| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\System32\smss.exe
More info about file smss.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\services.exe
More info about file services.exe |
Legitimate |
In most of cases it is legitimate system process, only sometimes can be used by malicious software |
Change status |
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\system32\LEXBCES.EXE
More info about file lexbces.exe |
Legitimate |
Item found in 2-spyware.com library
This file is a component of MarkVision software, published by Lexmark International. This software... |
Change status |
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\Nhksrv.exe
More info about file nhksrv.exe |
Legitimate |
Item found in 2-spyware.com library
This is a part of Netropa software, which comes preinstalled on some Dell and Compaq computers.... |
Change status |
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
More info about file cdac11ba.exe |
Legitimate |
Item found in 2-spyware.com library
This file is an internal component of SafeCast copy protection program, published by MacroVision... |
Change status |
| C:\Program Files\Common Files\Command Software\dvpapi.exe |
Unknown |
No exact entries found |
Insert file into database
|
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
More info about file mdm.exe |
Legitimate |
Item found in 2-spyware.com library
mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM... |
Change status |
C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com library
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status |
| C:\Program Files\Dantz\Retrospect\retrorun.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\WINDOWS\System32\Tablet.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\system32\wscntfy.exe
More info about file wscntfy.exe |
Questionable |
Item found in 2-spyware.com library
wscntfy.exe is an executable file that starts a malicious process, launches certain parasite... |
Change status |
C:\WINDOWS\explorer.exe
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\WINDOWS\DELLMMKB.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE
More info about file instan~1.exe |
Dangerous |
Item found in 2-spyware.com library
Related to TextBridge Pro. Located in "C:\PROGRA~1\TEXTBR~1.0\BIN". |
Change status |
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
More info about file hpgs2wnd.exe |
Legitimate |
Item found in 2-spyware.com library
Hewlett Packard Share-to-Web utility built into thier products. |
Change status |
| C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\MXOALDR.EXE
More info about file mxoaldr.exe |
Legitimate |
Item found in 2-spyware.com library
Maxtor Drivers for external usb hard drive. MXOALDR.EXE is located in "C:\WINDOWS\" on Windows... |
Change status |
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
More info about file hpgs2wnf.exe |
Legitimate |
Item found in 2-spyware.com library
Related to software from HP. Located in "C:\Program Files\Hewlett-Packard\HP Share-to-Web\". |
Change status |
C:\Program Files\Netropa\OSD.exe
More info about file osd.exe |
Legitimate |
Item found in 2-spyware.com library
File osd.exe displays an icon in the System Tray, which allows a user to change various display... |
Change status |
F:\Program Files\Roxio\Media Creator 7\Drag to Disc\DrgToDsc.exe
More info about file drgtodsc.exe |
Legitimate |
Item found in 2-spyware.com library
Roxio Drag To Disc. It is a special tool that allows to drag files on its system tray icon in order... |
Change status |
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Item found in 2-spyware.com library
Checks if there are new versions of Java available. |
Change status |
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
More info about file realsched.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status |
C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\Program Files\CheckIt\86\CheckIt86.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe |
Unknown |
No exact entries found |
Insert file into database
|
| C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe |
Unknown |
No exact entries found |
Insert file into database
|
C:\cleanspy\HijackThis.exe
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ |
Not necessary |
http://smbusiness.dellnet.com/ is your Default Page URL.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.cox.net/ |
Not necessary |
http://sandiego.cox.net/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy:8080 |
Not necessary |
.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 |
Not necessary |
127.0.0.1 overrides your Proxy Server.
If you do not like this fact, fix this item. |
Change status |
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll |
Legitimate |
legitimate bho toolbar, related to SpyBot Search&Destroy |
Change status
|
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
More info about file ssv.dll |
Legitimate |
System item according to inner database
Related to Java Virtual Machine software, which is legitimate. |
Change status
|
| O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll |
Unknown |
No exact entries found |
Insert file into database
|
| O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll |
Legitimate |
legitimate bho toolbar, related to Comcast Security Manager |
Change status
|
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
More info about file googletoolbar2.dll |
Legitimate |
Application program item according to inner database
Google Toolbar for Internet Explorer. |
Change status
|
O3 - Toolbar: AuthBHO.cBlockerBar - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
More info about file googletoolbar2.dll |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
More info about file rundll32.exe |
Legitimate |
System item according to inner database
Rundll32.exe loads and runs 32-bit DLLs. Rundll32.exe comes with all versions of Microsoft Windows.... |
Change status
|
O4 - HKLM\..\Run: [POINTER] point32.exe
More info about file point32.exe |
Legitimate |
System item according to inner database
Microsoft IntelliPoint Mouse Software. |
Change status
|
| O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h
More info about file instan~1.exe |
Dangerous |
Spyware related item according to inner database
Related to TextBridge Pro. Located in "C:\PROGRA~1\TEXTBR~1.0\BIN". |
Change status
|
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
More info about file hpgs2wnd.exe |
Legitimate |
System item according to inner database
Hewlett Packard Share-to-Web utility built into thier products. |
Change status
|
| O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
More info about file mxoaldr.exe |
Legitimate |
Driver related item according to inner database.
Maxtor Drivers for external usb hard drive. MXOALDR.EXE is located in "C:\WINDOWS\" on Windows... |
Change status
|
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
More info about file nwiz.exe |
Legitimate |
System item according to inner database
Nwiz.exe is Related to nVidia graphic cards drivers.
Long name - NVIDIA nView Wizard.<br... |
Change status
|
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Media Creator 7\Drag to Disc\DrgToDsc.exe"
More info about file drgtodsc.exe |
Legitimate |
Application program item according to inner database
Roxio Drag To Disc. It is a special tool that allows to drag files on its system tray icon in order... |
Change status
|
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
More info about file nerocheck.exe |
Legitimate |
Application program item according to inner database
Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for... |
Change status
|
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
More info about file jusched.exe |
Legitimate |
Application program item according to inner database
Checks if there are new versions of Java available. |
Change status
|
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
More info about file realsched.exe |
Legitimate |
Application program item according to inner database
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status
|
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
More info about file ctfmon.exe |
Legitimate |
Application program item according to inner database
When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)... |
Change status
|
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
More info about file adobe gamma loader.exe |
Legitimate |
Application program item according to inner database
From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display.... |
Change status
|
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
More info about file reader_sl.exe |
Legitimate |
A part of Adobe Acrobat Reader. Used to speed up the program's launch time. |
Change status
|
| O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe |
Unknown |
No exact entries found |
Insert file into database
|
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
More info about file osa.exe |
Legitimate |
Application program item according to inner database
The Office Startup Assistant (Osa.exe or OSA) is a program that improves the performance of Office... |
Change status
|
| O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present |
Questionable |
This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item. |
Change status
|
| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
Questionable |
This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item. |
Change status
|
| O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html |
Not necessary |
Do you want item 'Backward Links' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html |
Not necessary |
Do you want item 'Cached Snapshot of Page' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html |
Not necessary |
Do you want item 'Similar Pages' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html |
Not necessary |
Do you want item 'Translate Page into English' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe |
Not necessary |
This item represents extra button in your IE toolbar without name and points to file 'C:\PROGRA~1\CheckIt\86\CheckIt86.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'CheckIt &86' and points to file 'C:\PROGRA~1\CheckIt\86\CheckIt86.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Real.com' and points to file 'C:\WINDOWS\System32\Shdocvw.dll'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe |
Not necessary |
This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item. |
Change status
|
| O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab |
Questionable |
Are you using an ActiveX object with a name 'PopCapLoader Object' located in 'http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v6.cab'? If not, fix this item. |
Change status
|
| O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL |
Unknown |
No exact entries found |
Change status
|
| O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll |
Unknown |
No exact entries found |
Change status
|
| O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe |
Legitimate |
Required for PhotoshopCS |
Change status
|
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
More info about file cdac11ba.exe |
Legitimate |
Item found in 2-spyware.com database.
This file is an internal component of SafeCast copy protection program, published by MacroVision... |
Change status
|
| O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe |
Legitimate |
Related to Authentium, Inc.
http://www.authentium.com/ |
Change status
|
| O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe |
Legitimate |
Command Software Systems, Inc. - anti Virus |
Change status
|
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
More info about file lexbces.exe |
Legitimate |
Item found in 2-spyware.com database.
This file is a component of MarkVision software, published by Lexmark International. This software... |
Change status
|
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
More info about file nhksrv.exe |
Legitimate |
Item found in 2-spyware.com database.
This is a part of Netropa software, which comes preinstalled on some Dell and Compaq computers.... |
Change status
|
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
More info about file nvsvc32.exe |
Legitimate |
Item found in 2-spyware.com database.
NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching... |
Change status
|
| O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe |
Legitimate |
Related to Dantz Development Corporation |
Change status
|
| O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe |
Legitimate |
Related to Wacom Technology, Corp. |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
