Global Search

Not sure what a file is? Sort through the possibilities with a quick search of all of the lists.
Or get more accurate results by browsing and searching by list.
CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars

CLSID Name Filename Description Status
{95b7759c-8c7f-4bf1-b163-73684a933233}AVG Security Toolbar, AVG SafeGuard toolbar, AVG Nation toolbar, AVG Web TuneUpAVG Secure Search_toolbar.dll, AVG SafeGuard toolbar_toolbar.dll, AVG Nation toolbar_toolbar.dll, AVG Web TuneUp.dll AVG Security Toolbar - see here and hereO BHO, TB
{CC862B2A-308A-4184-9AE6-09832D7296AD}Web Safeguard BHOFrameworkBHO.dll, FrameworkBHO64.dllParasite, detected by Malwarebytes Anti-Malware as "PUP.Optional.WebSafeGuard.A" - also see hereX BHO
{0CD8D8B3-399B-4164-97CF-CB004A1FC741}Web SafeguardFrameworkBHO.dll, FrameworkBHO64.dllParasite, detected by Malwarebytes Anti-Malware as "PUP.Optional.WebSafeGuard.A" - also see hereX TB
{1036AD63-AEAC-460B-9060-C96005D4DC86} Privacy Safeguard BHOPrivacySafeGuard.dll, PrivacySafeGuard-x64.dllPrivacy SafeGuard browser plugin, serves adware - detected by Malwarebytes Anti-Malware as "PUP.PrivacySafeGuard"X BHO
{000011A1-74C9-4c7e-9B4E-59B5765CF409}Naver SafeGuard nsafeguard_2011_10_24_1.dllNaver SafeGuard - see VirusTotal scan results for installerX BHO

Startup List Results
Startup Entry

Name Filename Description Status
SafeGuardSafeGuardApp.exe, SafeGuard.exeAdded by the SafeGuard PUP adware. Note: Located in \%Program Files%\SafeGuard\X
SafeGuardSafeGuardApp.exeAdded by the SafeGuard PUP.Optional.StormWatch.A. Note: Located in \%Program Files%\SafeGuard\X
Safeguard 2009sf2009.exeSafeGuard 2009 is a rogue anti-spyware program from the same family as MS AntiSpyware 2009. Removal instructions from Bleeping Computer Note: Located in \%AllUsersProfile%\Application Data\SafeguardSoft Ltd\Safeguard 2009\X
SafeGuard Popup Updater (required)regsvr32 sfg****.dll [* = random char]SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folderX
SafeGuard Popup Updater (required)regsvr32 [path] PDF****.dll (* = random char/digit)SafeguardProtect/Veevo hijackerX

O9 List Results
Internet Explorer Buttons

CLSID Name Filename Description Status
{0b83c99c-1efa-4259-858f-bcb33e007a5b}AIM Toolbaraimtb.dllRelated to AIM Toolbar AOL Service. Note: Located in \%Program Files%\AIM Toolbar\L
{4982D40A-C53B-4615-B15B-B5B5E98D167C}AOL ToolbarRelated to AOLL
{4982D40A-C53B-4615-B15B-B5B5E98D167C}AOL ToolbarRelated to the AOL Toolbar.L
{3369AF0D-62E9-4bda-8103-B4C75499B578}AOL Toolbaraoltb.dllAdded by version 2.0 of AOL_ToolbarL
{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}IE Developer ToolbarRelated to IE_Developer Toolbar from Microsoft. Note: Located in \%Program Files%\Microsoft\Internet Explorer Developer Toolbar\L

O23 List Results
Windows Services

Name Filename Description Status
SafeGuard Update ServiceSafeGuardSrv.exeAdded by the SafeGuard PUP adware Note: Located in \%Program Files%\SafeGuard\X
SafeGuard Easy Client (SgeClient)SgeClient.exeRelated to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\L
SafeGuard SGLOG Player (SgLogPlayer)SgLogPlayer.exeRelated to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\WINDOWS\system32\L
SafeGuard Easy Workstation Server (WksCfgSrv)WksCfgSrv.exeRelated to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\L
AVG Security Toolbar ServiceToolbarBroker.exeRelated to AVG Security Toolbar, here here Note: Located in \%Program Files%\AVG\AVG9\Toolbar\O

Drivers List Results
Driver Entry

Name Filename Description Status
FlvTube Toolbar HelperFLVTubeSvc.exeRelated to FLVTubeSvc.exe AdWare.Win32.Zwangi.cea ADWARE!X
Mp3Rocket Toolbar HelperMp3RocketSvc.exeAdded by the Trojan-Downloader.Win32.Adload.tsi TROJANX
Toolbar Updater ServiceToolbarUpdaterService.exeAdded by the ToolbarUpdaterService.exe Zugo adware toolbar variant, connects to installmonetizer.comX
Mp3Tube Toolbar ServiceMp3TubeSvc.exeRelated to Mp3TubeSvc.exe Toolbar Helper Service from Mp3TubeL
Updater Service for StartNow ToolbarToolbarUpdaterService.exeAdded by the startnow toolbar toolbar Zugo adware toolbar.X
FF Extensions List Results
Firefox Extension

CLSID Name Filename Description Status
avg@toolbarAVG Web TuneUp, AVG SafeGuard toolbar, AVG Security Toolbar, AVG Nation toolbaravg@toolbar.xpiAVG Web TuneUp (formerly AVG Secure Search or AVG Nation) provides Site Safety ratings, Do Not Track functionality and Browser Cleaner. Depending on the variant, different branding and search engine provider: mysearch.avg.com (Yahoo), avg.nation.com (Infospace), or isearch.avg.com (Google). Bundled with AVG programs and other third party software or installed on demand from the official websites. Note: Considered as PUP (Potentially Unwanted Program) due to unfair distribution methods, browser hijacking and Infospace relationship. See here, here, here. Note: Older versions: [AVG toolbar edition] in the path indicates the same names as display names and [x.x.x.x] indicates versions: 18.0.0.248, 3.1.0.8, etc. Note: Older versions: Windows Registry (machine-level) extension installed outside of the Firefox profile - no Remove button in the Add-ons Manager. Official instructions here and here.O
toolbar@ask.comAsk Toolbar, Alawar Ask Toolbar, Auslogics Toolbar, CrowdStar Gamebar, Foxit Toolbar, KMPlayer Toolbar, MAGIX Toolbar, Nero Toolbar, PandoraTV Toolbar, Social Point Toolbar, Support.com Toolbar, VDownloader Toolbar, ZiggyTV Toolbar, etc.Ask.com toolbars bundled with many third party applications - focused on setting the browser's search engine to ask.com. A detailed Ask/IAC Toolbars analysis is available here. See also here. Note: The ID is an older format shared among various programs. Newer APN (Ask Partner Network) toolbars use a different schema uniquely identifying items: toolbar_PartnerID@apn.ask.com. Note: Some security vendors released Ask based toolbars.X
{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}eShield, FindWide Toolbar, TNT2-[Version] Toolbar, Yahoo Toolbar{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpiBrowser hijacker related to Cliff Bar by FindWide ("TNT2") - detected as PUA:Win32/Findwide (Microsoft), PUA.FindWide (Symantec), Win32/Toolbar.TNT2 (ESET). Note: Legit JSView add-on uses the same ID. [Version] indicates various numeric strings, eg.: TNT2-11467.X
toolbar.....@freshy.comFindWide Toolbar, TNT2-[.....] Toolbar, Yahoo Toolbartoolbar.....@freshy.com.xpiBrowser hijacker related to Cliff Bar by FindWide ("TNT2") - detected as PUP.Optional.TidyNetwork (Malwarebytes), PUA:Win32/Findwide (Microsoft), PUA.FindWide (Symantec), Win32/Toolbar.TNT2 (ESET). Note: Dots indicate various numeric strings, eg.: toolbar11069@freshy.com, toolbar11219@freshy.com, toolbar11521@freshy.com.X
{FFB96CC1-7EB3-449D-B827-DB661701C6BB}ForceField Toolbar, ZoneAlarm Security Engine, ZoneAlarm ToolbarZoneAlarm ForceField browser protection installed as a standalone product or as integration in older ZoneAlarm suites. See also here. Note: Windows Registry (machine-level) extension - the Remove button is unavailable. Note: Old discontinued product replaced with new Site Check technology and security toolbar.L

Active Setup List Results
Active Setup - Installed Component

CLSID Name Filename Description Status
{94B8EB3A-B495-4285-8A0C-A02CA35EBF6A}IE Toolbarsvsnjleie4.dllInfostealer trojan, detected as TrojanSpy:Win32/Ambler.DX
{A9865CC7-A5AA-46C6-A8A1-F6FE04C47D8D}IE Toolbarxcefuq1.dllInfostealer trojan, detected as TrojanSpy:Win32/Ambler.DX
{D71CCD9D-3AE6-46CA-B3F5-161BCF51A184}Browser Toolbar Helperysdzac23.dllInfostealer trojan, detected as TrojanSpy:Win32/Ambler.DX
Powered by SystemLookup Engine. © 2008-2018 BrightFort. All Rights Reserved. | Privacy Policy | Terms of Use