| Line: |
Status: |
Comments: |
Actions: |
C:\WINDOWS\SYSTEM\KERNEL32.DLL
More info about file kernel32.dll |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
More info about file msgsrv32.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\SYSTEM\MPREXE.EXE
More info about file mprexe.exe |
Legitimate |
Item found in 2-spyware.com library
File mprexe.exe is a standard component of Microsoft Windows 95/98/Me operating systems. It is... |
Change status |
C:\WINDOWS\SYSTEM\MSTASK.EXE
More info about file mstask.exe |
Legitimate |
Item found in 2-spyware.com library
Mstask.exe is the task scheduler service, responsible for running tasks at a time predetermined by... |
Change status |
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
More info about file vshwin32.exe |
Legitimate |
Item found in 2-spyware.com library
File vshwin32.exe usually starts automatically on system's startup and stays in background. It... |
Change status |
| C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\SYSTEM\mmtask.tsk
More info about file mmtask.tsk |
Legitimate |
Item found in 2-spyware.com library
File mmtask.tsk is related to process that is used to provide multitasking for multimedia... |
Change status |
C:\WINDOWS\SYSTEM\HIDSERV.EXE
More info about file hidserv.exe |
Legitimate |
Item found in 2-spyware.com library
hidserv.exe is a file in Windows 98 Second Edition. It Stands for "Human Interface Device... |
Change status |
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
More info about file vsstat.exe |
Legitimate |
Item found in 2-spyware.com library
McAfee Virus Scan. Located in "C:\Program Files\McAfee\McAfee VirusScan\". |
Change status |
C:\WINDOWS\EXPLORER.EXE
More info about file explorer.exe |
Legitimate |
Process found in system process library |
Change status |
| C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
More info about file osd.exe |
Legitimate |
Item found in 2-spyware.com library
File osd.exe displays an icon in the System Tray, which allows a user to change various display... |
Change status |
C:\WINDOWS\SYSTEM\RPCSS.EXE
More info about file rpcss.exe |
Legitimate |
Item found in 2-spyware.com library
This file is related to Remote Procedure Call Services - it is a crucial component of any Windows... |
Change status |
| C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\TASKMON.EXE
More info about file taskmon.exe |
Legitimate |
Item found in 2-spyware.com library
Taskmon.exe from Microsoft monitors the application usage. This information is later used by the... |
Change status |
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
More info about file systray.exe |
Legitimate |
Process found in system process library |
Change status |
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
More info about file hpsysdrv.exe |
Legitimate |
Item found in 2-spyware.com library
Hewlett Packard related software. hpsysdrv.exe is located in "C:\windows\system\" on all Windows... |
Change status |
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
More info about file cfd.exe |
Legitimate |
Item found in 2-spyware.com library
Related to BroadJump Client Foundation - broadband troubleshooting software installed by some ISPs. |
Change status |
C:\WINDOWS\SYSTEM\STIMON.EXE
More info about file stimon.exe |
Legitimate |
Item found in 2-spyware.com library
From Microsoft: "Still Image Monitor (Stimon.exe) is a tool that is installed by Windows... |
Change status |
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
More info about file dragdiag.exe |
Legitimate |
Item found in 2-spyware.com library
System tray icon for Alcatel’s ADSL modems. |
Change status |
C:\WINDOWS\LOADQM.EXE
More info about file loadqm.exe |
Legitimate |
Item found in 2-spyware.com library
From the publisher: "When you install MSN Explorer, the Loadqm.exe file is added to the Startup... |
Change status |
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
More info about file msnappau.exe |
Legitimate |
Item found in 2-spyware.com library
This is a component of MSN Toolbar, which integrates additional functions and services into... |
Change status |
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
More info about file realsched.exe |
Legitimate |
Item found in 2-spyware.com library
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status |
| C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE
More info about file drgtodsc.exe |
Legitimate |
Item found in 2-spyware.com library
Roxio Drag To Disc. It is a special tool that allows to drag files on its system tray icon in order... |
Change status |
C:\WINDOWS\SYSTEM\LEXBCES.EXE
More info about file lexbces.exe |
Legitimate |
Item found in 2-spyware.com library
This file is a component of MarkVision software, published by Lexmark International. This software... |
Change status |
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE
More info about file rxmon.exe |
Legitimate |
Item found in 2-spyware.com library
File rxmon.exe is a part of Roxio Easy CD & DVD Creator suite. It is required by this software to... |
Change status |
C:\PROGRAM FILES\WINTVR3\REMOTE.EXE
More info about file remote.exe |
Dangerous |
Item found in 2-spyware.com library
remote.exe is an executable file which primary purpose is to start a parasite or launch some of its... |
Change status |
| C:\PROGRAM FILES\WINTVR3\SCHEDULE.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
More info about file msnmsgr.exe |
Legitimate |
Item found in 2-spyware.com library
Microsoft Windows Messenger chat client. |
Change status |
C:\WINDOWS\SYSTEM\LEXPPS.EXE
More info about file lexpps.exe |
Legitimate |
Item found in 2-spyware.com library
This file is related to Lexmark Printer Port Scanner utility, it is a standard component of the... |
Change status |
| C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\TOOLS\REXPROXY.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
More info about file wkcalrem.exe |
Legitimate |
Item found in 2-spyware.com library
This file is related to Calendar Reminder - this background process is a standard part of Microsoft... |
Change status |
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
More info about file easyshare.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to Kodak camera software. |
Change status |
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
More info about file kodak software updater.exe |
Legitimate |
Item found in 2-spyware.com library
The file is related to Kodak camera software. |
Change status |
| C:\PROGRAM FILES\2WIRE WIRELESS\CLIENT MANAGER\CMTWO.EXE |
Unknown |
No exact entries found |
Insert file into database
|
C:\WINDOWS\SYSTEM\WMIEXE.EXE
More info about file wmiexe.exe |
Legitimate |
Item found in 2-spyware.com library
This file is related to Microsoft Windows Management Instrumentation - it is a programming... |
Change status |
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
More info about file firefox.exe |
Legitimate |
Item found in 2-spyware.com library
File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all... |
Change status |
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
More info about file hijackthis.exe |
Legitimate |
Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... |
Change status |
| R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 |
Not necessary |
http://g.msn.com/0SEENUS/SAOS01 is your Search Bar.
If you do not like this fact, fix this item. |
Change status |
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ |
Not necessary |
http://www.globo.com/ is your start page.
If you do not like this fact, fix this item. |
Change status |
| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost |
Not necessary |
localhost overrides your Proxy Server.
If you do not like this fact, fix this item. |
Change status |
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
More info about file acroiehelper.dll |
Legitimate |
Application program item according to inner database
File related to Adobe Acrobat Reader program. |
Change status
|
| O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL |
Legitimate |
legitimate bho toolbar, related to MSN Toolbar |
Change status
|
| O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL |
Legitimate |
legitimate bho toolbar, related to MSN Toolbar |
Change status
|
| O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEHCEF.DLL |
Unknown |
No exact entries found |
Insert file into database
|
| O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL |
Legitimate |
legitimate bho, related to MSN Toolbar |
Change status
|
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
More info about file taskmon.exe |
Legitimate |
System item according to inner database
Taskmon.exe from Microsoft monitors the application usage. This information is later used by the... |
Change status
|
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
More info about file systray.exe |
Legitimate |
System item according to inner database
From Microsoft: <i>"Systray.exe is a Windows 95/98/Me tool for system taskbar notifications. The... |
Change status
|
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
More info about file powrprof.dll |
Legitimate |
System item according to inner database
Related to the power management of the computer. The power settings can be modified in the Windows... |
Change status
|
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
More info about file hpsysdrv.exe |
Legitimate |
System item according to inner database
Hewlett Packard related software. hpsysdrv.exe is located in "C:\windows\system\" on all Windows... |
Change status
|
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
More info about file vshwin32.exe |
Legitimate |
Application program item according to inner database
File vshwin32.exe usually starts automatically on system's startup and stays in background. It... |
Change status
|
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
More info about file vsstat.exe |
Legitimate |
System item according to inner database
McAfee Virus Scan. Located in "C:\Program Files\McAfee\McAfee VirusScan\". |
Change status
|
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
More info about file cfd.exe |
Legitimate |
Application program item according to inner database
Related to BroadJump Client Foundation - broadband troubleshooting software installed by some ISPs. |
Change status
|
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
More info about file stimon.exe |
Legitimate |
System item according to inner database
From Microsoft: <i>"Still Image Monitor (Stimon.exe) is a tool that is installed by Windows... |
Change status
|
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
More info about file dragdiag.exe |
Legitimate |
System item according to inner database
System tray icon for Alcatel’s ADSL modems. |
Change status
|
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
More info about file p_981116.exe |
Legitimate |
System item according to inner database
Win32 cabinet Self-Extractor. Located c:\windows\p_981116. Leftover from a DirectX 6.0 upgrade. |
Change status
|
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
More info about file loadqm.exe |
Legitimate |
Application program item according to inner database
From the publisher: "When you install MSN Explorer, the Loadqm.exe file is added to the Startup... |
Change status
|
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
More info about file msnappau.exe |
Legitimate |
Application program item according to inner database
This is a component of MSN Toolbar, which integrates additional functions and services into... |
Change status
|
| O4 - HKLM\..\Run: [LexStart] lexstart.exe |
Not necessary |
not necessary item according to our database |
Change status
|
| O4 - HKLM\..\Run: [RegistryBot] "C:\Program Files\RegistryBot\RegistryBot.exe" -boot |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
More info about file realsched.exe |
Legitimate |
Application program item according to inner database
Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\". |
Change status
|
| O4 - HKLM\..\Run: [projselector] "c:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r |
Questionable |
questionable item according to our database |
Change status
|
| O4 - HKLM\..\Run: [RoxioEngineUtility] "c:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" |
Questionable |
questionable item according to our database |
Change status
|
O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
More info about file drgtodsc.exe |
Legitimate |
Application program item according to inner database
Roxio Drag To Disc. It is a special tool that allows to drag files on its system tray icon in order... |
Change status
|
O4 - HKLM\..\Run: [RoxioAudioCentral] "c:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
More info about file rxmon.exe |
Legitimate |
Application program item according to inner database
File rxmon.exe is a part of Roxio Easy CD & DVD Creator suite. It is required by this software to... |
Change status
|
O4 - HKLM\..\Run: [WinTVRRemote] "C:\Program Files\WinTVR3\Remote.exe"
More info about file remote.exe |
Dangerous |
Spyware related item according to inner database
remote.exe is an executable file which primary purpose is to start a parasite or launch some of its... |
Change status
|
| O4 - HKLM\..\Run: [Schedule] "C:\Program Files\WinTVR3\Schedule.exe" |
Unknown |
No exact entries found |
Insert file into database
|
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
More info about file kodakccs.exe |
Legitimate |
Driver related item according to inner database.
The file is related to Kodak Camera drivers. |
Change status
|
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
More info about file powrprof.dll |
Legitimate |
System item according to inner database
Related to the power management of the computer. The power settings can be modified in the Windows... |
Change status
|
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
More info about file mstask.exe |
Legitimate |
System item according to inner database
Mstask.exe is the task scheduler service, responsible for running tasks at a time predetermined by... |
Change status
|
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
More info about file hidserv.exe |
Legitimate |
System item according to inner database
hidserv.exe is a file in Windows 98 Second Edition. It Stands for "Human Interface Device... |
Change status
|
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
More info about file vshwin32.exe |
Legitimate |
Application program item according to inner database
File vshwin32.exe usually starts automatically on system's startup and stays in background. It... |
Change status
|
| O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe |
Questionable |
questionable item according to our database |
Change status
|
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
More info about file msnmsgr.exe |
Legitimate |
System item according to inner database
Microsoft Windows Messenger chat client. |
Change status
|
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
More info about file wkcalrem.exe |
Legitimate |
Application program item according to inner database
This file is related to Calendar Reminder - this background process is a standard part of Microsoft... |
Change status
|
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
More info about file easyshare.exe |
Legitimate |
Application program item according to inner database
The file is related to Kodak camera software. |
Change status
|
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
More info about file kodak software updater.exe |
Legitimate |
Application program item according to inner database
The file is related to Kodak camera software. |
Change status
|
| O4 - Startup: 2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE |
Unknown |
No exact entries found |
Insert file into database
|
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
More info about file osa9.exe |
Legitimate |
Application program item according to inner database
Loads Microsoft Office components at reboot, to improve the startup time of the Office programs.... |
Change status
|
| O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe |
Unknown |
No exact entries found |
Insert file into database
|
| O10 - Hijacked Internet access by New.Net |
Questionable |
This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix. |
Change status
|
| O10 - Hijacked Internet access by New.Net |
Questionable |
This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix. |
Change status
|
| O10 - Hijacked Internet access by New.Net |
Questionable |
This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix. |
Change status
|
| O10 - Hijacked Internet access by New.Net |
Questionable |
This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix. |
Change status
|
| O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll |
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.mid' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll |
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.au' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll |
Legitimate |
This item represents a plugin added to Internet Explorer to work with '.mov' files. Seems to be safe, unless you know that it is malicious. |
Change status
|
| O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab |
Questionable |
Are you using an ActiveX object with a name 'WScanCtl Class' located in 'http://www3.ca.com/securityadvisor/virusinfo/webscan.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab |
Questionable |
Are you using an ActiveX object with a name 'GbPluginObj Class' located in 'https://imagem.caixa.gov.br/cab/GbPluginCef.cab'? If not, fix this item. |
Change status
|
| O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx |
Questionable |
Are you using an ActiveX object with a name 'Get_ActiveX Control' located in 'https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx'? If not, fix this item. |
Change status
|
|
Follow us 
|
Like us 
(91/100)
(89/100)
(84/100)
