| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\explorer.exe
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\ewido anti-malware\SecuritySuite.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ |
Not necessary |
http://www.yahoo.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = |
Not necessary |
Fix this item because it points to nowhere |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = |
Not necessary |
This is your folder of IE toolbar links, but it points to nowhere.
If you do not like this fact, fix this item. |
Change status |
| O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll |
Legitimate |
legitimate bho toolbar, related to Yahoo Companion! |
Change status
|
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
More info about file sndmon.exe |
Legitimate |
Application program item according to inner database
This is the main part of LiveUpdate tool, published by Symantec. It is required to update all... |
Change status
|
| O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe" |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
More info about file bdnagent.exe |
Legitimate |
Application program item according to inner database
BitDefender News Agent, a part of BitDefender antivirus software. |
Change status
|
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
More info about file bdswitch.exe |
Legitimate |
Application program item according to inner database
Essential component of the BitDefender antivirus. |
Change status
|
| O4 - HKLM\..\Run: [sys09878143770] C:\WINDOWS\sys09878143770.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
More info about file hotsync.exe |
Legitimate |
Application program item according to inner database
This file is related to HotSync Manager program, which synchronizes attached Palm handheld with a... |
Change status
|
| O4 - Global Startup: hp psc 1000 series.lnk = ? |
Not necessary |
Fix this item because it points to nowhere |
Change status
|
| O4 - Global Startup: hpoddt01.exe.lnk = ? |
Not necessary |
Fix this item because it points to nowhere |
Change status
|
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
More info about file ldmconf.exe |
Legitimate |
Application program item according to inner database
Logitech Desktop Messenger. Checks for new products, upgrades and offers from Logitech. Located in... |
Change status
|
| O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Create Mobile Favorite' and points to file 'C:\Program Files\Microsoft ActiveSync\inetrepl.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Microsoft ActiveSync\inetrepl.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Create Mobile Favorite...' and points to file 'C:\Program Files\Microsoft ActiveSync\inetrepl.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe |
Not necessary |
This item represents extra button in your IE toolbar with a name 'AIM' and points to file 'C:\PROGRA~1\AIM\aim.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Messenger' and points to file 'C:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item. |
Change status
|
| O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab |
Questionable |
Are you using an ActiveX object with a name 'Support.com Configuration Class' located in 'http://www.activation.rr.com/install/download/tgctlcm.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab |
Questionable |
Are you using an ActiveX object with a name 'HouseCall Control' located in 'http://housecall60.trendmicro.com/housecall/xscan60.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab |
Questionable |
Are you using an ActiveX object with a name 'ewidoOnlineScan Control' located in 'http://download.ewido.net/ewidoOnlineScan.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe |
Questionable |
Are you using an ActiveX object with a name 'ewidoOnlineScan Control' located in 'http://www.pacimedia.com/install/pcs_0002.exe'? If not, fix this item. |
Change status
|
| O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab |
Questionable |
Are you using an ActiveX object with a name 'YInstStarter Class' located in 'http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab |
Questionable |
Are you using an ActiveX object with a name 'YInstStarter Class' located in 'http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab |
Questionable |
Are you using an ActiveX object with a name 'BDSCANONLINE Control' located in 'http://download.bitdefender.com/resources/scan8/oscan8.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/wuweb_site.cab?1129311734843 |
Questionable |
Are you using an ActiveX object with a name 'WUWebControl Class' located in 'http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/wuweb_site.cab?1129311734843'? If not, fix this item. |
Change status
|
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1129311723796 |
Questionable |
Are you using an ActiveX object with a name 'MUWebControl Class' located in 'http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1129311723796'? If not, fix this item. |
Change status
|
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet
/html/native/x86/win32/activex/hcImpl.cab |
Questionable |
Are you using an ActiveX object with a name 'Housecall ActiveX 6.5' located in 'http://housecall65.trendmicro.com/housecall/applet
/html/native/x86/win32/activex/hcImpl.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall
.trendmicro.com/housecall/xscan53.cab |
Questionable |
Are you using an ActiveX object with a name 'HouseCall Control' located in 'http://a840.g.akamai.net/7/840/537/2004061001/housecall
.trendmicro.com/housecall/xscan53.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab |
Questionable |
Are you using an ActiveX object with a name 'ActiveScan Installer Class' located in 'http://acs.pandasoftware.com/activescan/as5free/asinst.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://F:\AUTORUN\Flash\swflash.cab |
Questionable |
Are you using an ActiveX object with a name 'Shockwave Flash Object' located in 'file://F:\AUTORUN\Flash\swflash.cab'? If not, fix this item. |
Change status
|
| O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "text/html" and file "C:\WINDOWS\System32\w9seq.dll". |
Change status
|
| O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\gpj0l31m1.dll |
Unknown |
No exact entries found |
Change status
|
| O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
Legitimate |
Related to Intel(R) integrated graphics controller |
Change status
|
| O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
More info about file ccevtmgr.exe |
Legitimate |
Item found in 2-spyware.com database.
ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus... |
Change status
|
| O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe |
Legitimate |
Runs Common Client Password Validation Service on every Windows startup. Used by legitimate Symantec software. |
Change status
|
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
More info about file ewidoctrl.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a vital component of ewido security suite, a popular anti-spyware and anti-malware... |
Change status
|
| O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
More info about file navapsvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on... |
Change status
|
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related... |
Change status
|
| O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
More info about file hpzipm12.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a standard component of Hewlett-Packard device drivers. The presence of this file means,... |
Change status
|
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
More info about file sndsrvc.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs... |
Change status
|
| O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
More info about file wanmpsvc.exe |
Legitimate |
Item found in 2-spyware.com database.
File wanmpsvc.exe is a standard component of AOL 7.0 software and its later versions. It runs... |
Change status
|
| O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
