CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {11111111-1111-1111-1111-110411361128} | CrossriderApp0043628, weDownload Manager Pro | weDownload Manager Pro-bho.dll, weDownload Manager Pro-bho64.dll | Crossrider cross-browser plugin, often bundled with third party software or part of an adware bundle - detected as Adware.CrossRider and by Malwarebytes Anti-Malware as "PUP.Optional.CrossRider" or "PUP.Optional.WeDownload.A" | X BHO |
| {11111111-1111-1111-1111-110411901174} | CrossriderApp0049074, The weDownload Manager | The weDownload Manager-bho.dll , The weDownload Manager-bho64.dll | Crossrider cross-browser plugin, often bundled with third party software or part of an adware bundle - detected as Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.Optional.CrossRider.M or PUP.Optional.WeDownload.A - also see here | X BHO |
| {11111111-1111-1111-1111-110611181162} | CrossriderApp0061862, The weDownload Manager, 7635d2e0f3990131f3574578a53 c5ebc0061862 | The weDownload Manager-bho.dll, The weDownload Manager-bho64.dll, The weDownloads Manager+-bho.dll | Crossrider cross-browser plugin, often bundled with third party software or part of an adware bundle - detected as Adware.CrossRider and by Malwarebytes Anti-Malware as "PUP.Optional.CrossRider" or "PUP.Optional.weDownload.A" - also see here | X BHO |
| {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} | Credential Manager for HP ProtectTools, ASUS Security Protect Manager | ITIEAddin64.dll | HP ProtectTools security manager or ASUS Security Protect Manager | L BHO |
| {DF21F1DB-80C6-11D3-9483-B03D0EC10000} | HP Credential Manager for ProtectTools, VeriSoft Access Manager | ItIeAddIN.dll | HP ProtectTools security manager or Bioscrypt VeriSoft Access Manager | L BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| MSN P2P Manager | msnp2pmgr.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. | X |
| DCE Manager | dcemgr.exe | Added by the TUMAG.A TROJAN! | X |
| DLL Manager | dllmngr32.exe | Added by a variant of the WIN32.RBOT WORM! | X |
| Bug Manager | BugManager.exe | Related to Fitbug Limited Fitness, Sleep and Activity Tracker. Note: Located in \%Program Files%\Fitbug Limited\Bug Manager\ | U |
| FW Manager | fwcheck.exe | Added by the W32/Delbot-H Spyware WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K). | X |
O9 List Results
Internet Explorer Buttons
Internet Explorer Buttons
| CLSID | Name | Filename | Description | Status |
| {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} | WinAVI FLV Manager | FLVTune.dll | Related to WinAVI FLV Manager WinAVI FLV Converter is an easy-to-use software to download/convert FLV video files from Internet. Note: Located in \%Program Files%\WinAVI FLV Converter\ | L |
| {D5AD327A-A089-4F04-89FD-4EA9812B3913} | Download all with DF Manager | dfmanager.exe | Related to Deposit Files The program uses the FTP protocol for upload your files. Note: Located in \%Program Files%\DepositFiles\DF Manager\ | L |
| {0045D4BC-5189-4b67-969C-83BB1906C421} | ThinkVantage Password Manager... | Installed on ThinkVantage portable computers by Lenovo previously IBM. | L | |
| {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} | Lenovo Password Manager... | tvtpwm_ie_com.dll | Related to Password Manager found on Lenovo computers. Note: Located in \%Program Files%\Lenovo\Client Security Solution\ | L |
| {755B05A7-0770-4185-B5F6-E75A2CA527E2} | Signature Manager options | SubsHelper.dll | Added by the Generic.dx!bbnx!3A1DC46D7F59 TROJAN! Note: Located in \%Program Files%\ | X |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| Desktop Window Manager Session Manager (UxSms) | svchost.exe -k LocalSystemNetworkRestricted | Part of Windows Vista Note: Located in C:\%WINDIR%\System32 | L |
| Manager (Windows XP Manager) | msnmgr.exe | Added by the W32/Kassbot-L Note: Read the link, rootkit type stealth involved. | X |
| FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) | regw2.exe | Related to Flexera Software, Inc The Flexnet Licensing service is used by most Adobe products to prevent piracy. Note: Located in \%WINDIR%\%System%\ | L |
| RANOPT Task Manager (RT Task Manager) | rt_TaskManager.exe | Related to AIRCOM International RANOPT is extremely easy to use. Flexible yet powerful, it is truly database driven, with no need to reload data each time it is used, meaning KPIs can be analysed quickly and easily. Note: Located in \%Program Files%\AIRCOM International\ENTERPRISE 6.2\common\ Note: Now owned by TEOCO Corporation. | L |
| Install Driver Manager (Install Driver Table Manager) | wpablan.exe | Added by the W32/Sdbot-CWR TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. | X |
O16 List Results
ActiveX
ActiveX
| CLSID | Name | Filename | Description | Status |
| {2BCDB465-81F9-41CB-832C-8037A4064446} | F5 Networks VPN Manager | urxvpn.cab | Installer for VDESK a virtual desktop manager. Note: Located in /%WINDIR%/%Program Files%/F5 VPN/F5_TMP/ | L |
| {6F15128C-E66A-490C-B848-5000B5ABEEAC} | HP Download Manager | HPDEXAXO.cab | Related to HP support | L |
| {27527D31-447B-11D5-A46E-0001023B4289} | Game Service Manager | http://gamingzone.ubisoft.com | L | |
| {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} | MGAME manager Class | mgusamanagerv1001.cab | Related to a game from http://legendofares.netgame.com/ | L |
| {6F750200-1362-4815-A476-88533DE61D0C} | Ofoto Upload Manager | http://www.ofoto.com | L |
SEH List Results
ShellExecuteHook
ShellExecuteHook
| CLSID | Name | Filename | Description | Status |
| {88485281-8b4b-4f8d-9ede-82e29a064277} | MarkAny Contents Safer Manager 1.0 | %ProgramFiles%\MarkAny\ContentSafer \MACSMANAGER.dll, MACSMA~1.DLL | MarkAny Content Safer copy protection software | L |
| {56F9679E-7826-4C84-81F3-532071A8BCC5} | Windows Desktop Search Namespace Manager | %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll | Windows Desktop Search | L |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| Task-Manager | Systems.exe | Infostealer trojan, detected by Kaspersky antivirus as Backdoor.Win32.Iroffer.jl | X |
| LiveUpdateWPP Manager | LiveUpdateWPP.exe | Added by the Live WPPUpdate Win32/Adware.Similagro | X |
| CST License Manager | lmgrd.exe | Related to the lmgrd.exe 3D EM simulation software from CST Computer Simulation Technology AG. | L |
| OneDayon Manager | update_one.exe | Parasite of Korean origin hailing from onedayon.com and detected by Microsoft as Adware:Win32/Oneday | X |
| NWSvc Manager | nswsrv.exe | Added by the "Windows NS Assist", a parasite of Korean origin hailing from newswide.net and detected by Bitdefender as "Trojan.Generic.7734702" | X |
FF Extensions List Results
Firefox Extension
Firefox Extension
| CLSID | Name | Filename | Description | Status |
| {008abed2-b43a-46c9-9a5b-a771c87b82da} | weDownload Manager Pro | Added by the PUP.Optional.WeDownload.A | X | |
| {72CA2996-F580-47DF-98FF-0B853D09CEC8} | Password Manager Autofill Engine, Password Manager plugin, Plug-in für Passwort Manager, Plug-in du Gestionnaire de mots de passe, Wtyczka Menedżera haseł, Плагин Менеджера паролей, etc. | Kaspersky Password Manager 5.0 and 7.0 integration with Firefox. This is a rebranded variant of Sticky Password. Note: Old unsigned add-on. Replaced with newer version 8.0 using the following ID: kpm_win_add_on@kaspersky. Note: Windows Registry (user-level) extension installed outside of the Firefox profile - no Remove button in the Add-ons Manager. | L | |
| pwm-id50@identos.com | ID50 Passwort Manager, IDENTOS PW Manager ID50 | pwm-id50@identos.com.xpi | ID50 Password Manager stores authentication data on a hardware-encrypted USB device and allows you to fill out log-in forms automatically. | L |
| KeeperFFStoreExtension@KeeperSecurityInc | Keeper® Password Manager, Keeper® Password Manager & Digital Vault, Keeper Browser Extension | KeeperFFStoreExtension@KeeperSecuri tyInc.xpi | Keeper® Password Manager & Digital Vault (alias KeeperFill) is a browser extension that lets you autofill your login credentials in your favorite websites. | L |
| {94285e43-a27b-4f51-b280-ff763ae7cd81} | Open Download Manager Desktop, Premier Download Manager Desktop | {94285e43-a27b-4f51-b280-ff763ae7cd81}.xpi | Firefox integration with undesirable "download managers". Two versions using the same ID: Note: Open Download Manager Desktop hosted on Mozilla Add-ons, but to be avoided. See here and here. Note: Premier Download Manager Desktop is an older version. Windows Registry (machine-level) extension installed outside of the Firefox profile - no Remove button in the Add-ons Manager. | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {117BCF0D-7850-4DF8-A943-410E0426F18D} | Transaction Manager, GDI Manager | zxvd32.dll, kwbn45.dll | Infostealer trojan, a variant of TrojanSpy:Win32/Ambler - detected by Symantec as Trojan.Banksun | X |
| {8F0CA0E5-4537-4A58-AB72-1080AA41D903} | GDI Manager | hwdhy.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler - also see here | X |
| {97A64740-06B5-447E-BB7E-1F38EAD0DB10} | GDI Manager | jbrv2.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler | X |
| {8C642234-68A0-47A8-AB31-A9D6C764304D} | GDI Manager | frenjrupf6.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler | X |
| {F2479B8C-979D-41AE-B28B-20526B1B3AAA} | GDI Manager | xdjspyhte.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler | X |