Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	43	47%
Not necessary items	16	18%
	59	65%

File and registry entries that can be both dangerous or safe

Questionable items	6	7%
Unknown items	26	29%
	32	36%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\inetsrv\inetinfo.exe More info about file inetinfo.exe	Legitimate	Item found in 2-spyware.com library File inetinfo.exe is related to Microsoft Internet Information Services. This software acts as a...	Change status
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe	Unknown	No exact entries found	Insert file into database
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe	Unknown	No exact entries found	Insert file into database
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe More info about file mcshield.exe	Legitimate	Item found in 2-spyware.com library Process mcshield.exe usually starts automatically on system's startup and stays in background. It...	Change status
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe More info about file tsvncache.exe	Legitimate	Item found in 2-spyware.com library TortoiseSVN [ http://tortoisesvn.tigris.org ] developer tool Caching program	Change status
C:\WINDOWS\RTHDCPL.EXE More info about file rthdcpl.exe	Legitimate	Item found in 2-spyware.com library The file is related to Realtek HD Audio software.	Change status
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe More info about file mdm.exe	Legitimate	Item found in 2-spyware.com library mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM...	Change status
C:\Program Files\McAfee\MPF\MPFSrv.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\McAfee.com\Agent\mcagent.exe More info about file mcagent.exe	Legitimate	Item found in 2-spyware.com library Part of McAfee Anti-Virus. Located in "c:\Program Files\mcafee.com\agent\".	Change status
C:\Program Files\Offline Course Player\OlpSynch.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe More info about file sqlservr.exe	Legitimate	Item found in 2-spyware.com library sqlservr.exe is the main component of Microsoft SQL Server. It is an essential application process...	Change status
C:\Program Files\Common Files\Real\Update_OB\realsched.exe More info about file realsched.exe	Legitimate	Item found in 2-spyware.com library Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE More info about file outlook.exe	Questionable	This process is usually legitimate and related to Microsoft Office. But it also might be a part of parasite, depending on its location and other factors. Make some further research on it.	Change status
C:\WINDOWS\System32\alg.exe More info about file alg.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\wscntfy.exe More info about file wscntfy.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe More info about file mcsysmon.exe	Legitimate	Item found in 2-spyware.com library mcsysmon.exe is part of the McAfee VirusScan API anti-virus suite. It monitors system activity for...	Change status
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe More info about file devenv.exe	Legitimate	Item found in 2-spyware.com library Executable devenv.exe is a part of Microsoft Visual Studio integrated development environment. This...	Change status
C:\Documents and Settings\Administrator\Desktop\amazon-ecs-2007-07-16-cs-library\amazon-ecs-2007-07-16-cs-library \src\Amazon.ECS.Samples\bin\Debug\Amazon.ECS.Samples.vshost.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\dllhost.exe More info about file dllhost.exe	Legitimate	Process found in system process library	Change status
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\inetsrv\DavCData.exe More info about file davcdata.exe	Legitimate	Item found in 2-spyware.com library File davcdata.exe is an essential component of Microsoft IIS software. This software runs on...	Change status
C:\Program Files\Safari\Safari.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\MSN Messenger\msnmsgr.exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
C:\Program Files\MSN Messenger\usnsvc.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Spyware Doctor\pctsAuxs.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Spyware Doctor\pctsSvc.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Spyware Doctor\pctsTray.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
C:\WINDOWS\system32\wbem\wmiprvse.exe	Legitimate	Process found in system process library	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/	Not necessary	http://www.google.co.in/ is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local	Not necessary	*.local overrides your Proxy Server. If you do not like this fact, fix this item.	Change status
O1 - Hosts: 67.19.173.157 dashboard.efficience.us	Questionable	Do you want an URL address "dashboard.efficience.us" to be redirected to "67.19.173.157" when you type it? If not, then fix this
O1 - Hosts: 207.171.183.113 s3.amazonaws.com	Questionable	Do you want an URL address "s3.amazonaws.com" to be redirected to "207.171.183.113" when you type it? If not, then fix this
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE More info about file rthdcpl.exe	Legitimate	Application program item according to inner database The file is related to Realtek HD Audio software.	Change status
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE More info about file alcmtr.exe	Legitimate	Runs a tool related to RealTek sound card drivers on Windows startup.	Change status
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey More info about file mcagent.exe	Legitimate	Application program item according to inner database Part of McAfee Anti-Virus. Located in "c:\Program Files\mcafee.com\agent\".	Change status
O4 - HKLM\..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot More info about file realsched.exe	Legitimate	Application program item according to inner database Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" More info about file thguard.exe	Legitimate	Application program item according to inner database TrojanGuard is a legitimate anti-trojan program.	Change status
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe	Unknown	No exact entries found	Insert file into database
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User ''SYSTEM'')	Unknown	No exact entries found	Change status
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User ''Default user'')	Unknown	No exact entries found	Change status
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm	Not necessary	Do you want item 'Download all with Free Download Manager' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm	Not necessary	Do you want item 'Download selected with Free Download Manager' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm	Not necessary	Do you want item 'Download video with Free Download Manager' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm	Not necessary	Do you want item 'Download with Free Download Manager' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'IE Developer Toolbar' and points to file 'C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)	Not necessary	Fix this item because it points to a file that cannot be found	Change status
O9 - Extra ''Tools'' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)	Not necessary	Fix this item because it points to a file that cannot be found	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O15 - Trusted Zone: http://wm.efficience.us	Questionable	Do you want URL pattern "http://wm.efficience.us" to be in your trusted zone of IE? If not, fix this item.	Change status
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.44/uploader2.cab	Questionable	Are you using an ActiveX object with a name 'UploadListView Class' located in 'http://picasaweb.google.com/s/v/27.44/uploader2.cab'? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BF5BEF-CB47-49E8-BAC3-10A2E8EDAD46}: NameServer = 208.67.222.222,208.67.222.220	Questionable	Do you recognize these IP addresses '208.67.222.222,208.67.222.220' as your internet provider DNS servers? If not, fix this item.	Change status
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\WMI VPN\Extranet_serv.exe	Legitimate	Related to Novel server.	Change status
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe More info about file googleupdaterservice.exe	Legitimate	Item found in 2-spyware.com database. Service for Google...	Change status
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe More info about file mcshield.exe	Legitimate	Item found in 2-spyware.com database. Process mcshield.exe usually starts automatically on system's startup and stays in background. It...	Change status
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe More info about file mcsysmon.exe	Legitimate	Item found in 2-spyware.com database. mcsysmon.exe is part of the McAfee VirusScan API anti-virus suite. It monitors system activity for...	Change status
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries