| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
|
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\Ati2evxx.exe
More info about file ati2evxx.exe |
Legitimate |
Item found in 2-spyware.com library
File ati2evxx.exe, which starts a process with the same name, is the standard component of video... |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
More info about file evteng.exe |
Legitimate |
Item found in 2-spyware.com library
EvtEng.exe is an application process related to Intel EvtEng Module. It provides additional support... |
Change status |
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
More info about file s24evmon.exe |
Legitimate |
Item found in 2-spyware.com library
Related to special software required by Intel wireless hardware. It allows to configure and... |
Change status |
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
More info about file zcfgsvc.exe |
Legitimate |
Item found in 2-spyware.com library
A part of Intel wireless hardware drivers. Allows to monitor and configure the wireless connection. |
Change status |
C:\WINDOWS\system32\Ati2evxx.exe
More info about file ati2evxx.exe |
Legitimate |
Item found in 2-spyware.com library
File ati2evxx.exe, which starts a process with the same name, is the standard component of video... |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Acer\eManager\anbmServ.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
More info about file guard.exe |
Legitimate |
Item found in 2-spyware.com library
AVG Anti-spyware Guard |
Change status |
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
More info about file 1xconfig.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of the drivers for USB devices. It also is related to special monitoring and... |
Change status |
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
More info about file regsrvc.exe |
Legitimate |
Item found in 2-spyware.com library
Essential part of Intel wireless hardware drivers |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\acer\epm\epm-dm.exe
More info about file epm-dm.exe |
Legitimate |
Item found in 2-spyware.com library
Acer power management software |
Change status |
C:\WINDOWS\SOUNDMAN.EXE
More info about file soundman.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of... |
Change status |
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
More info about file ifrmewrk.exe |
Legitimate |
Item found in 2-spyware.com library
Essential part of Intel wireless hardware drivers |
Change status |
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
More info about file realsched.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status |
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
More info about file avgas.exe |
Legitimate |
Item found in 2-spyware.com library
avgas.exe is a process related to AVG anti-virus software. If you are using AVG anti-virus, this... |
Change status |
C:\Program Files\iTunes\iTunesHelper.exe
More info about file ituneshelper.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status |
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com library
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status |
C:\Program Files\Winamp\winamp.exe
More info about file winamp.exe |
Legitimate |
Item found in 2-spyware.com library
File winamp.exe, which starts a process with the same name, is the main executable component of... |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\WINDOWS\system32\f0991.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\DOCUME~1\ALICEY~1\LOCALS~1\Temp\rundll.exe
More info about file rundll.exe |
Questionable |
Process found in system process library but with a different location |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\wuauclt.exe
More info about file wuauclt.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Mozilla Firefox\firefox.exe
More info about file firefox.exe |
Legitimate |
Item found in 2-spyware.com library
File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all... |
Change status |
C:\HijackThis\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank.la?g |
Not necessary |
about.blank.la?g is your start page.
If you do not like this fact, fix this item. |
Change status |
| O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll |
Unknown |
No exact entries found |
Insert file into database
|
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
More info about file pctools.dll |
Dangerous |
Spyware related item according to inner database
pctools.dll is a library file that contains malicious code, which implements main parasite... |
Change status
|
| O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll |
Unknown |
No exact entries found |
Insert file into database
|
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
More info about file yt.dll |
Legitimate |
Application program item according to inner database
Yahoo! Toolbar |
Change status
|
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
More info about file epm-dm.exe |
Legitimate |
System item according to inner database
Acer power management software |
Change status
|
| O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
More info about file soundman.exe |
Legitimate |
System item according to inner database
Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of... |
Change status
|
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
More info about file ifrmewrk.exe |
Legitimate |
Driver related item according to inner database.
Essential part of Intel wireless hardware drivers |
Change status
|
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
More info about file realsched.exe |
Legitimate |
Application program item according to inner database
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status
|
| O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k |
Questionable |
questionable item according to our database |
Change status
|
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
More info about file googledesktop.exe |
Legitimate |
Application program item according to inner database
GoogleDesktop.exe is the main component of Google Desktop, an application that improves you... |
Change status
|
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
More info about file avgas.exe |
Legitimate |
Application program item according to inner database
avgas.exe is a process related to AVG anti-virus software. If you are using AVG anti-virus, this... |
Change status
|
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
More info about file ituneshelper.exe |
Legitimate |
Application program item according to inner database
Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\". |
Change status
|
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
More info about file avgcc.exe |
Legitimate |
System item according to inner database
It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft... |
Change status
|
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
More info about file regsvr32.exe |
Questionable |
Questionable item according to inner database
regsvr32.exe is a command line program used to register and unregister object linking and embedding... |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
More info about file adobeupdatemanager.exe |
Legitimate |
Application program item according to inner database
Related to Adobe Acrobat Reader. |
Change status
|
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
More info about file reader_sl.exe |
Legitimate |
A part of Adobe Acrobat Reader. Used to speed up the program's launch time. |
Change status
|
| O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm |
Not necessary |
Do you want item 'Download all links using BitComet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm |
Not necessary |
Do you want item 'Download all videos using BitComet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O9 - Extra button: ûÃðôÃôÃÃÃçÃø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: ÃÃ乺Ãï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: ÃÃ乺Ãï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra button in your browser - related to windows messenger. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra tools menu item - related to Windows Messenger. |
Change status
|
| O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab |
Questionable |
Are you using an ActiveX object with a name 'GamesCampus Control' located in 'http://www.gamescampus.com/xiah/luncher/GamesCampus.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab |
Legitimate |
Legitimate ActiveX item from site http://www.kaspersky.com/ |
Change status
|
| O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 |
Legitimate |
Legitimate ActiveX item from site http://go.microsoft.com/ |
Change status
|
| O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab |
Questionable |
Are you using an ActiveX object with a name 'Checkers Class' located in 'http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab |
Questionable |
Are you using an ActiveX object with a name 'UnoCtrl Class' located in 'http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab |
Questionable |
Are you using an ActiveX object with a name 'GameLauncher Control' located in 'http://www.acclaim.com/cabs/acclaim_v5.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1125072526140 |
Legitimate |
Legitimate ActiveX item from site http://update.microsoft.com/ |
Change status
|
| O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'? If not, fix this item. |
Change status
|
| O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "skype4com" and file "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL". |
Change status
|
| O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL |
Unknown |
No exact entries found |
Change status
|
| O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
Legitimate |
Related to Intel(R) integrated graphics controller |
Change status
|
| O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll |
Legitimate |
Related to Associated with the Intel PRO/Set Wireless software |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Legitimate |
windows check |
Change status
|
| O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
More info about file ati2evxx.exe |
Legitimate |
Item found in 2-spyware.com database.
File ati2evxx.exe, which starts a process with the same name, is the standard component of video... |
Change status
|
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
More info about file guard.exe |
Legitimate |
Item found in 2-spyware.com database.
AVG Anti-spyware... |
Change status
|
| O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
More info about file evteng.exe |
Legitimate |
Item found in 2-spyware.com database.
EvtEng.exe is an application process related to Intel EvtEng Module. It provides additional support... |
Change status
|
| O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe |
Legitimate |
Related to Macrovision Corporation. |
Change status
|
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
More info about file ipodservice.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a legitimate component of iTunes music program. It offers wide range of music playing and... |
Change status
|
| O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe |
Legitimate |
Related to Macromedia products: Flash, Dreamweaver, etc. |
Change status
|
| O23 - Service: NetLimiter (nlsvc) - Unknown owner - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
More info about file regsrvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Essential part of Intel wireless hardware... |
Change status
|
| O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
More info about file s24evmon.exe |
Legitimate |
Item found in 2-spyware.com database.
Related to special software required by Intel wireless hardware. It allows to configure and... |
Change status
|
| O23 - Service: ûÃðôÃôÃÃÃúÃà (Yiqilai) - Yiqilai - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe |
Unknown |
No exact entries found |
Insert file into database
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
