Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	51	60%
Not necessary items	12	14%
	63	74%

File and registry entries that can be both dangerous or safe

Questionable items	5	6%
Unknown items	17	20%
	22	26%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe More info about file aawservice.exe	Legitimate	Item found in 2-spyware.com library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe More info about file aluschedulersvc.exe	Legitimate	Item found in 2-spyware.com library Related to Symantec anti-virus software.	Change status
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE More info about file mdm.exe	Legitimate	Item found in 2-spyware.com library mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM...	Change status
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\wanmpsvc.exe More info about file wanmpsvc.exe	Legitimate	Item found in 2-spyware.com library File wanmpsvc.exe is a standard component of AOL 7.0 software and its later versions. It runs...	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\RunDll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Dit.exe More info about file dit.exe	Legitimate	Item found in 2-spyware.com library Drive Icon and Label utility, represented by running dit.exe file, is a specific component of the...	Change status
C:\WINDOWS\mHotkey.exe More info about file mhotkey.exe	Legitimate	Item found in 2-spyware.com library The file is related to Chicony keyboard application.	Change status
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\Rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\Palm\HOTSYNC.EXE More info about file hotsync.exe	Legitimate	Item found in 2-spyware.com library This file is related to HotSync Manager program, which synchronizes attached Palm handheld with a...	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\NOTEPAD.EXE More info about file notepad.exe	Legitimate	Process found in system process library	Change status
C:\Documents and Settings\PropriÃ©taire\Local Settings\Temporary Internet Files\Content.IE5\LZONDMOS\HiJackThis[1].exe	Unknown	No exact entries found	Insert file into database
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/	Not necessary	http://www.sympatico.ca/ is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/	Not necessary	http://windowsupdate.microsoft.com/ is related to your Internet Connection Wizard. If you do not like this fact, fix this item.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens	Not necessary	Liens is your folder of IE toolbar links. If you do not like this fact, fix this item.	Change status
O2 - BHO: {28e93e2b-2984-66eb-2f44-d6e8ff5787c0} - {0c7875ff-8e6d-44f2-be66-4892b2e39e82} - C:\WINDOWS\system32\bpnmab.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll More info about file coieplg.dll	Legitimate	System item according to inner database symantec shared file	Change status
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll More info about file ipsbho.dll	Legitimate	System item according to inner database Description ipsbho.dll is a IPS Browser Helper DLL belonging to Symantec Intrusion Detection from...	Change status
O2 - BHO: Programme d''aide de l''Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll More info about file windowslivelogin.dll	Legitimate	Application program item according to inner database The file belongs to Microsoft Windows Live application.	Change status
O2 - BHO: (no name) - {9FFE7CAB-EFBE-481F-8220-F770C1B50C95} - C:\WINDOWS\system32\yayArPgf.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: (no name) - {CB7F6CA6-BBE3-446C-8FA7-0ABB1D81F90A} - C:\WINDOWS\system32\vtUnolJy.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll More info about file toolband.dll	Legitimate	Canon printer kit toolbar in ie7	Change status
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll More info about file coieplg.dll	Legitimate	System item according to inner database symantec shared file	Change status
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd More info about file cmicnfg.cpl	Legitimate	System item according to inner database system tray access for C-Media sound cards.	Change status
O4 - HKLM\..\Run: [Dit] Dit.exe More info about file dit.exe	Legitimate	System item according to inner database Drive Icon and Label utility, represented by running dit.exe file, is a specific component of the...	Change status
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe More info about file nerocheck.exe	Legitimate	Application program item according to inner database Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for...	Change status
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe More info about file mhotkey.exe	Legitimate	Application program item according to inner database The file is related to Chicony keyboard application.	Change status
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOLSHARE\AOLDialReg.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon More info about file bjpsmain.exe	Legitimate	Application program item according to inner database bjpsmain.exe is a process that is part of several Canon printer-related applications.	Change status
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" More info about file ccapp.exe	Legitimate	System item according to inner database From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [9429e652] rundll32.exe "C:\WINDOWS\system32\nkkwrkop.dll",b	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [BM971ad5ce] Rundll32.exe "C:\WINDOWS\system32\yptlvgqj.dll",s	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SERVICE LOCAL'')	Questionable	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')	Questionable	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')	Questionable	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE More info about file hotsync.exe	Legitimate	Application program item according to inner database This file is related to HotSync Manager program, which synchronizes attached Palm handheld with a...	Change status
O4 - Global Startup: Lancement rapide d''Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	Application program item according to inner database reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html	Not necessary	Do you want item 'Easy-WebPrint Impression rapide' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html	Not necessary	Do you want item 'Easy-WebPrint Imprimer' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Console Java (Sun)' and points to file 'C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Recherche' and points to file 'C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\WINDOWS\Network Diagnostic\xpnetdiag.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe	Not necessary	This item represents extra menu item in your Tools menu in IE with a name '@xpsp3res.dll,-20001' and points to file 'C:\WINDOWS\Network Diagnostic\xpnetdiag.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com	Questionable	This item changes your "default" Start page in IE. It will appear if you Restore default web settings. If you are an administrator and you do not recognize address "", fix this item.	Change status
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab	Questionable	Are you using an ActiveX object with a name 'Symantec Download Manager' located in 'https://webdl.symantec.com/activex/symdlmgr.cab'? If not, fix this item.	Change status
O20 - Winlogon Notify: yayArPgf - C:\WINDOWS\SYSTEM32\yayArPgf.dll	Unknown	No exact entries found	Change status
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe More info about file aawservice.exe	Legitimate	Item found in 2-spyware.com database. ...	Change status
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe More info about file aluschedulersvc.exe	Legitimate	Item found in 2-spyware.com database. Related to Symantec anti-virus...	Change status
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Legitimate	Related to Norton/Symantec AntiVirus	Change status
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Legitimate	Related to Norton/Symantec AntiVirus.	Change status
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE	Unknown	No exact entries found	Insert file into database
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe More info about file symlcsvc.exe	Legitimate	Item found in 2-spyware.com database. An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe More info about file wanmpsvc.exe	Legitimate	Item found in 2-spyware.com database. File wanmpsvc.exe is a standard component of AOL 7.0 software and its later versions. It runs...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries