| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
More info about file ccevtmgr.exe |
Legitimate |
Item found in 2-spyware.com library
ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus... |
Change status |
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\WINDOWS\system32\msasvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Norton AntiVirus\navapsvc.exe
More info about file navapsvc.exe |
Legitimate |
Item found in 2-spyware.com library
Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on... |
Change status |
C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com library
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\RUNDLL32.EXE
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\rundll32.exe
More info about file rundll32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\dumprep.exe
More info about file dumprep.exe |
Legitimate |
Item found in 2-spyware.com library
"Windows Error Reporting Dump Reporting Tool. Found on Windows XP/2003. DUMPREP creates memory... |
Change status |
C:\Program Files\Messenger\msmsgs.exe
More info about file msmsgs.exe |
Legitimate |
Item found in 2-spyware.com library
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status |
C:\Spywares Tools\hijackthis\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
C:\WINDOWS\system32\dwwin.exe
More info about file dwwin.exe |
Legitimate |
Item found in 2-spyware.com library
This is a debug tool, included in Windows operating system. It collects information related to... |
Change status |
| R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html |
Not necessary |
c:\secure32.html is your Default Page URL.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html |
Not necessary |
c:\secure32.html is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html |
Not necessary |
c:\secure32.html is your Default Page URL.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html |
Not necessary |
c:\secure32.html is your start page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html |
Not necessary |
c:\secure32.html is your local page.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html |
Not necessary |
c:\secure32.html is your local page.
If you do not like this fact, fix this item. |
Change status |
| O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx |
Legitimate |
legitimate bho toolbar, related to Adobe Acrobat reader |
Change status
|
| O2 - BHO: (no name) - {64AC5916-D02A-7BF7-9160-06CCFCD1636E} - C:\WINDOWS\system32\itbwqwf.dll |
Unknown |
No exact entries found |
Insert file into database
|
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
More info about file navshext.dll |
Legitimate |
Application program item according to inner database
Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses... |
Change status
|
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
More info about file navshext.dll |
Legitimate |
Application program item according to inner database
Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses... |
Change status
|
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
More info about file nerocheck.exe |
Legitimate |
Application program item according to inner database
Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for... |
Change status
|
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
More info about file ccapp.exe |
Legitimate |
System item according to inner database
From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS.... |
Change status
|
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
More info about file ccregvfy.exe |
Legitimate |
Application program item according to inner database
ccRegVfy.exe is responsible for checking the integrity of the Norton product registry entries to... |
Change status
|
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
More info about file sndmon.exe |
Legitimate |
Application program item according to inner database
This is the main part of LiveUpdate tool, published by Symantec. It is required to update all... |
Change status
|
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
More info about file cmicnfg.cpl |
Legitimate |
System item according to inner database
system tray access for C-Media sound cards. |
Change status
|
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
More info about file nvcpl.dll |
Legitimate |
System item according to inner database
Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
More info about file nwiz.exe |
Legitimate |
System item according to inner database
Nwiz.exe is Related to nVidia graphic cards drivers.
Long name - NVIDIA nView Wizard.<br... |
Change status
|
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
More info about file nvmctray.dll |
Legitimate |
System item according to inner database
nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,... |
Change status
|
| O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels1118.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [czpeexk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\czpeexk.dll",rzqlgze |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k |
Questionable |
questionable item according to our database |
Change status
|
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
More info about file msmsgs.exe |
Legitimate |
System item according to inner database
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... |
Change status
|
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
More info about file winstall.exe |
Dangerous |
Spyware related item according to inner database
winstall.exe is an executable file that is responsible for launching parasites, loading main... |
Change status
|
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
More info about file adobe gamma loader.exe |
Legitimate |
Application program item according to inner database
From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display.... |
Change status
|
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
More info about file adobe gamma loader.exe |
Legitimate |
Application program item according to inner database
From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display.... |
Change status
|
| O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra button in your browser - related to windows messenger. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra tools menu item - related to Windows Messenger. |
Change status
|
| O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll |
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll |
Questionable |
Are you using an ActiveX object with a name 'YInstStarter Class' located in 'C:\Program Files\Yahoo!\common\yinsthelper.dll'? If not, fix this item. |
Change status
|
| O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe |
Legitimate |
Required for PhotoshopCS |
Change status
|
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
More info about file ccevtmgr.exe |
Legitimate |
Item found in 2-spyware.com database.
ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus... |
Change status
|
| O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe |
Legitimate |
Runs Common Client Password Validation Service on every Windows startup. Used by legitimate Symantec software. |
Insert file into database
|
| O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe |
Legitimate |
Related to Macromedia products: Flash, Dreamweaver, etc. |
Change status
|
| O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
More info about file navapsvc.exe |
Legitimate |
Item found in 2-spyware.com database.
Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on... |
Change status
|
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status
|
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
More info about file sbserv.exe |
Legitimate |
Item found in 2-spyware.com database.
Part of Norton Anti-virus. SBServ.exe is located in "C:\Program Files\Common Files\Symantec... |
Change status
|
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
More info about file sndsrvc.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs... |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
