| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
More info about file sdmcp.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of Stardock software, which allows you to change the default look and feel of... |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Downloads\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1
.html |
Not necessary |
http://www.ixfuchdvkhmzcofaqgaewxj.com/soOSRkfPYj/aopG9LS50TM2LsTLxuedg3xJ_Tq1P85XtZrxjQD_aV2CJLNWtLwF1
.html is your Search Bar.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com |
Not necessary |
http://www.aimtoday.com is your start page.
If you do not like this fact, fix this item. |
Change status |
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie
/defaults/su/sbcydsl/*http://www.yahoo.com |
Not necessary |
http://red.clientapps.yahoo.com/customize/ie
/defaults/su/sbcydsl/*http://www.yahoo.com is your Default Search URL.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 |
Not necessary |
127.0.0.1 overrides your Proxy Server.
If you do not like this fact, fix this item. |
Change status |
| R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll |
Questionable |
If you do not recognize this entry name "AOLTBSearch Class" and this path "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll", then fix this item |
Change status |
| R3 - URLSearchHook: (no name) - <default> - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - _{23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - _{712ED2B2-4006-19F2-72BD-66D4FD07C2BD} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - _{F3C7BFAE-294B-25E2-6838-0B6245B91EB7} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {23C3AB2A-3DC0-636E-BD6C-1B2312B9C7B9} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {5D0BCC68-5CDB-5E2F-A4E2-73D58D51E3EA} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {C6477713-E0FE-E906-D252-CD3EC35675B3} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {9C12221F-B6F8-B400-D652-CD3EC35674B7} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {3DC16A11-FFFA-F154-DD56-D87F176BD8BE} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {9A472616-E3FC-B503-8752-CD3EC35622BF} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {455A3B5C-A4ED-AC42-94A0-878AD8D6FFBB} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {4B3D1B5A-8EEB-D548-9D04-AD98B960F4BB} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL |
Questionable |
If you do not recognize this path "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL", then fix this item |
Change status |
| R3 - URLSearchHook: (no name) - {5139B2EE-7A51-25FC-7889-5087E880BEEE} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing) |
Questionable |
If you do not recognize this path "C:\WINDOWS\system32\yxsy.dll (file missing)", then fix this item |
Change status |
| R3 - URLSearchHook: (no name) - {32E732AA-F511-A4BB-332B-8F6A66A9DAEF} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {919671FE-B712-B7BE-6D8D-957B47FB28E0} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {959372AB-B640-EBBA-3E8D-957B47FB2AE0} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {2A688D42-46A4-1008-DAC7-34D1ED4E9DBB} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {B8565965-95DE-C924-F3B1-E62C82185CB4} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {BE575E35-928D-9A21-F2B1-E62C82185BBF} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {BF065831-C08B-CD72-F3B1-E62C82190CE9} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {378C2E65-E885-E27A-A548-992B52E4D1E8} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {AB7B3C0A-A7B9-A74D-C540-89BAAB4B1AE1} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {648C2E35-E880-B773-F048-992B52BC87EA} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {17B460C3-A52F-F4D5-0A9A-844A34AAF4E9} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {13E435C0-A07D-A084-0C9A-844A34AAA6B8} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {B14CE14B-21A5-785A-D7F6-5717C1F65DB6} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {088FBB8A-743A-7890-17F3-5227528FE9EA} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {C92CF321-6AC0-6F6E-BAC9-41B6ABE028E3} - (no file) |
Not necessary |
Fix this item because it has no name and no file to point to |
Change status |
| R3 - URLSearchHook: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll |
Questionable |
If you do not recognize this path "C:\WINDOWS\system32\rpce.dll", then fix this item |
Change status |
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
More info about file mwssrcas.dll |
Dangerous |
Spyware related item according to inner database
MWSSRCAS.DLL is a library file that contains malicious code, which implements main parasite... |
Change status
|
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
More info about file mwsbar.dll |
Dangerous |
Spyware related item according to inner database
File MWSBAR.DLL is related to adwares WebSearch Toolbar.B and WebSearch Toolbar.bho2. |
Change status
|
| O2 - BHO: (no name) - {0B61EB48-78F3-200C-8D7A-5A27B295E3BF} - C:\WINDOWS\system32\yxsy.dll (file missing) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
| O2 - BHO: (no name) - {2B0F2A91-EE2E-B285-007A-CF8ED8E0CABD} - C:\WINDOWS\system32\olfa.dll (file missing) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
| O2 - BHO: (no name) - {2C7D5FB3-0C3B-ACF9-23A7-686032D26630} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
| O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll |
Unknown |
No exact entries found |
Insert file into database
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
| O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll |
Legitimate |
legitimate bho toolbar, related to AOL Toolbar |
Change status
|
| O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll |
Legitimate |
legitimate bho toolbar, related to MSN Toolbar |
Change status
|
| O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
| O2 - BHO: (no name) - {9928A12E-3E97-6E3F-EFC9-41B6ABE025B1} - C:\WINDOWS\system32\rpce.dll |
Unknown |
No exact entries found |
Insert file into database
|
| O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll |
Legitimate |
legitimate bho toolbar, related to FlashGet |
Change status
|
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
More info about file acroiefavclient.dll |
Legitimate |
System item according to inner database
The file belongs to Adobe Acrobat to display .pdf files in Internet Explorer. |
Change status
|
| O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll |
Legitimate |
legitimate bho toolbar, related to MSN Toolbar |
Change status
|
| O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll |
Dangerous |
spyware bho, related to OpenWares "ContextuAd" adware |
Change status
|
| O2 - BHO: (no name) - {E8BDD018-B39F-E043-E711-1B1258218FFB} - C:\DOCUME~1\Kyp\APPLIC~1\ChinEq\First Team.exe (file missing) |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
More info about file fgiebar.dll |
Questionable |
Installed and used by FlashGet, a download manager. Not a malicious parasite. However, please note that the free version bundles adware components. |
Change status
|
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
More info about file fgiebar.dll |
Legitimate |
legitimate bho, related to MSN Toolbar |
Change status
|
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
More info about file fgiebar.dll |
Not necessary |
Fix this item, because it points to file that cannot be found |
Change status
|
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
More info about file fgiebar.dll |
Unknown |
No exact entries found |
Insert file into database
|
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
More info about file acroiefavclient.dll |
Legitimate |
System item according to inner database
The file belongs to Adobe Acrobat to display .pdf files in Internet Explorer. |
Change status
|
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
More info about file mwsbar.dll |
Legitimate |
legitimate bho toolbar, related to AOL Toolbar |
Change status
|
| O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe |
Legitimate |
Application program item according to inner database
Related to BroadJump Client Foundation - broadband troubleshooting software installed by some ISPs. |
Change status
|
| O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe |
Legitimate |
Application program item according to inner database
File motivesb.exe is related to Motive Broadband Manager. This software is used by some Internet... |
Change status
|
| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup |
Legitimate |
System item according to inner database
Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
| O4 - HKLM\..\Run: [nwiz] nwiz.exe /install |
Legitimate |
System item according to inner database
Nwiz.exe is Related to nVidia graphic cards drivers.
Long name - NVIDIA nView Wizard.<br... |
Change status
|
| O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe |
Legitimate |
Application program item according to inner database
Related to drivers for various sound cards and similar devices. Places an icon in the system tray... |
Change status
|
| O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe |
Legitimate |
Application program item according to inner database
Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for... |
Change status
|
| O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
| O4 - HKLM\..\Run: [AOL Instant Messanger] aim.exe |
Legitimate |
Application program item according to inner database
AOL Instant Messenger. Located in "C:Program FilesAIM95". File aim.exe is related to trojan AIM... |
Change status
|
| O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" |
Legitimate |
Application program item according to inner database
Third-party, but legitiamte MSN Messenger extension. Can also be related to some spyware threats... |
Change status
|
| O4 - HKLM\..\Run: [team skip tray burn] C:\Documents and Settings\All Users\Application Data\jugs sixth team skip\Chic Okay.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe |
Legitimate |
Application program item according to inner database
Related to Yahoo! browser. |
Change status
|
| O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" |
Dangerous |
Spyware related item according to inner database
"It's a diagnostic tool that Verizon techs can use to troubleshoot connection problems on your... |
Change status
|
| O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot |
Legitimate |
Application program item according to inner database
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status
|
| O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" |
Legitimate |
Application program item according to inner database
Related to Adobe Acrobat Reader program. |
Change status
|
| O4 - HKLM\..\Run: [Pkwsyl] C:\Program Files\Kddhq\Xjrjj.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S |
Dangerous |
Spyware related item according to inner database
File MWSBAR.DLL is related to adwares WebSearch Toolbar.B and WebSearch Toolbar.bho2. |
Change status
|
| O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe |
Dangerous |
Spyware related item according to inner database
This is a part of an adware application, published by WebSearch. This program displays commercial... |
Change status
|
| O4 - HKLM\..\Run: [sendsafelinkgram] C:\Documents and Settings\All Users\Application Data\dart mode send safe\Wma Title.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 |
Legitimate |
Application program item according to inner database
CD image manager software. This program is used to run CDs on a computer without the cd in the... |
Change status
|
| O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit |
Legitimate |
System item according to inner database
nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
| O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154321924\ee\AOLSoftware.exe |
Legitimate |
Application program item according to inner database
Related to legitimate America Online software |
Change status
|
| O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\RunServices: [AOL Instant Messanger] aim.exe |
Legitimate |
Application program item according to inner database
AOL Instant Messenger. Located in "C:Program FilesAIM95". File aim.exe is related to trojan AIM... |
Change status
|
| O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe |
Questionable |
questionable item according to our database |
Change status
|
| O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe |
Legitimate |
Application program item according to inner database
AOL Instant Messenger. Located in "C:Program FilesAIM95". File aim.exe is related to trojan AIM... |
Change status
|
| O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart |
Legitimate |
Application program item according to inner database
Third-party, but legitiamte MSN Messenger extension. Can also be related to some spyware threats... |
Change status
|
| O4 - HKCU\..\Run: [Uqr] C:\WINDOWS\system32\WAUBOO~1.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [Heck Cash] C:\DOCUME~1\Kyp\APPLIC~1\DUMBWI~1\modegram.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\Run: [Naln] "C:\PROGRA~1\ICROSO~1\regsvr32.exe" -vt ndrv |
Dangerous |
Spyware related item according to inner database
regsvr32.exe is a command line program used to register and unregister object linking and embedding... |
Change status
|
| O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe |
Dangerous |
Spyware related item according to inner database
This is a part of an adware application, published by WebSearch. This program displays commercial... |
Change status
|
| O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? |
Not necessary |
Fix this item because it points to nowhere |
Change status
|
| O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe |
Legitimate |
Application program item according to inner database
The file is related to support system tool which is used by many companies. |
Change status
|
| O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE |
Legitimate |
Application program item according to inner database
System tray icon for WinZip software by Niko Mak Computing, Inc. WZQKPick.exe is located in... |
Change status
|
| O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html |
Not necessary |
Do you want item 'Convert link target to Adobe PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html |
Not necessary |
Do you want item 'Convert link target to existing PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html |
Not necessary |
Do you want item 'Convert selected links to Adobe PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html |
Not necessary |
Do you want item 'Convert selected links to existing PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html |
Not necessary |
Do you want item 'Convert selection to Adobe PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html |
Not necessary |
Do you want item 'Convert selection to existing PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html |
Not necessary |
Do you want item 'Convert to Adobe PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html |
Not necessary |
Do you want item 'Convert to existing PDF' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm |
Not necessary |
Do you want item 'Download All by FlashGet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm |
Not necessary |
Do you want item 'Download using FlashGet' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm |
Not necessary |
Do you want item 'Yahoo! Dictionary' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm |
Not necessary |
Do you want item 'Yahoo! Search' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll |
Not necessary |
This item represents extra button in your IE toolbar with a name 'AOL Toolbar' and points to file 'C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe |
Not necessary |
This item represents extra button in your IE toolbar with a name 'FlashGet' and points to file 'C:\PROGRA~1\FlashGet\flashget.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name '&FlashGet' and points to file 'C:\PROGRA~1\FlashGet\flashget.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) |
Not necessary |
This item represents extra button in your IE toolbar with a name 'WeatherBug' and points to file 'C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)'. If you do not want it to be there, fix this item. |
Change status
|
| O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://download.games.yahoo.com/games/clients/y/pote_x.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts
/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://ak.exe.imgfarm.com/images/nocache/funwebproducts
/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab |
Questionable |
Are you using an ActiveX object with a name 'CInstall Class' located in 'http://www.errorguard.com/installation/Install.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll |
Questionable |
Are you using an ActiveX object with no name located in 'C:\Program Files\Yahoo!\common\yinsthelper.dll'? If not, fix this item. |
Change status
|
| O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab |
Questionable |
Are you using an ActiveX object with a name 'EGamesPlugin Class' located in 'https://www.e-games.com.my/com/EGamesPlugin.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory
/P4Apps/FileSharing/en/filesharingctrl.cab |
Questionable |
Are you using an ActiveX object with a name 'FileSharingCtrl Class' located in 'http://appdirectory.messenger.msn.com/AppDirectory
/P4Apps/FileSharing/en/filesharingctrl.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_adult.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://www.tbcode.com/ist/softwares/v4.0/0006_adult.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'MessengerStatsClient Class' located in 'http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab |
Questionable |
Are you using an ActiveX object with a name 'NPKCX Control' located in 'http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab |
Questionable |
Are you using an ActiveX object with a name 'Solitaire Showdown Class' located in 'http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab'? If not, fix this item. |
Change status
|
| O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
Not necessary |
It is a protocol hijacker that points to nowhere. Fix this item. |
Change status
|
| O20 - AppInit_DLLs: wowexec.dll C:\WINDOWS\system32\wowexec.dll |
Unknown |
No exact entries found |
Change status
|
| O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll |
Legitimate |
Related to Stardock WindowBlinds |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Legitimate |
windows check |
Change status
|
| O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe |
Legitimate |
Required for PhotoshopCS |
Change status
|
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
More info about file aluschedulersvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Related to Symantec anti-virus... |
Change status
|
| O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe |
Legitimate |
Related to Macrovision Corporation. |
Change status
|
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
More info about file lucoms~1.exe |
Legitimate |
Item found in 2-spyware.com database.
The file belongs to Symantecs Internet security suite... |
Change status
|
| O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe |
Legitimate |
INCA Internet |
Change status
|
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related... |
Change status
|
| O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
More info about file symwsc.exe |
Legitimate |
Item found in 2-spyware.com database.
File symwsc.exe is included in Norton Antivirus program. It runs background process, which... |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
