| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
|
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\Ati2evxx.exe
More info about file ati2evxx.exe |
Legitimate |
Item found in 2-spyware.com library
File ati2evxx.exe, which starts a process with the same name, is the standard component of video... |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\ISS\Proventia Desktop\blackd.exe
More info about file blackd.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of BlackICE PC Protection suite. This software runs a firewall and protects the... |
Change status |
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
More info about file frameworkservice.exe |
Legitimate |
Item found in 2-spyware.com library
This file is a part of McAfee antivirus and security-related software. It is required to run such... |
Change status |
C:\Program Files\Network Associates\VirusScan\mcshield.exe
More info about file mcshield.exe |
Legitimate |
Item found in 2-spyware.com library
Process mcshield.exe usually starts automatically on system's startup and stays in background. It... |
Change status |
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
More info about file vstskmgr.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of McAfee VirusScan antivirus program. It runs critical process, which is needed by... |
Change status |
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
More info about file mdm.exe |
Legitimate |
Item found in 2-spyware.com library
mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM... |
Change status |
| C:\Program Files\ISS\Proventia Desktop\RapApp.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\ISS\Proventia Desktop\vpatch.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com library
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
More info about file shstat.exe |
Legitimate |
Item found in 2-spyware.com library
This file is a part of McAfee antivirus and security-related software. It is required to run such... |
Change status |
C:\WINDOWS\system32\dla\tfswctrl.exe
More info about file tfswctrl.exe |
Legitimate |
Item found in 2-spyware.com library
tfswctrl.exe fullname DLA Packet Writing Software
tfswctrl.exe Related to CD burning... |
Change status |
C:\Program Files\iTunes\iTunesHelper.exe
More info about file ituneshelper.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status |
C:\Program Files\MSN Messenger\MsnMsgr.Exe
More info about file msnmsgr.exe |
Legitimate |
Item found in 2-spyware.com library
Microsoft Windows Messenger chat client. |
Change status |
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\ISS\Proventia Desktop\blackice.exe
More info about file blackice.exe |
Legitimate |
Item found in 2-spyware.com library
BlackICE is a firewall. blackice.exe is located in "C:\Program Files\ISS\BlackICE\". |
Change status |
C:\Program Files\Internet Explorer\IEXPLORE.EXE
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Messenger\msmsgs.exe
More info about file msmsgs.exe |
Legitimate |
Item found in 2-spyware.com library
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status |
| C:\Program Files\MSN Messenger\usnsvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
More info about file outlook.exe |
Questionable |
This process is usually legitimate and related to Microsoft Office. But it also might be a part of parasite, depending on its location and other factors. Make some further research on it. |
Change status |
C:\Documents and Settings\Mike\Desktop\HJT\Hijackthis\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ |
Not necessary |
http://www.foxnews.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 |
Not necessary |
http://go.microsoft.com/fwlink/?LinkId=69157 is your start page.
If you do not like this fact, fix this item. |
Change status |
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
| O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll |
Legitimate |
Related to legitimate software from Veritas, Hewlett Packard, Sonic, etc. |
Change status
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
More info about file shstat.exe |
Legitimate |
Application program item according to inner database
This file is a part of McAfee antivirus and security-related software. It is required to run such... |
Change status
|
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
More info about file atiptaxx.exe |
Legitimate |
System item according to inner database
ATI Desktop Control Panel from ATI Technologies, Inc. Located in "C:\Program Files\ATI... |
Change status
|
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
More info about file psdrvcheck.exe |
Legitimate |
Application program item according to inner database
Related to Pinnacle InstantCopy CD/DVD software. Located in "C:\WINDOWS\SYSTEM\" on Windows... |
Change status
|
| O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k |
Questionable |
questionable item according to our database |
Change status
|
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
More info about file tfswctrl.exe |
Legitimate |
System item according to inner database
tfswctrl.exe fullname DLA Packet Writing Software
tfswctrl.exe Related to CD burning... |
Change status
|
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
More info about file ituneshelper.exe |
Legitimate |
Application program item according to inner database
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status
|
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
More info about file msnmsgr.exe |
Legitimate |
System item according to inner database
Microsoft Windows Messenger chat client. |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
More info about file adobe gamma loader.exe |
Legitimate |
Application program item according to inner database
From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display.... |
Change status
|
| O4 - Global Startup: Proventia Desktop Agent.lnk = ? |
Not necessary |
Fix this item because it points to nowhere |
Change status
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra button in your browser - related to windows messenger. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra tools menu item - related to Windows Messenger. |
Change status
|
| O11 - Options group: [INTERNATIONAL] International* |
Questionable |
This item represents a group added to Advanced Options tab in IE Tools > Internet Options menu. Should the item called "INTERNATIONAL" be there? If not, fix it. |
Change status
|
| O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'Checkers Class' located in 'http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB |
Questionable |
Are you using an ActiveX object with a name 'SysProWmi Class' located in 'http://support.dell.com/systemprofiler/SysPro.CAB'? If not, fix this item. |
Change status
|
| O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/141p/html/gtdownlr.cab |
Questionable |
Are you using an ActiveX object with a name 'Automatic Driver Installation Control' located in 'http://inst.c-wss.com/141p/html/gtdownlr.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab |
Questionable |
Are you using an ActiveX object with a name 'Scanner.SysScanner' located in 'http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/wuweb_site.cab?1146790903687 |
Legitimate |
Legitimate ActiveX item from site http://update.microsoft.com/ |
Change status
|
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1179888048625 |
Questionable |
Are you using an ActiveX object with a name 'MUWebControl Class' located in 'http://www.update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1179888048625'? If not, fix this item. |
Change status
|
| O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab |
Questionable |
Are you using an ActiveX object with a name 'Shutterfly Picture Upload Plugin' located in 'http://web1.shutterfly.com/downloads/Uploader.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab |
Questionable |
Are you using an ActiveX object with a name 'Shockwave Flash Object' located in 'http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'? If not, fix this item. |
Change status
|
| O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "livecall" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL". |
Change status
|
| O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "msnim" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL". |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Legitimate |
windows check |
Change status
|
| O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll |
Legitimate |
The file belongs to WMP11 Beta application. |
Change status
|
| O21 - SSODL: shellservice - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll |
Unknown |
No exact entries found |
Change status
|
| O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
More info about file ati2evxx.exe |
Legitimate |
Item found in 2-spyware.com database.
File ati2evxx.exe, which starts a process with the same name, is the standard component of video... |
Change status
|
| O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe |
Legitimate |
ATI Video Card Control Panel |
Change status
|
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
More info about file blackd.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a part of BlackICE PC Protection suite. This software runs a firewall and protects the... |
Change status
|
| O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe |
Legitimate |
Related to Novel server. |
Change status
|
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
More info about file googleupdaterservice.exe |
Legitimate |
Item found in 2-spyware.com database.
Service for Google... |
Change status
|
| O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe |
Legitimate |
Related to Macrovision Corporation. |
Change status
|
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status
|
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
More info about file frameworkservice.exe |
Legitimate |
Item found in 2-spyware.com database.
This file is a part of McAfee antivirus and security-related software. It is required to run such... |
Change status
|
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
More info about file mcshield.exe |
Legitimate |
Item found in 2-spyware.com database.
Process mcshield.exe usually starts automatically on system's startup and stays in background. It... |
Change status
|
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
More info about file vstskmgr.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a part of McAfee VirusScan antivirus program. It runs critical process, which is needed by... |
Change status
|
| O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe |
Legitimate |
Black Ice Firewall related |
Change status
|
| O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe |
Unknown |
No exact entries found |
Insert file into database
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
