Should I block it?

40%

40% of PCs block this file from running.

Possible reason:

Performance resource utilization

Relationships

Parent process

explorer.exe (Windows Explorer by Microsoft Corporation)

Related files

PE file structure

Show functions

Import table

advapi32.dll

GetSecurityDescriptorSacl, RegQueryValueExA, RegCloseKey, RegOpenKeyA, SetSecurityInfo, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegDeleteValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA

kernel32.dll

GetTickCount, WriteFile, InitializeCriticalSection, Sleep, CreateDirectoryA, FindFirstFileA, GetProcAddress, RemoveDirectoryA, CopyFileA, FindClose, LoadLibraryA, CreateFileMappingA, MoveFileA, FindNextFileA, DeleteCriticalSection, CloseHandle, DeleteFileA, GlobalAlloc, GetLastError, GlobalFree, OpenMutexA, GetModuleFileNameA, CreateMutexA, GetVersionExA, LocalFree, SetFilePointer, SystemTimeToFileTime, SetFileTime, FreeLibrary, ReadFile, GetCurrentDirectoryA, LocalFileTimeToFileTime, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetStdHandle, GetLocaleInfoA, GetCurrentProcessId, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetTimeZoneInformation, GetConsoleMode, GetConsoleCP, LCMapStringW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringA, IsValidCodePage, GetOEMCP, UnmapViewOfFile, MapViewOfFile, CreateFileA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, SetEndOfFile, GetProcessHeap, CompareStringA, GetACP, GetCPInfo, HeapReAlloc, CompareStringW, GetFileAttributesA, GetModuleHandleW, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, HeapAlloc, GetSystemTimeAsFileTime, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetStdHandle, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSectionAndSpinCount, HeapSize, SetHandleCount, GetFileType, HeapCreate, VirtualFree, VirtualAlloc

shell32.dll

SHGetFolderPathA, ShellExecuteA

user32.dll

wsprintfA, DestroyWindow, SetTimer, CreateDialogParamA, KillTimer, LoadIconA, SendMessageA, IsDialogMessageA, TranslateMessage, MessageBoxA, PeekMessageA, SetClassLongA, GetDlgItem, CheckDlgButton, GetLastInputInfo, ShowWindow, IsDlgButtonChecked, DispatchMessageA, SetWindowTextA

version.dll

VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA

wininet.dll

HttpSendRequestA, InternetConnectA, HttpQueryInfoA, InternetOpenA, InternetCloseHandle, InternetReadFile, HttpOpenRequestA

facesmo2_0dn.exe

Anti-phishing Domain Advisor by Visicom Media Inc. (Signed)

Remove facesmo2_0dn.exe

Version:	1, 0, 1, 15
MD5:	84f81f23b5778dd1844d9179deee019b
SHA1:	86f7216a12344cf3077ec7daffce04f072364d44
SHA256:	20392f704e752616b4237363b840305b3826a6c8525b1b15652ddcbb24bec2fb

Overview

facesmo2_0dn.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by Visicom Media Inc. which was issued by the Thawte Consulting (Pty) Ltd. certificate authority (CA). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).

Details

File name:	facesmo2_0dn.exe
Publisher:	Visicom Media Inc. (Powered by Panda Security)
Product name:	Anti-phishing Domain Advisor
Description:	Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)
Typical file path:	C:\ProgramData\facesmooch toolbar antiphishing\facesmo2_0dn.exe
File version:	1, 0, 1, 15
Product version:	1.0
Size:	226.66 KB (232,104 bytes)
Certificate
Issued to:	Visicom Media Inc.
Authority (CA):	Thawte Consulting (Pty) Ltd.
Effective date:	Thursday, June 24, 2010
Expiration date:	Friday, June 22, 2012
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'FaceSmooch Toolbar Antiphishing' → "C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe"

Network connections

[TCP] 173.45.161.117:80

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00046735%	0.028634%
Kernel CPU:	0.00042941%	0.013761%
User CPU:	0.00003794%	0.014873%
Kernel CPU time:	1,997 ms/min	100,923,805ms/min
CPU cycles:	680,955/sec	17,470,203/sec
Context switches:	4/sec	284/sec
Memory
Private memory:	4.62 MB	21.59 MB
Private (maximum):	22.04 MB
Private (minimum):	6.83 MB
Non-paged memory:	4.62 MB	21.59 MB
Virtual memory:	110.34 MB	140.96 MB
Virtual memory (peak):	140.3 MB	169.69 MB
Working set:	21.98 MB	18.61 MB
Working set (peak):	68.48 MB	37.95 MB
Page faults:	253,118/min	2,039/min
I/O
I/O read transfer:	56.93 KB/sec	1.02 MB/min
I/O read operations:	2/sec	343/min
I/O write transfer:	22.67 KB/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	4.31 KB/sec	448.09 KB/min
I/O other operations:	12/sec	1,671/min
Resource allocations
Threads:	4	12
Handles:	221	600
GUI GDI count:	9	103
GUI GDI peak:	10	142
GUI USER count:	2	49
GUI USER peak:	3	71

Process properties

Integrety level:	Medium
Platform:	32-bit
Command line:	"C:\ProgramData\facesmooch toolbar antiphishing\facesmo2_0dn.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	100.00%

Distribution by PC manufacturer

PC Manufacturer	distribution
Toshiba	100.00%

Remove Adware and Spyware Programs, FREE Download!