Should I block it?

98%

Yes, 98% block recommendation.

Possible reasons:

Multiple malware detections

Performance resource utilization

Additional versions

7ccf4	40.00%
5975d	5.00%
24315	5.00%
1e999	10.00%
70eb4	35.00%
222d0	5.00%

(Note, Zugo Ltd publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

ToolbarUpdaterService.exe

By Zugo Ltd (Signed)

Remove ToolbarUpdaterService.exe

MD5:	1e9993ac255b3220bce71fe9e056bbc9
SHA1:	c40a3fae8440d46d8cc6c045b212b42b7b9ea34e
SHA256:	4f651236f6b69ee5cd6bd7f48bee28f52998ea76695a37a4d0e7af56cf5438b7

Warning 4 antivirus scanners has detected malware.

What is ToolbarUpdaterService.exe?

ToolbarUpdaterService.exe for the StartNow Toolbar is the software updater program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software udpates and automatically downloads and installs them if found.

About ToolbarUpdaterService.exe (from Zugo Ltd)

“StartNow toolbar is developed by Zugo and it gives you instant access to multimedia search, Facebook one click away, your local weather forecast and many other features that give you the best online e”

Details

File name:	ToolbarUpdaterService.exe
Typical file path:	C:\Program Files\startnow toolbar\toolbarupdaterservice.exe
Size:	259.72 KB (265,952 bytes)
Certificate
Issued to:	Zugo Ltd
Authority (CA):	The USERTRUST Network
Effective date:	Thursday, January 27, 2011
Expiration date:	Sunday, January 27, 2013
Digital DNA
Entropy:	6.259639
File packed:	No
.NET CLR:	No

More details

Programs

The following programs will install this file

StartNow Toolbar

StartNow.com

79% remove

StartNow is a web browser toolbar that changes your homepage and redirects valid searches. StartNow toolbar is developed by Zugo and it gives you instant access to multimedia search, Facebook one click away, your local weather forecast and many other features that give you the best online experience. It is simple, light weight and blends perfectly with your browser to give you instant access to your favourite sites and information.

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

Updater Service for PDFLite Toolbar
'Updater Service for StartNow Toolbar'

Malware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.

Antivirus engine	Engine version	Detection
Comodo Internet Security	15848	UnclassifiedMalware
Dr.Web	8.13.4.8	Adware.Zugo.71
eSafe	7.0.17.0	Win32.Trojan
ESET NOD32	7.8202	a variant of Win32/Toolbar.Zugo

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00467446%	0.028634%
Kernel CPU:	0.00233723%	0.013761%
User CPU:	0.00233723%	0.014873%
Kernel CPU time:	10 ms/min	100,923,805ms/min
Memory
Private memory:	2.18 MB	21.59 MB
Private (maximum):	716 KB
Private (minimum):	488 KB
Non-paged memory:	2.18 MB	21.59 MB
Virtual memory:	37.2 MB	140.96 MB
Virtual memory (peak):	39.2 MB	169.69 MB
Working set:	464 KB	18.61 MB
Working set (peak):	4.81 MB	37.95 MB
Resource allocations
Threads:	6	12
Handles:	105	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	"C:\Program Files\startnow toolbar\toolbarupdaterservice.exe"
Owner:	SYSTEM
Windows Service
Service name:	SYSTEM\CurrentControlSet\Services\Updater Service for StartNow Toolbar
Display name:	Updater Service for PDFLite Toolbar
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads