| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\csrss.exe
More info about file csrss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Windows Defender\MsMpEng.exe
More info about file msmpeng.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Windows Defender program. |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\S24EvMon.exe
More info about file s24evmon.exe |
Legitimate |
Item found in 2-spyware.com library
Related to special software required by Intel wireless hardware. It allows to configure and... |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\ZCfgSvc.exe
More info about file zcfgsvc.exe |
Legitimate |
Item found in 2-spyware.com library
A part of Intel wireless hardware drivers. Allows to monitor and configure the wireless connection. |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\hkcmd.exe
More info about file hkcmd.exe |
Legitimate |
Item found in 2-spyware.com library
Hotkey Command Module for Intel Graphics Contollers. Located in "C:\WINNT\System32\" on Windows... |
Change status |
C:\Program Files\Dell\QuickSet\quickset.exe
More info about file quickset.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of specific software, which comes preinstalled on Dell computers and laptops. This... |
Change status |
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Item found in 2-spyware.com library
Checks if there are new versions of Java available. |
Change status |
| C:\Norman\bin\ZLH.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\QuickTime\qttask.exe
More info about file qttask.exe |
Legitimate |
Item found in 2-spyware.com library
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status |
C:\Program Files\iTunes\iTunesHelper.exe
More info about file ituneshelper.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status |
C:\Program Files\Windows Defender\MSASCui.exe
More info about file msascui.exe |
Legitimate |
Item found in 2-spyware.com library
The file is component of Microsoft Windows Defender application. |
Change status |
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
More info about file evntsvc.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Real-One Player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status |
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
More info about file spywareterminatorshield.exe |
Legitimate |
Item found in 2-spyware.com library
Sypware Terminator anti-spyware program |
Change status |
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Messenger\msmsgs.exe
More info about file msmsgs.exe |
Legitimate |
Item found in 2-spyware.com library
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status |
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
More info about file bttray.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to Widcomm‘s bluetooth software. |
Change status |
| C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
More info about file btwdins.exe |
Legitimate |
Item found in 2-spyware.com library
btwdins.exe is used when bluetooth device is installed. |
Change status |
| C:\Norman\Bin\Zanda.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\System32\RegSrvc.exe
More info about file regsrvc.exe |
Legitimate |
Item found in 2-spyware.com library
Essential part of Intel wireless hardware drivers |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Spyware Terminator\sp_rsser.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\System32\wltrysvc.exe
More info about file wltrysvc.exe |
Legitimate |
Item found in 2-spyware.com library
Installed alongside Broadcom wireless communication software. It is a tool that displays an icon in... |
Change status |
C:\WINDOWS\System32\bcmwltry.exe
More info about file bcmwltry.exe |
Legitimate |
Item found in 2-spyware.com library
bcmwltry.exe is BroadCom's Wireless Network Tray Applet. It runs if you are on a wireless... |
Change status |
C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com library
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status |
| C:\Norman\bin\NJEEVES.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\System32\alg.exe
More info about file alg.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\1XConfig.exe
More info about file 1xconfig.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of the drivers for USB devices. It also is related to special monitoring and... |
Change status |
C:\Program Files\Internet Explorer\IEXPLORE.EXE
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\wuauclt.exe
More info about file wuauclt.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Norman\Nvc\bin\nvcoas.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Norman\Nvc\BIN\NIP.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Norman\Nvc\BIN\NVCSCHED.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Norman\Nvc\BIN\nipsvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Norman\Nvc\bin\cclaw.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\HijackThis\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.MSDEWEY.COM/ |
Not necessary |
HTTP://WWW.MSDEWEY.COM/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=69157 is your start page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = |
Not necessary |
Fix this item because it points to nowhere |
Change status |
| O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll |
Unknown |
No exact entries found |
Insert file into database
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
More info about file yt.dll |
Legitimate |
Application program item according to inner database
Yahoo! Toolbar |
Change status
|
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
More info about file igfxtray.exe |
Legitimate |
System item according to inner database
From a user: I just(hours ago) installed some newer Intel graphics drivers in my system(82810E),... |
Change status
|
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
More info about file hkcmd.exe |
Legitimate |
System item according to inner database
Hotkey Command Module for Intel Graphics Contollers. Located in "C:\WINNT\System32\" on Windows... |
Change status
|
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
More info about file quickset.exe |
Legitimate |
Application program item according to inner database
This is a part of specific software, which comes preinstalled on Dell computers and laptops. This... |
Change status
|
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
More info about file jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
More info about file pronomgr.exe |
Legitimate |
System item according to inner database
Related to drivers for the Intel PRO 100 network card.
System Tray icon for Intel PRO... |
Change status
|
| O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
More info about file qttask.exe |
Legitimate |
Application program item according to inner database
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status
|
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
More info about file ituneshelper.exe |
Legitimate |
Application program item according to inner database
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status
|
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
More info about file msascui.exe |
Legitimate |
Application program item according to inner database
The file is component of Microsoft Windows Defender application. |
Change status
|
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
More info about file evntsvc.exe |
Legitimate |
Application program item according to inner database
Related to Real-One Player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status
|
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
More info about file spywareterminatorshield.exe |
Legitimate |
Application program item according to inner database
Sypware Terminator anti-spyware program |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
More info about file msmsgs.exe |
Legitimate |
System item according to inner database
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status
|
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
More info about file reader_sl.exe |
Legitimate |
A part of Adobe Acrobat Reader. Used to speed up the program's launch time. |
Change status
|
| O4 - Global Startup: BTTray.lnk = ? |
Not necessary |
Fix this item because it points to nowhere |
Change status
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm |
Not necessary |
This item represents extra button in your IE toolbar with a name '@btrez.dll,-4015' and points to file 'C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name '@btrez.dll,-4017' and points to file 'C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Run IMVU' and points to file 'C:\WINDOWS\System32\shdocvw.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra button in your browser - related to windows messenger. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra tools menu item - related to Windows Messenger. |
Change status
|
| O11 - Options group: [INTERNATIONAL] International* |
Questionable |
This item represents a group added to Advanced Options tab in IE Tools > Internet Options menu. Should the item called "INTERNATIONAL" be there? If not, fix it. |
Change status
|
| O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 |
Legitimate |
Legitimate ActiveX item from site http://go.microsoft.com/ |
Change status
|
| O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1167410726832 |
Legitimate |
Legitimate ActiveX item from site http://update.microsoft.com/ |
Change status
|
| O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4907/mcfscan.cab |
Legitimate |
Legitimate ActiveX item from site http://download.mcafee.com/ |
Change status
|
| O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "widimg" and file "C:\WINDOWS\System32\btxppanel.dll". |
Change status
|
| O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
Legitimate |
Related to Intel(R) integrated graphics controller |
Change status
|
| O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll |
Legitimate |
Related to Associated with the Intel PRO/Set Wireless software |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Legitimate |
windows check |
Change status
|
| O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll |
Legitimate |
The file belongs to WMP11 Beta application. |
Change status
|
| O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
More info about file btwdins.exe |
Legitimate |
Item found in 2-spyware.com database.
btwdins.exe is used when bluetooth device is... |
Change status
|
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status
|
| O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe |
Legitimate |
Norman Anti-Virus |
Change status
|
| O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE |
Legitimate |
Norman Anti Virus |
Change status
|
| O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe |
Legitimate |
Norman Anti Virus |
Change status
|
| O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe |
Legitimate |
Norman Virus Control on-access component |
Change status
|
| O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE |
Legitimate |
Norman Virus Control Scheduler |
Change status
|
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
More info about file regsrvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Essential part of Intel wireless hardware... |
Change status
|
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
More info about file s24evmon.exe |
Legitimate |
Item found in 2-spyware.com database.
Related to special software required by Intel wireless hardware. It allows to configure and... |
Change status
|
| O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
More info about file wltrysvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Installed alongside Broadcom wireless communication software. It is a tool that displays an icon in... |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
