CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{95b7759c-8c7f-4bf1-b163-73684a933233} | AVG Security Toolbar, AVG SafeGuard toolbar, AVG Nation toolbar, AVG Web TuneUp | AVG Secure Search_toolbar.dll, AVG SafeGuard toolbar_toolbar.dll, AVG Nation toolbar_toolbar.dll, AVG Web TuneUp.dll | AVG Security Toolbar - see here and here | O BHO, TB |
{CC862B2A-308A-4184-9AE6-09832D7296AD} | Web Safeguard BHO | FrameworkBHO.dll, FrameworkBHO64.dll | Parasite, detected by Malwarebytes Anti-Malware as "PUP.Optional.WebSafeGuard.A" - also see here | X BHO |
{0CD8D8B3-399B-4164-97CF-CB004A1FC741} | Web Safeguard | FrameworkBHO.dll, FrameworkBHO64.dll | Parasite, detected by Malwarebytes Anti-Malware as "PUP.Optional.WebSafeGuard.A" - also see here | X TB |
{1036AD63-AEAC-460B-9060-C96005D4DC86} | Privacy Safeguard BHO | PrivacySafeGuard.dll, PrivacySafeGuard-x64.dll | Privacy SafeGuard browser plugin, serves adware - detected by Malwarebytes Anti-Malware as "PUP.PrivacySafeGuard" | X BHO |
{000011A1-74C9-4c7e-9B4E-59B5765CF409} | Naver SafeGuard | nsafeguard_2011_10_24_1.dll | Naver SafeGuard - see VirusTotal scan results for installer | X BHO |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
SafeGuard | SafeGuardApp.exe, SafeGuard.exe | Added by the SafeGuard PUP adware. Note: Located in \%Program Files%\SafeGuard\ | X |
SafeGuard | SafeGuardApp.exe | Added by the SafeGuard PUP.Optional.StormWatch.A. Note: Located in \%Program Files%\SafeGuard\ | X |
Safeguard 2009 | sf2009.exe | SafeGuard 2009 is a rogue anti-spyware program from the same family as MS AntiSpyware 2009. Removal instructions from Bleeping Computer Note: Located in \%AllUsersProfile%\Application Data\SafeguardSoft Ltd\Safeguard 2009\ | X |
SafeGuard Popup Updater (required) | regsvr32 sfg****.dll [* = random char] | SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder | X |
SafeGuard Popup Updater (required) | regsvr32 [path] PDF****.dll (* = random char/digit) | SafeguardProtect/Veevo hijacker | X |
O9 List Results
Internet Explorer Buttons
Internet Explorer Buttons
CLSID | Name | Filename | Description | Status |
{0b83c99c-1efa-4259-858f-bcb33e007a5b} | AIM Toolbar | aimtb.dll | Related to AIM Toolbar AOL Service. Note: Located in \%Program Files%\AIM Toolbar\ | L |
{4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to AOL | L | |
{4982D40A-C53B-4615-B15B-B5B5E98D167C} | AOL Toolbar | Related to the AOL Toolbar. | L | |
{3369AF0D-62E9-4bda-8103-B4C75499B578} | AOL Toolbar | aoltb.dll | Added by version 2.0 of AOL_Toolbar | L |
{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} | IE Developer Toolbar | Related to IE_Developer Toolbar from Microsoft. Note: Located in \%Program Files%\Microsoft\Internet Explorer Developer Toolbar\ | L |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
SafeGuard Update Service | SafeGuardSrv.exe | Added by the SafeGuard PUP adware Note: Located in \%Program Files%\SafeGuard\ | X |
SafeGuard Easy Client (SgeClient) | SgeClient.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ | L |
SafeGuard SGLOG Player (SgLogPlayer) | SgLogPlayer.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\WINDOWS\system32\ | L |
SafeGuard Easy Workstation Server (WksCfgSrv) | WksCfgSrv.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ | L |
AVG Security Toolbar Service | ToolbarBroker.exe | Related to AVG Security Toolbar, here here Note: Located in \%Program Files%\AVG\AVG9\Toolbar\ | O |
O16 List Results
ActiveX
ActiveX
Drivers List Results
Driver Entry
Driver Entry
Name | Filename | Description | Status |
FlvTube Toolbar Helper | FLVTubeSvc.exe | Related to FLVTubeSvc.exe AdWare.Win32.Zwangi.cea ADWARE! | X |
Mp3Rocket Toolbar Helper | Mp3RocketSvc.exe | Added by the Trojan-Downloader.Win32.Adload.tsi TROJAN | X |
Toolbar Updater Service | ToolbarUpdaterService.exe | Added by the ToolbarUpdaterService.exe Zugo adware toolbar variant, connects to installmonetizer.com | X |
Mp3Tube Toolbar Service | Mp3TubeSvc.exe | Related to Mp3TubeSvc.exe Toolbar Helper Service from Mp3Tube | L |
Updater Service for StartNow Toolbar | ToolbarUpdaterService.exe | Added by the startnow toolbar toolbar Zugo adware toolbar. | X |
FF Extensions List Results
Firefox Extension
Firefox Extension
CLSID | Name | Filename | Description | Status |
avg@toolbar | AVG Web TuneUp, AVG SafeGuard toolbar, AVG Security Toolbar, AVG Nation toolbar | avg@toolbar.xpi | AVG Web TuneUp (formerly AVG Secure Search or AVG Nation) provides Site Safety ratings, Do Not Track functionality and Browser Cleaner. Depending on the variant, different branding and search engine provider: mysearch.avg.com (Yahoo), avg.nation.com (Infospace), or isearch.avg.com (Google). Bundled with AVG programs and other third party software or installed on demand from the official websites. Note: Considered as PUP (Potentially Unwanted Program) due to unfair distribution methods, browser hijacking and Infospace relationship. See here, here, here. Note: Older versions: [AVG toolbar edition] in the path indicates the same names as display names and [x.x.x.x] indicates versions: 18.0.0.248, 3.1.0.8, etc. Note: Older versions: Windows Registry (machine-level) extension installed outside of the Firefox profile - no Remove button in the Add-ons Manager. Official instructions here and here. | O |
toolbar@ask.com | Ask Toolbar, Alawar Ask Toolbar, Auslogics Toolbar, CrowdStar Gamebar, Foxit Toolbar, KMPlayer Toolbar, MAGIX Toolbar, Nero Toolbar, PandoraTV Toolbar, Social Point Toolbar, Support.com Toolbar, VDownloader Toolbar, ZiggyTV Toolbar, etc. | Ask.com toolbars bundled with many third party applications - focused on setting the browser's search engine to ask.com. A detailed Ask/IAC Toolbars analysis is available here. See also here. Note: The ID is an older format shared among various programs. Newer APN (Ask Partner Network) toolbars use a different schema uniquely identifying items: toolbar_PartnerID@apn.ask.com. Note: Some security vendors released Ask based toolbars. | X | |
{cf15270e-cf08-4def-b4ea-6a5ac23f3bca} | eShield, FindWide Toolbar, TNT2-[Version] Toolbar, Yahoo Toolbar | {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi | Browser hijacker related to Cliff Bar by FindWide ("TNT2") - detected as PUA:Win32/Findwide (Microsoft), PUA.FindWide (Symantec), Win32/Toolbar.TNT2 (ESET). Note: Legit JSView add-on uses the same ID. [Version] indicates various numeric strings, eg.: TNT2-11467. | X |
toolbar.....@freshy.com | FindWide Toolbar, TNT2-[.....] Toolbar, Yahoo Toolbar | toolbar.....@freshy.com.xpi | Browser hijacker related to Cliff Bar by FindWide ("TNT2") - detected as PUP.Optional.TidyNetwork (Malwarebytes), PUA:Win32/Findwide (Microsoft), PUA.FindWide (Symantec), Win32/Toolbar.TNT2 (ESET). Note: Dots indicate various numeric strings, eg.: toolbar11069@freshy.com, toolbar11219@freshy.com, toolbar11521@freshy.com. | X |
{FFB96CC1-7EB3-449D-B827-DB661701C6BB} | ForceField Toolbar, ZoneAlarm Security Engine, ZoneAlarm Toolbar | ZoneAlarm ForceField browser protection installed as a standalone product or as integration in older ZoneAlarm suites. See also here. Note: Windows Registry (machine-level) extension - the Remove button is unavailable. Note: Old discontinued product replaced with new Site Check technology and security toolbar. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{94B8EB3A-B495-4285-8A0C-A02CA35EBF6A} | IE Toolbar | svsnjleie4.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
{A9865CC7-A5AA-46C6-A8A1-F6FE04C47D8D} | IE Toolbar | xcefuq1.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |
{D71CCD9D-3AE6-46CA-B3F5-161BCF51A184} | Browser Toolbar Helper | ysdzac23.dll | Infostealer trojan, detected as TrojanSpy:Win32/Ambler.D | X |