Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	41	60%
Not necessary items	8	12%
	49	72%

File and registry entries that can be both dangerous or safe

Questionable items	10	15%
Unknown items	9	13%
	19	28%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINNT\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\system32\services.exe More info about file services.exe	Questionable	This item can be legitimate or spyware related, depending on its location and other factors. Make some further research on it.	Change status
C:\WINNT\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\system32\ZONELABS\vsmon.exe More info about file vsmon.exe	Legitimate	Item found in 2-spyware.com library Related to the ZoneAlarm firewall from ZoneLabs. Located in "C:\WINDOWS\SYSTEM\ZONELABS\".	Change status
C:\WINNT\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\WINNT\system32\netdde.exe More info about file netdde.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft products. avgamsvr.exe is legitimate.	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe More info about file avgemc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\WINNT\System32\snmp.exe More info about file snmp.exe	Legitimate	Item found in 2-spyware.com library This file is related to SNMP Service - it is a legitimate tool, which is a part of Microsoft...	Change status
C:\WINNT\SYSTEM32\THOTKEY.EXE More info about file thotkey.exe	Legitimate	Item found in 2-spyware.com library The file is related to Toshiba laptop software.	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe More info about file avgcc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe More info about file zlclient.exe	Legitimate	Item found in 2-spyware.com library ZoneAlarm Firewall http://www.zonelabs.com	Change status
C:\WINNT\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\VITALS~1\LTNC\LTNC.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\WinZip\WZQKPICK.EXE More info about file wzqkpick.exe	Legitimate	Item found in 2-spyware.com library System tray icon for WinZip software by Niko Mak Computing, Inc. WZQKPick.exe is located in...	Change status
C:\Program Files\RALINK\Common\RaUI.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe More info about file soffice.exe	Legitimate	Item found in 2-spyware.com library Vital component of the OpenOffice.org suite	Change status
C:\WINNT\explorer.exe More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Outlook Express\msimn.exe More info about file msimn.exe	Legitimate	Item found in 2-spyware.com library This is the most significant component of Microsoft Outlook Express mail client. It is responsible...	Change status
C:\Documents and Settings\Toshiba\Desktop\HJT\analyse.exe	Unknown	No exact entries found	Insert file into database
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crikey.com.au/	Not necessary	http://www.crikey.com.au/ is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54729 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.crikey.com.au/	Not necessary	http://www.crikey.com.au/ is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}	Not necessary	http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer	Not necessary	Internet Explorer is the title in your Internet Explorer window. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = verdi.pfizer.com:80	Not necessary	verdi.pfizer.com:80 is your Proxy Server. If you do not like this fact, fix this item.	Change status
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: (no name) - {173F49D3-D490-46CE-BF75-A20BDBA2EF3D} - C:\WINNT\system32\awtqp.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll	Legitimate	legitimate bho toolbar, related to SpyBot Search&Destroy	Change status
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon More info about file mobsync.exe	Legitimate	System item according to inner database "With Internet Explorer, you can make pages available offline. You can use Synchronization Manager...	Change status
O4 - HKLM\..\Run: [Promon.exe] Promon.exe	Questionable	questionable item according to our database	Change status
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe More info about file nerocheck.exe	Legitimate	Application program item according to inner database Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for...	Change status
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP More info about file avgcc.exe	Legitimate	System item according to inner database It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" More info about file zlclient.exe	Legitimate	System item according to inner database ZoneAlarm Firewall http://www.zonelabs.com	Change status
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 More info about file adobeupdatemanager.exe	Legitimate	Application program item according to inner database Related to Adobe Acrobat Reader.	Change status
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [LanToucher] C:\PROGRA~1\VITALS~1\LTNC\LTNC.exe	Unknown	No exact entries found	Insert file into database
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe	Questionable	questionable item according to our database	Change status
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	A part of Adobe Acrobat Reader. Used to speed up the program's launch time.	Change status
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE More info about file osa9.exe	Legitimate	Application program item according to inner database Loads Microsoft Office components at reboot, to improve the startup time of the Office programs....	Change status
O4 - Global Startup: Launch Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe More info about file msimn.exe	Legitimate	Application program item according to inner database This is the most significant component of Microsoft Outlook Express mail client. It is responsible...	Change status
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE More info about file wzqkpick.exe	Legitimate	Application program item according to inner database System tray icon for WinZip software by Niko Mak Computing, Inc. WZQKPick.exe is located in...	Change status
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe	Unknown	No exact entries found	Insert file into database
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present	Questionable	This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item.	Change status
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present	Questionable	This item can be set only by administrator or by Spybot software. If you are administrator and you do not know anything about it, then fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\msmsgs.exe'. If you do not want it to be there, fix this item.	Change status
O11 - Options group: [INTERNATIONAL] International*	Questionable	This item represents a group added to Advanced Options tab in IE Tools > Internet Options menu. Should the item called "INTERNATIONAL" be there? If not, fix it.	Change status
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB	Questionable	Are you using an ActiveX object with a name 'PCPitstop Utility' located in 'http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB'? If not, fix this item.	Change status
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?979026312998	Legitimate	Legitimate ActiveX item from site http://update.microsoft.com/	Change status
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB	Questionable	Are you using an ActiveX object with a name 'Progetto1.int_ver34' located in 'http://advnt01.com/dialer/int_ver34.CAB'? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5F1F4A-983F-4B36-AEB5-F14854D84499}: Domain = nsw.bigpond.net.au	Questionable	Do you recognize these IP addresses 'nsw.bigpond.net.au' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5F1F4A-983F-4B36-AEB5-F14854D84499}: Domain = nsw.bigpond.net.au	Questionable	Do you recognize these IP addresses 'nsw.bigpond.net.au' as your internet provider DNS servers? If not, fix this item.	Change status
O20 - Winlogon Notify: awtqp - C:\WINNT\system32\awtqp.dll	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: winqlr32 - C:\WINNT\SYSTEM32\winqlr32.dll	Unknown	No exact entries found	Change status
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe More info about file avgemc.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE More info about file thotkey.exe	Legitimate	Item found in 2-spyware.com database. The file is related to Toshiba laptop...	Change status
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe More info about file vsmon.exe	Legitimate	Item found in 2-spyware.com database. Related to the ZoneAlarm firewall from ZoneLabs. Located in...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries