| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
|
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\explorer.exe
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\RTHDCPL.EXE
More info about file rthdcpl.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to Realtek HD Audio software. |
Change status |
| C:\Program Files\VDOTool\TBPanel.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
More info about file hpcmpmgr.exe |
Legitimate |
Item found in 2-spyware.com library
hpcmpmgr.exe is part of the Hewlett-Packard Component Manager tool, which comes pre-installed on HP... |
Change status |
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
More info about file hpwuschd.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to Hewlett- Packard software. |
Change status |
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
More info about file apdproxy.exe |
Legitimate |
Item found in 2-spyware.com library
apdproxy.exe is related to Adobe Photoshop Album software. |
Change status |
C:\Program Files\QuickTime\qttask.exe
More info about file qttask.exe |
Legitimate |
Item found in 2-spyware.com library
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status |
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Item found in 2-spyware.com library
Checks if there are new versions of Java available. |
Change status |
C:\WINDOWS\system32\RUNDLL32.EXE
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\PROGRA~1\AVG\AVG8\avgtray.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
More info about file nmbgmonitor.exe |
Legitimate |
Item found in 2-spyware.com library
NMBgMonitor.exe is related to the Nero CD burning system. You should not terminate this process... |
Change status |
| C:\Program Files\DNA\btdna.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Program Files\Free Download Manager\FUM\fumoei.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Program Files\Internet Download Manager\IDMan.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\PROGRA~1\AVG\AVG8\avgfws8.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com library
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status |
| C:\WINDOWS\system32\perfs.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\WINDOWS\system32\PnkBstrA.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\WINDOWS\system32\PnkBstrB.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\WINDOWS\system32\routing.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\PROGRA~1\AVG\AVG8\avgam.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\PROGRA~1\AVG\AVG8\avgrsx.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\PROGRA~1\AVG\AVG8\avgnsx.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRA~1\AVG\AVG8\avgemc.exe
More info about file avgemc.exe |
Legitimate |
Item found in 2-spyware.com library
It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft... |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Internet Explorer\IEXPLORE.EXE
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Internet Download Manager\IEMonitor.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\wuauclt.exe
More info about file wuauclt.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\PROGRA~1\AVG\AVG8\avgscanx.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
More info about file jucheck.exe |
Legitimate |
Item found in 2-spyware.com library
jucheck.exe belongs to Java Virtual Machine software and may be terminated at will, which might... |
Change status |
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
More info about file ymsgr_tray.exe |
Legitimate |
Item found in 2-spyware.com library
ymsgr_tray.exe is part of Yahoo! Instant Messenger. If you are using this Yahoo! service, do not... |
Change status |
| C:\Documents and Settings\MERBEN\My Documents\Downloads\Programs\HiJackThis_v2.exe |
Unknown |
No exact entries found |
Insert file into database
|
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8
/*http://www.yahoo.com/ext/search/search.html |
Not necessary |
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8
/*http://www.yahoo.com/ext/search/search.html is your Search Bar.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecoolpics.net/ |
Not necessary |
http://thecoolpics.net/ is your start page.
If you do not like this fact, fix this item. |
Change status |
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8
/*http://www.yahoo.com/ext/search/search.html |
Not necessary |
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8
/*http://www.yahoo.com/ext/search/search.html is your Search Bar.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ |
Not necessary |
http://www.yahoo.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com |
Not necessary |
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com is your default SearchURL.
If you do not like this fact, fix this item. |
Change status |
| R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll |
Questionable |
If you do not recognize this entry name "Yahoo! Toolbar" and this path "C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll", then fix this item |
Change status |
| O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll |
Legitimate |
legitimate bho toolbar, related to Internet Download Manager |
Change status
|
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
| O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll |
Unknown |
No exact entries found |
Insert file into database
|
| O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL |
Unknown |
No exact entries found |
Insert file into database
|
| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll |
Legitimate |
legitimate bho toolbar, related to SpyBot Search&Destroy |
Change status
|
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
More info about file yiesrvc.dll |
Legitimate |
Application program item according to inner database
The file is related to Yahoo! software. |
Change status
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
| O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
| O2 - BHO: (no name) - {FE7F4BC2-5EA6-4D0D-90FE-3157E00E9A84} - C:\WINDOWS\system32\atkctr.dll |
Unknown |
No exact entries found |
Insert file into database
|
| O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL |
Unknown |
No exact entries found |
Insert file into database
|
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
More info about file yt.dll |
Legitimate |
Application program item according to inner database
Yahoo! Toolbar |
Change status
|
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
More info about file rthdcpl.exe |
Legitimate |
Application program item according to inner database
The file is related to Realtek HD Audio software. |
Change status
|
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
More info about file skytel.exe |
Legitimate |
Application program item according to inner database
skytel.exe stands for the Realtek Voice Manager, which is part of Realtek devices. |
Change status
|
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
More info about file alcmtr.exe |
Legitimate |
Runs a tool related to RealTek sound card drivers on Windows startup. |
Change status
|
| O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
More info about file nvcpl.dll |
Legitimate |
System item according to inner database
Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
More info about file nwiz.exe |
Legitimate |
System item according to inner database
Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br... |
Change status
|
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
More info about file hpcmpmgr.exe |
Legitimate |
Application program item according to inner database
hpcmpmgr.exe is part of the Hewlett-Packard Component Manager tool, which comes pre-installed on HP... |
Change status
|
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
More info about file hpwuschd.exe |
Legitimate |
Application program item according to inner database
The file is related to Hewlett- Packard software. |
Change status
|
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
More info about file apdproxy.exe |
Legitimate |
Application program item according to inner database
apdproxy.exe is related to Adobe Photoshop Album software. |
Change status
|
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
More info about file qttask.exe |
Legitimate |
Application program item according to inner database
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status
|
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
More info about file jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
More info about file nvmctray.dll |
Legitimate |
System item according to inner database
nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
| O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
More info about file nmbgmonitor.exe |
Legitimate |
Application program item according to inner database
NMBgMonitor.exe is related to the Nero CD burning system. You should not terminate this process... |
Change status
|
| O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot |
Questionable |
questionable item according to our database |
Change status
|
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
More info about file reader_sl.exe |
Legitimate |
A part of Adobe Acrobat Reader. Used to speed up the program's launch time. |
Change status
|
| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present |
Questionable |
This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item. |
Change status
|
| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
Questionable |
This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item. |
Change status
|
| O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 |
Questionable |
This item can be set only by administrator of the PC. If you are administrator and you did not set this one, then fix this item. |
Change status
|
| O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm |
Not necessary |
Do you want item 'Download all links with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm |
Not necessary |
Do you want item 'Download FLV video content with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm |
Not necessary |
Do you want item 'Download with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll |
Legitimate |
Legitimate extra button in your browser - related to Yahoo! Services. |
Change status
|
| O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Upload' and points to file 'C:\WINDOWS\system32\shdocvw.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll |
Questionable |
Are you using an ActiveX object with a name 'Installation Support' located in 'C:\Program Files\Yahoo!\Common\Yinsthelper.dll'? If not, fix this item. |
Change status
|
| O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab |
Questionable |
Are you using an ActiveX object with a name 'System Requirements Lab' located in 'http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab'? If not, fix this item. |
Change status
|
| O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll |
Questionable |
It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "linkscanner" and file "C:\Program Files\AVG\AVG8\avgpp.dll". |
Change status
|
| O20 - AppInit_DLLs: avgrsstx.dll |
Unknown |
No exact entries found |
Change status
|
| O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll |
Unknown |
No exact entries found |
Change status
|
| O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll |
Unknown |
No exact entries found |
Change status
|
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
More info about file avgemc.exe |
Legitimate |
Item found in 2-spyware.com database.
It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft... |
Change status
|
| O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe |
Legitimate |
Related to Macrovision Corporation. |
Change status
|
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status
|
| O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe |
Legitimate |
Installed alongside DSL drivers from AVM Fritz's range of modem products.
http://www.liutilities.com/products
/wintaskspro/processlibrary/de_serv/ |
Change status
|
| O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
Legitimate |
Part of TuneUp Utilities |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
