Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	43	51%
Not necessary items	17	20%
	60	71%

File and registry entries that can be both dangerous or safe

Questionable items	4	5%
Unknown items	20	24%
	24	29%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com library A part of Spyware Doctor, a popular legitimate anti-spyware program.	Change status
C:\WINDOWS\system32\slserv.exe More info about file slserv.exe	Legitimate	Item found in 2-spyware.com library Installed alongside Smartlink communication software for modems. It is a tool that displays the...	Change status
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe More info about file smagent.exe	Legitimate	Item found in 2-spyware.com library SoundMAX Agent. Related to drivers for various sound cards and similar devices.	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe More info about file smtray.exe	Legitimate	Item found in 2-spyware.com library Related to drivers for various sound cards and similar devices. Places an icon in the system tray...	Change status
C:\Program Files\Razer\razerhid.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\RUNDLL32.EXE More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\MessengerPlus! 3\MsgPlus.exe More info about file msgplus.exe	Legitimate	Item found in 2-spyware.com library Third-party, but legitiamte MSN Messenger extension. Can also be related to some spyware threats...	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Razer\razerofa.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe More info about file psfree.exe	Legitimate		Change status
C:\Program Files\MSN Messenger\MsnMsgr.Exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
C:\Program Files\AdsBlock\adsblock.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe	Unknown	No exact entries found	Insert file into database
C:\Documents and Settings\lAiNe.COMPUTER\Desktop\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about: asdkljdsg	Not necessary	about: asdkljdsg is your Search Bar. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about: asdkljdsg	Not necessary	about: asdkljdsg is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about: asdkljdsg	Not necessary	about: asdkljdsg is your local page. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://join.msn.com/?page=sitewide/worldwide	Not necessary	http://join.msn.com/?page=sitewide/worldwide is related to your Internet Connection Wizard. If you do not like this fact, fix this item.	Change status
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt2.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g30458421.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp102.tmp	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)	Not necessary	Fix this item, because it points to file that cannot be found	Change status
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll	Legitimate	legitimate toolbar, related to EPSON Web-To-Page software	Change status
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" More info about file jusched.exe	Legitimate	Application program item according to inner database Checks if there are new versions of Java available.	Change status
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" More info about file smtray.exe	Legitimate	Application program item according to inner database Related to drivers for various sound cards and similar devices. Places an icon in the system tray...	Change status
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer\razerhid.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime More info about file qttask.exe	Legitimate	Application program item according to inner database Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\"....	Change status
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" More info about file msgplus.exe	Legitimate	Application program item according to inner database Third-party, but legitiamte MSN Messenger extension. Can also be related to some spyware threats...	Change status
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k	Questionable	questionable item according to our database	Change status
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" More info about file ituneshelper.exe	Legitimate	Application program item according to inner database Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\".	Change status
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE" /P23 "EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [9ciP] C:\WINDOWS\mvdriuk.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [05970215.exe] C:\WINDOWS\system32\05970215.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [Yumgo''s Homepage Protector V1] YumgoHomepageProtector.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 More info about file adobeupdatemanager.exe	Legitimate	Application program item according to inner database Related to Adobe Acrobat Reader.	Change status
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" More info about file psfree.exe	Dangerous	Spyware related item according to inner database Popup Stopper Free edition from PanicWare. PSFree.exe is located in "C:\PROGRAM...	Change status
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - Startup: AdsGone.lnk = ?	Not necessary	Fix this item because it points to nowhere	Change status
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	A part of Adobe Acrobat Reader. Used to speed up the program's launch time.	Change status
O4 - Global Startup: AdsBlock 2004.lnk = C:\Program Files\AdsBlock\adsblock.exe	Unknown	No exact entries found	Insert file into database
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html	Not necessary	Do you want item 'Translate into English' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'Spyware Doctor' and points to file 'C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Not necessary	This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item.	Change status
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll	Legitimate	This item represents a plugin added to Internet Explorer to work with '.pdf' files. Seems to be safe, unless you know that it is malicious.	Change status
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab	Questionable	Are you using an ActiveX object with a name 'EGamesPlugin Class' located in 'https://www.e-games.com.my/com/EGamesPlugin.cab'? If not, fix this item.	Change status
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab	Questionable	Are you using an ActiveX object with a name 'MSN Photo Upload Tool' located in 'http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab'? If not, fix this item.	Change status
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo .com/games/play/client/exentctl_0_0_0_1.ocx	Questionable	Are you using an ActiveX object with a name 'ExentInf Class' located in 'http://us.games2.yimg.com/download.games.yahoo .com/games/play/client/exentctl_0_0_0_1.ocx'? If not, fix this item.	Change status
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)	Not necessary	It is a protocol hijacker that points to nowhere. Fix this item.	Change status
O20 - AppInit_DLLs: MsgPlusLoader.dll	Legitimate	Related to MessengerPlus	Change status
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g4820671.dll	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll	Legitimate	windows check	Change status
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)	Unknown	No exact entries found	Change status
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)	Unknown	No exact entries found	Change status
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE	Legitimate	Related to Canon Inc. http://www.canon.com/	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com database. A part of Spyware Doctor, a popular legitimate anti-spyware...	Change status
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe More info about file slserv.exe	Legitimate	Item found in 2-spyware.com database. Installed alongside Smartlink communication software for modems. It is a tool that displays the...	Change status
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe More info about file smagent.exe	Legitimate	Item found in 2-spyware.com database. SoundMAX Agent. Related to drivers for various sound cards and similar...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries