| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
|
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
More info about file msmpeng.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Windows Defender program. |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
More info about file hpgs2wnd.exe |
Legitimate |
Item found in 2-spyware.com library
Hewlett Packard Share-to-Web utility built into thier products. |
Change status |
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
More info about file hpqcmon.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to HP software. |
Change status |
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Item found in 2-spyware.com library
Checks if there are new versions of Java available. |
Change status |
C:\Program Files\QuickTime\qttask.exe
More info about file qttask.exe |
Legitimate |
Item found in 2-spyware.com library
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status |
C:\Program Files\Picasa2\PicasaMediaDetector.exe
More info about file picasamediadetector.exe |
Legitimate |
Item found in 2-spyware.com library
PicasaMediaDetector.exe belongs to Picasa application. |
Change status |
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
More info about file winssnotify.exe |
Legitimate |
Item found in 2-spyware.com library
Microsoft OneCare User Interface. |
Change status |
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
More info about file hpgs2wnf.exe |
Legitimate |
Item found in 2-spyware.com library
Related to software from HP. Located in "C:\Program Files\Hewlett-Packard\HP Share-to-Web\". |
Change status |
C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com library
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
More info about file winss.exe |
Legitimate |
Item found in 2-spyware.com library
File belongs to Microsoft Windows OneCare application. |
Change status |
C:\Program Files\Mozilla Firefox\firefox.exe
More info about file firefox.exe |
Legitimate |
Item found in 2-spyware.com library
File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all... |
Change status |
C:\Program Files\Internet Explorer\iexplore.exe
More info about file iexplore.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\explorer.exe
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca7.hpwis.com/ |
Not necessary |
http://ca7.hpwis.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R3 - Default URLSearchHook is missing |
Not necessary |
|
Change status |
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
| O2 - BHO: (no name) - {77A62942-C79E-48B2-AA41-003B37AD0965} - C:\WINDOWS\system32\pmnlk.dll |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
More info about file hkcmd.exe |
Legitimate |
System item according to inner database
Hotkey Command Module for Intel Graphics Contollers. Located in "C:\WINNT\System32\" on Windows... |
Change status
|
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
More info about file hpgs2wnd.exe |
Legitimate |
System item according to inner database
Hewlett Packard Share-to-Web utility built into thier products. |
Change status
|
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
More info about file hpqcmon.exe |
Legitimate |
Application program item according to inner database
The file is related to HP software. |
Change status
|
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
More info about file sgtray.exe |
Legitimate |
Application program item according to inner database
Part of the Veritas Storage Guard. Located in "C:\Program Files\VERITAS Software\Update Manager\". |
Change status
|
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
More info about file jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
More info about file qttask.exe |
Legitimate |
Application program item according to inner database
Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\".... |
Change status
|
| O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
More info about file cthelper.exe |
Legitimate |
System item according to inner database
Installed with Creative sound cards. Has been reported to use 100% CPU time.
CTHelper is a... |
Change status
|
| O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [Windows Security Updater] C:\WINDOWS\WINFRW.EXE |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
More info about file winampa.exe |
Legitimate |
Application program item according to inner database
System tray icon for Winamp. |
Change status
|
| O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
More info about file picasamediadetector.exe |
Legitimate |
Application program item according to inner database
PicasaMediaDetector.exe belongs to Picasa application. |
Change status
|
| O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\second lies.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [32 meet rect less] C:\Documents and Settings\All Users\Application Data\five each less two\pop ace bore.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
More info about file reader_sl.exe |
Legitimate |
Application program item according to inner database
Related to Adobe Acrobat Reader. |
Change status
|
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
More info about file winssnotify.exe |
Legitimate |
Application program item according to inner database
Microsoft OneCare User Interface. |
Change status
|
| O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
More info about file cthelper.exe |
Legitimate |
System item according to inner database
Installed with Creative sound cards. Has been reported to use 100% CPU time.
CTHelper is a... |
Change status
|
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
More info about file msnmsgr.exe |
Legitimate |
System item according to inner database
Microsoft Windows Messenger chat client. |
Change status
|
| O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
More info about file cthelper.exe |
Legitimate |
System item according to inner database
Installed with Creative sound cards. Has been reported to use 100% CPU time.
CTHelper is a... |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
| O4 - HKCU\..\Run: [Seek Soft] C:\DOCUME~1\Owner\APPLIC~1\BLAHTE~1\Moreroad.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe |
Unknown |
No exact entries found |
Change status
|
| O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe |
Unknown |
No exact entries found |
Change status
|
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
More info about file osa.exe |
Legitimate |
Application program item according to inner database
The Office Startup Assistant (Osa.exe or OSA) is a program that improves the performance of Office... |
Change status
|
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
More info about file bagent.exe |
Legitimate |
Application program item according to inner database
A part of Quicken software. It manages updates and informs the user when updates are available. |
Change status
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\kazemule-com\local.htm (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
Not necessary |
Fix this item because it points to a file that cannot be found |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra button in your browser - related to windows messenger. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Legitimate |
Legitimate extra tools menu item - related to Windows Messenger. |
Change status
|
| O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll |
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://download.games.yahoo.com/games/clients/y/et1_x.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://download.games.yahoo.com/games/clients/y/ht1_x.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 |
Legitimate |
Legitimate ActiveX item from site http://go.microsoft.com/ |
Change status
|
| O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab |
Questionable |
Are you using an ActiveX object with a name 'MSN Photo Upload Tool' located in 'http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://212.145.159.194/251065/dialercab/WebRecomendada.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab |
Questionable |
Are you using an ActiveX object with a name 'Facebook Photo Uploader Control' located in 'http://upload.facebook.com/controls/FacebookPhotoUploader.cab'? If not, fix this item. |
Change status
|
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally
/ActiveLauncher/ActiveLauncherSetup.cab |
Questionable |
Are you using an ActiveX object with no name located in 'http://install.wildtangent.com/cda/islandrally
/ActiveLauncher/ActiveLauncherSetup.cab'? If not, fix this item. |
Change status
|
| O20 - AppInit_DLLs: |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O20 - Winlogon Notify: hgggged - hgggged.dll (file missing) |
Not necessary |
Fix this item because it points to a file that does not exist |
Change status
|
| O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
Legitimate |
Related to Intel(R) integrated graphics controller |
Change status
|
| O20 - Winlogon Notify: pmnlk - C:\WINDOWS\system32\pmnlk.dll |
Unknown |
No exact entries found |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Legitimate |
windows check |
Change status
|
| O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll |
Legitimate |
The file belongs to WMP11 Beta application. |
Change status
|
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
More info about file googleupdaterservice.exe |
Legitimate |
Item found in 2-spyware.com database.
Service for Google... |
Change status
|
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
