| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
|
Change status |
C:\WINDOWS\system32\csrss.exe
More info about file csrss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\SYSTEM32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\SOUNDMAN.EXE
More info about file soundman.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of... |
Change status |
C:\WINDOWS\System32\VTTimer.exe
More info about file vttimer.exe |
Legitimate |
Item found in 2-spyware.com library
This is an essential component of VIA graphics card drivers. It runs background process, which... |
Change status |
C:\WINDOWS\System32\carpserv.exe
More info about file carpserv.exe |
Legitimate |
Item found in 2-spyware.com library
Background application which enables the internal modem speaker and allows you to listen to the... |
Change status |
C:\Program Files\Winamp\winampa.exe
More info about file winampa.exe |
Legitimate |
Item found in 2-spyware.com library
winampa.exe is represented by a system tray icon and stands for Winamp player agent. |
Change status |
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
More info about file pccguide.exe |
Legitimate |
Item found in 2-spyware.com library
pccguide.exe is related to Trend Micro PC-cillin anti-virus software. pccguide.exe is located in... |
Change status |
C:\Program Files\Messenger\msmsgs.exe
More info about file msmsgs.exe |
Legitimate |
Item found in 2-spyware.com library
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status |
C:\WINDOWS\System32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\a2\a2guard.exe
More info about file a2guard.exe |
Legitimate |
Item found in 2-spyware.com library
An essential component of a-squared Personal, a legitimate anti-spyware and anti-malware program. |
Change status |
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
More info about file naturalcolorload.exe |
Legitimate |
Item found in 2-spyware.com library
Samsung monitor tool used to adjust color settings. |
Change status |
C:\Program Files\BHODemon 2\BHODemon.exe
More info about file bhodemon.exe |
Legitimate |
Item found in 2-spyware.com library
Main component of the BHODemon program, which is used to manage Internet Explorer plug-ins and... |
Change status |
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
More info about file ymsgr_tray.exe |
Legitimate |
Item found in 2-spyware.com library
ymsgr_tray.exe is part of Yahoo! Instant Messenger. If you are using this Yahoo! service, do not... |
Change status |
C:\WINDOWS\System32\PackethSvc.exe
More info about file packethsvc.exe |
Legitimate |
Item found in 2-spyware.com library
This file is related to America Online software. It runs the Virtual NIC Service. |
Change status |
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
More info about file sagent2.exe |
Legitimate |
Item found in 2-spyware.com library
Epson Printer Status Agent. Located in "C:\Program Files\Common Files\EPSON\EBAPI\". |
Change status |
C:\Program Files\ewido\security suite\ewidoctrl.exe
More info about file ewidoctrl.exe |
Legitimate |
Item found in 2-spyware.com library
This is a vital component of ewido security suite, a popular anti-spyware and anti-malware program. |
Change status |
C:\Program Files\ewido\security suite\ewidoguard.exe
More info about file ewidoguard.exe |
Legitimate |
Item found in 2-spyware.com library
This is a vital component of ewido security suite, which is a popular anti-spyware and anti-malware... |
Change status |
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
More info about file mdm.exe |
Legitimate |
Item found in 2-spyware.com library
mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM... |
Change status |
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
More info about file pcctlcom.exe |
Legitimate |
Item found in 2-spyware.com library
This is an important part of the Trend Micro Internet Security suite. |
Change status |
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
More info about file tmntsrv.exe |
Legitimate |
Item found in 2-spyware.com library
tmntsrv.exe is the main PC-Cilin anti-virus real time scanning process. It is an essential security... |
Change status |
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
More info about file tmproxy.exe |
Legitimate |
Item found in 2-spyware.com library
This is the significant part of Trend Micro PC-cillin Internet Security software. File tmproxy.exe... |
Change status |
C:\WINDOWS\System32\wdfmgr.exe
More info about file wdfmgr.exe |
Legitimate |
Item found in 2-spyware.com library
A part of Microsoft Windows Media Player 10. It is used to eliminate software compatibility... |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
More info about file tmpfw.exe |
Legitimate |
Item found in 2-spyware.com library
This is an important part of the Trend Micro Internet Security suite. |
Change status |
C:\Program Files\LeechGet 2005\LeechGet.exe
More info about file leechget.exe |
Legitimate |
Item found in 2-spyware.com library
Main component of the LeechGet 2005 download manager. LeechGet 2005 is a legitimate product. |
Change status |
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
More info about file gcasdtserv.exe |
Legitimate |
Item found in 2-spyware.com library
An essential part of Microsoft AntiSpyware. It is required to run and control the program. |
Change status |
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
More info about file gcasserv.exe |
Legitimate |
Item found in 2-spyware.com library
gcasServ.exe is an essential component of Microsoft AntiSpyware. Do not terminate this process if... |
Change status |
C:\Program Files\Mozilla Firefox\firefox.exe
More info about file firefox.exe |
Legitimate |
Item found in 2-spyware.com library
File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all... |
Change status |
C:\WINDOWS\System32\wuauclt.exe
More info about file wuauclt.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\wuauclt.exe
More info about file wuauclt.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Documents and Settings\JOSIE\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
|
Not necessary |
http://www.yahoo.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
|
Not necessary |
Fix this item because it points to nowhere |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
|
Not necessary |
Fix this item because it points to nowhere |
Change status |
| R3 - Default URLSearchHook is missing
|
Not necessary |
|
Change status |
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
More info about file yt.dll
|
Legitimate |
Application program item according to inner database
Yahoo! Toolbar |
Change status
|
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
More info about file soundman.exe |
Legitimate |
System item according to inner database
Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of... |
Change status
|
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
More info about file vttimer.exe |
Legitimate |
Application program item according to inner database
This is an essential component of VIA graphics card drivers. It runs background process, which... |
Change status
|
O4 - HKLM\..\Run: [CARPService] carpserv.exe
More info about file carpserv.exe |
Legitimate |
System item according to inner database
Background application which enables the internal modem speaker and allows you to listen to the... |
Change status
|
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
More info about file winampa.exe |
Legitimate |
Application program item according to inner database
winampa.exe is represented by a system tray icon and stands for Winamp player agent. |
Change status
|
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
More info about file bdswitch.exe |
Legitimate |
Application program item according to inner database
Essential component of the BitDefender antivirus. |
Change status
|
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
More info about file trjscan.exe |
Legitimate |
Application program item according to inner database
Trojan Remover is an anti-trojan tool |
Change status
|
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
More info about file pccguide.exe |
Legitimate |
Application program item according to inner database
pccguide.exe is related to Trend Micro PC-cillin anti-virus software. pccguide.exe is located in... |
Change status
|
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
More info about file gcasserv.exe |
Legitimate |
Application program item according to inner database
gcasServ.exe is an essential component of Microsoft AntiSpyware. Do not terminate this process if... |
Change status
|
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
More info about file msmsgs.exe |
Legitimate |
System item according to inner database
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status
|
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
More info about file ypager.exe |
Legitimate |
Application program item according to inner database
Related to Yahoo Messenger. Located in "C:\PROGRA~1\Yahoo!\MESSEN~1\". File ypager.exe is related... |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
More info about file a2guard.exe |
Legitimate |
Application program item according to inner database
An essential component of a-squared Personal, a legitimate anti-spyware and anti-malware program. |
Change status
|
| O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
|
Legitimate |
Runs the Windows Washer utility, which is a legitimate program that allows to remove unused files, erase tracks and clean up the system. |
Change status
|
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
More info about file bhodemon.exe |
Legitimate |
Runs a main component of the BHODemon program on Windows startup. BHODemon manages Internet Explorer plug-ins and protects the web browser from unsolicited add-ons. |
Change status
|
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
More info about file osa.exe |
Legitimate |
Application program item according to inner database
The Office Startup Assistant (Osa.exe or OSA) is a program that improves the performance of Office... |
Change status
|
| O4 - Global Startup: NaturalColorLoad.lnk = ?
|
Not necessary |
Fix this item because it points to nowhere |
Change status
|
| O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
|
Not necessary |
Do you want item 'Download using LeechGet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
|
Not necessary |
Do you want item 'Download using LeechGet Wizard' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
|
Not necessary |
Do you want item 'Parse with LeechGet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
|
Not necessary |
This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
|
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Yahoo! Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
|
Not necessary |
Fix this item. It represents extra button in your IE toolbar and points to file that doesn't exist. |
Change status
|
| O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
|
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
|
Questionable |
Are you using an ActiveX object with a name 'HouseCall Control' located in 'http://housecall60.trendmicro.com/housecall/xscan60.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
|
Legitimate |
Legitimate ActiveX item from site http://www.kaspersky.com/ |
Change status
|
| O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
|
Legitimate |
Legitimate ActiveX item from site http://download.ewido.net/ |
Change status
|
| O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
|
Questionable |
Are you using an ActiveX object with no name located in 'file://c:\ex.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
|
Questionable |
Are you using an ActiveX object with a name 'PSFormX Control' located in 'http://www.my-etrust.com/Support/PestScanner/pestscan.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
|
Questionable |
Are you using an ActiveX object with no name located in 'file://c:\eied_s7.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124938152633
|
Legitimate |
Legitimate ActiveX item from site http://update.microsoft.com/ |
Change status
|
| O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37300.cab
|
Legitimate |
Legitimate ActiveX item from site http://download.zonelabs.com/ |
Change status
|
| O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
|
Legitimate |
Legitimate ActiveX item from site http://us.mcafee.com/ |
Change status
|
| O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
|
Questionable |
Are you using an ActiveX object with a name 'ASquaredScanForm Element' located in 'http://www.windowsecurity.com/trojanscan/axscan.cab'? If not, fix this item. |
Change status
|
| O17 - HKLM\System\CCS\Services\Tcpip\..\{0F5B34BF-98AB-474F-9F8E-97A4AA03F9AB}: NameServer = 202.69.170.10 202.69.165.10
|
Questionable |
Do you recognize these IP addresses '202.69.170.10 202.69.165.10' as your internet provider DNS servers? If not, fix this item. |
Change status
|
| O17 - HKLM\System\CS2\Services\Tcpip\..\{0F5B34BF-98AB-474F-9F8E-97A4AA03F9AB}: NameServer = 202.69.170.10 202.69.165.10
|
Questionable |
Do you recognize these IP addresses '202.69.170.10 202.69.165.10' as your internet provider DNS servers? If not, fix this item. |
Change status
|
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
More info about file sagent2.exe
|
Legitimate |
Item found in 2-spyware.com database.
Epson Printer Status Agent. Located in "C:\Program Files\Common... |
Change status
|
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
More info about file ewidoctrl.exe
|
Legitimate |
Item found in 2-spyware.com database.
This is a vital component of ewido security suite, a popular anti-spyware and anti-malware... |
Change status
|
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
More info about file ewidoguard.exe
|
Legitimate |
Item found in 2-spyware.com database.
This is a vital component of ewido security suite, which is a popular anti-spyware and anti-malware... |
Change status
|
| O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - (no file)
|
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
More info about file packethsvc.exe
|
Legitimate |
Item found in 2-spyware.com database.
This file is related to America Online software. It runs the Virtual NIC... |
Change status
|
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
More info about file pcctlcom.exe
|
Legitimate |
Item found in 2-spyware.com database.
This is an important part of the Trend Micro Internet Security... |
Change status
|
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
More info about file tmntsrv.exe
|
Legitimate |
Item found in 2-spyware.com database.
tmntsrv.exe is the main PC-Cilin anti-virus real time scanning process. It is an essential security... |
Change status
|
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
More info about file tmpfw.exe
|
Legitimate |
Item found in 2-spyware.com database.
This is an important part of the Trend Micro Internet Security... |
Change status
|
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
More info about file tmproxy.exe
|
Legitimate |
Item found in 2-spyware.com database.
This is the significant part of Trend Micro PC-cillin Internet Security software. File tmproxy.exe... |
Change status
|
(91/100)
(89/100)
(85/100)
(80/100)
(75/100)
