NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Results of analyzing your log
The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe
Legitimate items8264%
Not necessary items97%
 9171%

File and registry entries that can be both dangerous or safe
Questionable items129%
Unknown items2217%
 3426%

Files and registry entries considered to be DANGEROUS. Fix immediately!
Dangerous items32%


Line: Status: Comments: Actions:
C:\WINDOWS\System32\smss.exe
More info about file smss.exe		 Legitimate Process found in system process library Change status
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe		 Legitimate Process found in system process library Change status
C:\WINDOWS\system32\services.exe
More info about file services.exe		 Legitimate In most of cases it is legitimate system process, only sometimes can be used by malicious software Change status
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe		 Legitimate Process found in system process library Change status
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe		 Legitimate Process found in system process library Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe		 Legitimate Process found in system process library Change status
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
More info about file ireike.exe		 Legitimate Item found in 2-spyware.com library
This file is a component of Microsoft L2TP/IPSec VPN (Layer Two Tunneling Protocl and Internet...		 Change status
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe		 Legitimate Process found in system process library Change status
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
More info about file defwatch.exe		 Legitimate Item found in 2-spyware.com library
This file is a standard component of Norton AntiVirus Corporate Edition application. Process...		 Change status
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
More info about file sagent2.exe		 Legitimate Item found in 2-spyware.com library
Epson Printer Status Agent. Located in "C:\Program Files\Common Files\EPSON\EBAPI\".		 Change status
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe		 Legitimate Process found in system process library Change status
C:\Program Files\ewido anti-malware\ewidoctrl.exe
More info about file ewidoctrl.exe		 Legitimate Item found in 2-spyware.com library
This is a vital component of ewido security suite, a popular anti-spyware and anti-malware program.		 Change status
C:\WINDOWS\system32\inetsrv\inetinfo.exe
More info about file inetinfo.exe		 Legitimate Item found in 2-spyware.com library
File inetinfo.exe is related to Microsoft Internet Information Services. This software acts as a...		 Change status
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe Unknown No exact entries found Insert file into database
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
More info about file rtvscan.exe		 Legitimate Item found in 2-spyware.com library
File rtvscan.exe is an essential component of Norton AntiVirus application, published by Symantec...		 Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe		 Legitimate Process found in system process library Change status
C:\WINDOWS\system32\Tablet.exe
More info about file tablet.exe		 Legitimate Item found in 2-spyware.com library
wacom tablet saftware or driver, perferctly safe		 Change status
C:\Program Files\Dell\AccessDirect\dadapp.exe
More info about file dadapp.exe		 Legitimate Item found in 2-spyware.com library
Handles the customizable buttons on Dell laptops. Located in "C:\Program Files\Dell\AccessDirect\".		 Change status
C:\Program Files\Dell\AccessDirect\DadTray.exe Unknown No exact entries found Insert file into database
C:\Program Files\Dell\QuickSet\quickset.exe
More info about file quickset.exe		 Legitimate Item found in 2-spyware.com library
This is a part of specific software, which comes preinstalled on Dell computers and laptops. This...		 Change status
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
More info about file syntplpr.exe		 Legitimate Item found in 2-spyware.com library
Related to Synaptics touch pads. Located in "C:\Program Files\Synaptics\SynTP\".
created by:...		 Change status
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
More info about file syntpenh.exe		 Legitimate Item found in 2-spyware.com library
System tray access for Synaptics touch pads. Located in "C:\Program Files\Synaptics\SynTP\". 		Change status
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
More info about file dvdlauncher.exe		 Legitimate Item found in 2-spyware.com library
A part of CyberLink PowerDVD, video playing software.		 Change status
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
More info about file vptray.exe		 Legitimate Item found in 2-spyware.com library
System tray icon for Norton Anti-Virus. Located in "C:\Program Files\NavNT\"		 Change status
C:\WINDOWS\System32\hpnra.exe
More info about file hpnra.exe		 Dangerous Item found in 2-spyware.com library
hpnra.exe is a file with unknown purpose.		 Change status
C:\WINDOWS\system32\gsicon.exe
More info about file gsicon.exe		 Legitimate Item found in 2-spyware.com library
The file is related to Eicon modem application.		 Change status
C:\WINDOWS\system32\dslagent.exe Legitimate The file is used for ADSL connection configuration. Insert file into database
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe Unknown No exact entries found Insert file into database
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
More info about file hpwuschd2.exe		 Legitimate Item found in 2-spyware.com library
The file is related to Hewlett Packard software.		 Change status
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
More info about file issch.exe		 Legitimate Item found in 2-spyware.com library
Executable issch.exe is a standard component of InstallShield software. It is used to connect to...		 Change status
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
More info about file realsched.exe		 Legitimate Item found in 2-spyware.com library
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".		 Change status
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe Unknown No exact entries found Insert file into database
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
More info about file jusched.exe		 Legitimate Item found in 2-spyware.com library
Checks if there are new versions of Java available.		 Change status
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe		 Legitimate Process found in system process library Change status
C:\Program Files\WebPosition 4\WPSched4.exe Unknown No exact entries found Insert file into database
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe Unknown No exact entries found Insert file into database
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe Unknown No exact entries found Insert file into database
C:\Program Files\Ringo\Hub.exe Unknown No exact entries found Insert file into database
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe Unknown No exact entries found Insert file into database
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
More info about file javaw.exe		 Legitimate Item found in 2-spyware.com library
Javaw application gets installed with Java Runtime, published by Sun Microsystems. It is an...		 Change status
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
More info about file outlook.exe		 Questionable This process is usually legitimate and related to Microsoft Office. But it also might be a part of parasite, depending on its location and other factors. Make some further research on it. Change status
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe		 Legitimate Process found in system process library Change status
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
More info about file googletoolbarnotifier.exe		 Legitimate Item found in 2-spyware.com library
 Change status
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
More info about file guard.exe		 Legitimate Item found in 2-spyware.com library
ewido Anti-malware real-time guard		 Change status
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
More info about file avgas.exe		 Legitimate Item found in 2-spyware.com library
Legitimate file, related to AVG anti-spyware.		 Change status
C:\Documents and Settings\james.HIGHER-NATURE\Desktop\HijackThis.exe
More info about file hijackthis.exe		 Legitimate Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and...		 Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ Not necessary http://www.yahoo.co.uk/ is your start page.
If you do not like this fact, fix this item.		 Change status
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll		 Legitimate Application program item according to inner database
File related to Adobe Acrobat Reader program.		 Change status
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll Legitimate legitimate bho toolbar, related to SpyBot Search&Destroy Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
More info about file ssv.dll		 Legitimate System item according to inner database
Related to Java Virtual Machine software, which is legitimate.		 Change status
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll Legitimate legitimate bho toolbar, related to Google Toolbar Change status
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll Unknown No exact entries found Insert file into database
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll Unknown No exact entries found Insert file into database
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
More info about file nvcpl.dll		 Legitimate System item according to inner database
Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...		 Change status
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
More info about file dadapp.exe		 Legitimate System item according to inner database
Handles the customizable buttons on Dell laptops. Located in "C:\Program Files\Dell\AccessDirect\".		 Change status
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
More info about file quickset.exe		 Legitimate Application program item according to inner database
This is a part of specific software, which comes preinstalled on Dell computers and laptops. This...		 Change status
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
More info about file syntplpr.exe		 Legitimate System item according to inner database
Related to Synaptics touch pads. Located in "C:\Program Files\Synaptics\SynTP\".
created by:...		 Change status
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
More info about file syntpenh.exe		 Legitimate System item according to inner database
System tray access for Synaptics touch pads. Located in "C:\Program Files\Synaptics\SynTP\".<br...		 Change status
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
More info about file pcmservice.exe		 Legitimate System item according to inner database
From Dell: "The Dell Media Experience (DME) will ship on selected Dimension and Inspiron systems...		 Change status
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
More info about file dvdlauncher.exe		 Legitimate Application program item according to inner database
A part of CyberLink PowerDVD, video playing software.		 Change status
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
More info about file qttask.exe		 Legitimate Application program item according to inner database
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\"....		 Change status
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
More info about file mcvsshld.exe		 Legitimate Application program item according to inner database
Vital component of McAfee antivirus software		 Change status
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
More info about file vptray.exe		 Legitimate Application program item according to inner database
System tray icon for Norton Anti-Virus. Located in "C:\Program Files\NavNT\"		 Change status
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
More info about file hpnra.exe		 Dangerous Spyware related item according to inner database
hpnra.exe is a file with unknown purpose.		 Change status
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
More info about file gsicon.exe		 Legitimate Application program item according to inner database
The file is related to Eicon modem application.		 Change status
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB Legitimate Component of the DSL modem software Change status
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
More info about file hpwuschd2.exe		 Legitimate Application program item according to inner database
The file is related to Hewlett Packard software.		 Change status
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup Legitimate InstallShield Automatic Updater Change status
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
More info about file issch.exe		 Legitimate Application program item according to inner database
Executable issch.exe is a standard component of InstallShield software. It is used to connect to...		 Change status
O4 - HKLM\..\Run: [dmzzc.exe] C:\WINDOWS\System32\dmzzc.exe Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
More info about file realsched.exe		 Legitimate Application program item according to inner database
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".		 Change status
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
More info about file jusched.exe		 Legitimate Application program item according to inner database
Checks if there are new versions of Java available.		 Change status
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
More info about file avgas.exe		 Legitimate Application program item according to inner database
Legitimate file, related to AVG anti-spyware.		 Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe		 Legitimate Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...		 Change status
O4 - HKCU\..\Run: [HD] C:\Program Files\Jvw History Eraser 1.0\Hd.cmd
More info about file c:		 Legitimate Application program item according to inner database
CONTIG.EXE is a free defragmantation utility from this SYSINTERNALS site: www.sysinternals.com run...		 Change status
O4 - HKCU\..\Run: [WPSched4] "C:\Program Files\WebPosition 4\WPSched4.exe" MINIMIZE Unknown No exact entries found Insert file into database
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
More info about file googletoolbarnotifier.exe		 Legitimate System item according to inner database
 Change status
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
More info about file adobe gamma loader.exe		 Legitimate Application program item according to inner database
From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display....		 Change status
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
More info about file reader_sl.exe		 Legitimate A part of Adobe Acrobat Reader. Used to speed up the program's launch time. Change status
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe Legitimate DSL Modem monitor Change status
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE Questionable questionable item according to our database Change status
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
More info about file osa9.exe		 Legitimate Application program item according to inner database
Loads Microsoft Office components at reboot, to improve the startup time of the Office programs....		 Change status
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe Unknown No exact entries found Insert file into database
O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe Unknown No exact entries found Insert file into database
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe Unknown No exact entries found Insert file into database
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
More info about file wupdater.exe		 Dangerous Spyware related item according to inner database
"KeenValue.Updater is an updater for eUniverse's products, such as KeenValue, IncrediFind and...		 Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll Not necessary This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll Not necessary This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll Not necessary This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra ''Tools'' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll Not necessary This item represents extra menu item in your Tools menu in IE with a name 'Yahoo! Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) Not necessary Fix this item because it points to a file that cannot be found Change status
O9 - Extra ''Tools'' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) Not necessary Fix this item because it points to a file that cannot be found Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Not necessary This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll Not necessary This item represents extra button in your IE toolbar with a name 'Real.com' and points to file 'C:\WINDOWS\System32\Shdocvw.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Legitimate Legitimate extra button in your browser - related to windows messenger. Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Legitimate Legitimate extra tools menu item - related to Windows Messenger. Change status
O14 - IERESET.INF: START_PAGE_URL=http://www.greenisp.org Questionable This item changes your "default" Start page in IE. It will appear if you Restore default web settings. If you are an administrator and you do not recognize address "", fix this item. Change status
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 Legitimate Legitimate ActiveX item from site http://go.microsoft.com/ Change status
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab Questionable Are you using an ActiveX object with a name 'BDSCANONLINE Control' located in 'http://download.bitdefender.com/resources/scan8/oscan8.cab'? If not, fix this item. Change status
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/wuweb_site.cab?1133868910858		 Legitimate Legitimate ActiveX item from site http://update.microsoft.com/ Change status
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls
/en/x86/client/muweb_site.cab?1133868892471		 Legitimate Legitimate ActiveX item from site http://update.microsoft.com/ Change status
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = higher-nature.co.uk Questionable Do you recognize these IP addresses 'higher-nature.co.uk' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\Software\..\Telephony: DomainName = higher-nature.co.uk Questionable Do you recognize these IP addresses 'higher-nature.co.uk' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{35CADC0B-AB20-4266-B56E-33D7A9A9AB89}: NameServer = 85.255.113.142,85.255.112.11 Questionable Do you recognize these IP addresses '85.255.113.142,85.255.112.11' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B783A4B-F222-42FF-8E2E-C3F2D9CBD12D}: NameServer = 85.255.113.142 85.255.112.11 Questionable Do you recognize these IP addresses '85.255.113.142 85.255.112.11' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0652E86-4506-4899-8C96-489CFEB54D51}: NameServer = 194.119.131.65 Questionable Do you recognize these IP addresses '194.119.131.65' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = higher-nature.co.uk Questionable Do you recognize these IP addresses 'higher-nature.co.uk' as your internet provider DNS servers? If not, fix this item. Change status
O17 - HKLM\System\CS3\Services\Tcpip\..\{35CADC0B-AB20-4266-B56E-33D7A9A9AB89}: NameServer = 85.255.113.142,85.255.112.11 Questionable Do you recognize these IP addresses '85.255.113.142,85.255.112.11' as your internet provider DNS servers? If not, fix this item. Change status
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL Questionable It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "livecall" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL". Change status
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll Legitimate Related to Norton AntiVirus Change status
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll Legitimate Related to pcAnywhere Change status
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll Legitimate windows check Change status
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
More info about file guard.exe		 Legitimate Item found in 2-spyware.com database.
ewido Anti-malware real-time...		 Change status
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe Legitimate Part of Symantec's pcAnywhere remote PC management software. Change status
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
More info about file defwatch.exe		 Legitimate Item found in 2-spyware.com database.
This file is a standard component of Norton AntiVirus Corporate Edition application. Process...		 Change status
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
More info about file sagent2.exe		 Legitimate Item found in 2-spyware.com database.
Epson Printer Status Agent. Located in "C:\Program Files\Common...		 Change status
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
More info about file ewidoctrl.exe		 Legitimate Item found in 2-spyware.com database.
This is a vital component of ewido security suite, a popular anti-spyware and anti-malware...		 Change status
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe Unknown No exact entries found Insert file into database
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
More info about file ireike.exe		 Legitimate Item found in 2-spyware.com database.
This file is a component of Microsoft L2TP/IPSec VPN (Layer Two Tunneling Protocl and Internet...		 Change status
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
More info about file rtvscan.exe		 Legitimate Item found in 2-spyware.com database.
File rtvscan.exe is an essential component of Norton AntiVirus application, published by Symantec...		 Change status
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe		 Legitimate Item found in 2-spyware.com database.
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...		 Change status
O23 - Service: pcAnywhere Install Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\pca_run.exe Unknown No exact entries found Insert file into database
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
More info about file hpzipm12.exe		 Legitimate Item found in 2-spyware.com database.
This is a standard component of Hewlett-Packard device drivers. The presence of this file means,...		 Change status
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
More info about file tablet.exe		 Legitimate Item found in 2-spyware.com database.
wacom tablet saftware or driver, perferctly...		 Change status


Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

Recommended software:
Malwarebytes Anti Malware
(91/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
SpyHunter
(89/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
STOPzilla
(86/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:
Carl A Someone signature loved by spammers
State of Utah Reveals Why 780k People Records Were Stolen
The iPhone And iPad Are Targets For Hackers
Malicious tweets spread rogue AV infecting Android users
Be aware about malware spread via hotel Wi-Fi connections
SecureCloud Key Management Systems Released by Trend Micro
Microsoft and Adobe Releases Critical Security Updates. Update Now!
Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
Hacks Through Compromised Websites Increases Rapidly, Says Symantec
Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:
ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:
mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries
Latest Spyware Threats: Smart Data Recovery | Smart Fortress 2012 | Antivirus Protection 2012 | Internet Security | Internet Security 2012 | System Check | Smart HDD | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds | Follow us | Like us
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.