |
| ZoneAlarm Plus | zaplus.exe | Firewall program from Zonelabs - paid for version | Y |
O9 List Results
Internet Explorer Buttons
Internet Explorer Buttons
| CLSID | Name | Filename | Description | Status |
| {0b83c99c-1efa-4259-858f-bcb33e007a5b} | AIM Toolbar | aimtb.dll | Related to AIM Toolbar AOL Service. Note: Located in \%Program Files%\AIM Toolbar\ | L |
| {4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to AOL | L | |
| {4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to the AOL Toolbar. | L | |
| {3369AF0D-62E9-4bda-8103-B4C75499B578} | AOL Toolbar | aoltb.dll | Added by version 2.0 of AOL_Toolbar | L |
| {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} | IE Developer Toolbar | Related to IE_Developer Toolbar from Microsoft. Note: Located in \%Program Files%\Microsoft\Internet Explorer Developer Toolbar\ | L |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| ZoneAlarm Toolbar IswSvc (IswSvc) | IswSvc.exe | Related to ZoneAlarm_ForceField service from Check Point Software Technologies. Note: Located in \%Program Files%\CheckPoint\ZAForceField\ | L |
| zonealarm (iexplorer) | Removeme.EXE | Added by the W32/Forbot-BG WORM! | X |
| ZoneAlarm ICM Service | ICM-Service.exe | Related to Check Point Software Tech ZoneAlarm ICM. Note: Located in \%Program Files%\CheckPoint\ZoneAlarm\ | L |
| AVG Security Toolbar Service | ToolbarBroker.exe | Related to AVG Security Toolbar, here here Note: Located in \%Program Files%\AVG\AVG9\Toolbar\ | O |
| WebSeach Toolbar support NT service | TBPSSvc.exe | Related to the Neo/Huntbar Toolbar | X |
O16 List Results
ActiveX
ActiveX
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| ZoneAlarm AntiTheft | Antitheft.exe | Related to the Antitheft.exe ZoneAlarm AntiTheft from Check Point Software Technologies LTD | L |
| FlvTube Toolbar Helper | FLVTubeSvc.exe | Related to FLVTubeSvc.exe AdWare.Win32.Zwangi.cea ADWARE! | X |
| Mp3Rocket Toolbar Helper | Mp3RocketSvc.exe | Added by the Trojan-Downloader.Win32.Adload.tsi TROJAN | X |
| Toolbar Updater Service | ToolbarUpdaterService.exe | Added by the ToolbarUpdaterService.exe Zugo adware toolbar variant, connects to installmonetizer.com | X |
| Mp3Tube Toolbar Service | Mp3TubeSvc.exe | Related to Mp3TubeSvc.exe Toolbar Helper Service from Mp3Tube | L |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| {FFB96CC1-7EB3-449D-B827-DB661701C6BB} | ForceField Toolbar, ZoneAlarm Security Engine, ZoneAlarm Toolbar | ZoneAlarm ForceField browser protection installed as a standalone product or as integration in older ZoneAlarm suites. See also here. Note: Windows Registry (machine-level) extension - the Remove button is unavailable. Note: Old discontinued product replaced with new Site Check technology and security toolbar. | L | |
| {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} | ZoneAlarm Toolbar, ZoneAlarm Community Toolbar | ZoneAlarm Security Toolbar - a customized Conduit toolbar. Conduit toolbars modify home page and search settings. Note: Old discontinued toolbar replaced by zonealarm.com. | O | |
| {91da5e8a-3318-4f8c-b67e-5964de3ab546} | ZoneAlarm Security Toolbar, ZoneAlarm Security Community Toolbar | ZoneAlarm Security Toolbar - a customized Conduit toolbar. Conduit toolbars modify home page and search settings. Note: Old discontinued toolbar replaced by zonealarm.com. | O | |
| toolbar@ask.com | Ask Toolbar, Alawar Ask Toolbar, Auslogics Toolbar, CrowdStar Gamebar, Foxit Toolbar, KMPlayer Toolbar, MAGIX Toolbar, Nero Toolbar, PandoraTV Toolbar, Social Point Toolbar, Support.com Toolbar, VDownloader Toolbar, ZiggyTV Toolbar, etc. | Ask.com toolbars bundled with many third party applications - focused on setting the browser's search engine to ask.com. A detailed Ask/IAC Toolbars analysis is available here. See also here. Note: The ID is an older format shared among various programs. Newer APN (Ask Partner Network) toolbars use a different schema uniquely identifying items: toolbar_PartnerID@apn.ask.com. Note: Some security vendors released Ask based toolbars. | X | |
| ffxtlbr@zonealarm.com | zonealarm.com | ZoneAlarm Privacy Toolbar installed with ZoneAlarm products - defends your online privacy, stops online tracking, finds Facebook privacy issues. Powered by Abine DoNotTrackMe. See also here. Note: The toolbar sets home and search engine pages to "Search By ZoneAlarm" (search.zonealarm.com). Note: Replaces old discontinued ZoneAlarm toolbars based on Conduit or Ask. See the list. | O |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {94B8EB3A-B495-4285-8A0C-A02CA35EBF6A} | IE Toolbar | svsnjleie4.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
| {A9865CC7-A5AA-46C6-A8A1-F6FE04C47D8D} | IE Toolbar | xcefuq1.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
| {D71CCD9D-3AE6-46CA-B3F5-161BCF51A184} | Browser Toolbar Helper | ysdzac23.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |