Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	74	83%
Not necessary items	3	3%
	77	86%

File and registry entries that can be both dangerous or safe

Questionable items	1	1%
Unknown items	11	12%
	12	13%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\acs.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe More info about file ccsetmgr.exe	Legitimate	Item found in 2-spyware.com library An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe More info about file ccevtmgr.exe	Legitimate	Item found in 2-spyware.com library ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus...	Change status
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe More info about file ccproxy.exe	Legitimate	Item found in 2-spyware.com library File related to Symantec software	Change status
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe More info about file sndsrvc.exe	Legitimate	Item found in 2-spyware.com library This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs...	Change status
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe More info about file spbbcsvc.exe	Legitimate	Item found in 2-spyware.com library Essential component of Symantec's Norton Internet Security suite.	Change status
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe More info about file symlcsvc.exe	Legitimate	Item found in 2-spyware.com library An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe More info about file navapsvc.exe	Legitimate	Item found in 2-spyware.com library Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on...	Change status
C:\Program Files\Multimedia Card Reader\shwicon2k.exe More info about file shwicon2k.exe	Legitimate	Item found in 2-spyware.com library This is a part of the drivers for Alcor Micro multimedia card readers. File shwicon2k.exe runs...	Change status
C:\WINDOWS\ALCXMNTR.EXE More info about file alcxmntr.exe	Legitimate	Item found in 2-spyware.com library RealTek AC97 Event Monitor. ALCXMNTR.EXE is located in "C:\WINDOWS\" on Windows 95/98/ME/XP...	Change status
C:\Program Files\Common Files\Symantec Shared\ccApp.exe More info about file ccapp.exe	Legitimate	Item found in 2-spyware.com library From Symantec: "ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
C:\WINDOWS\System32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software.	Change status
C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com library A part of Spyware Doctor, a popular legitimate anti-spyware program.	Change status
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Messenger\msmsgs.exe More info about file msmsgs.exe	Legitimate	Item found in 2-spyware.com library Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe More info about file gcasdtserv.exe	Legitimate	Item found in 2-spyware.com library An essential part of Microsoft AntiSpyware. It is required to run and control the program.	Change status
C:\PROGRA~1\SPYWAR~2\swdoctor.exe More info about file swdoctor.exe	Legitimate	Item found in 2-spyware.com library Main component of Spyware Doctor, a popular anti-spyware program.	Change status
C:\WINDOWS\system32\rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\wdfmgr.exe More info about file wdfmgr.exe	Legitimate	Item found in 2-spyware.com library A part of Microsoft Windows Media Player 10. It is used to eliminate software compatibility...	Change status
C:\WINDOWS\system32\BRMFRSMG.EXE More info about file brmfrsmg.exe	Legitimate	Item found in 2-spyware.com library This is an essential component of Brother printer drivers. File brmfrsmg.exe is used to control a...	Change status
C:\WINDOWS\System32\alg.exe More info about file alg.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\wuauclt.exe More info about file wuauclt.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE	Unknown	No exact entries found	Insert file into database
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yorku.ca/	Not necessary	http://www.yorku.ca/ is your start page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/	Not necessary	http://ca10.hpwis.com/ is your start page. If you do not like this fact, fix this item.	Change status
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll More info about file nisshext.dll	Legitimate	Application program item according to inner database A web browser toolbar belonging to Symantec AdBlocker, which is integrated into a variety of...	Change status
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll More info about file navshext.dll	Legitimate	Application program item according to inner database Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses...	Change status
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll More info about file googletoolbar1.dll	Legitimate	Application program item according to inner database An essential component of Google Toolbar.	Change status
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll More info about file nisshext.dll	Legitimate	Application program item according to inner database A web browser toolbar belonging to Symantec AdBlocker, which is integrated into a variety of...	Change status
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll More info about file navshext.dll	Legitimate	Application program item according to inner database Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses...	Change status
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe More info about file hkcmd.exe	Legitimate	System item according to inner database Hotkey Command Module for Intel Graphics Contollers. Located in "C:\WINNT\System32\" on Windows...	Change status
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE More info about file recguard.exe	Legitimate	Application program item according to inner database File recguard.exe can be found on some Hewlett-Packard computers. It is used to protect Windows XP...	Change status
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe More info about file shwicon2k.exe	Legitimate	Application program item according to inner database This is a part of the drivers for Alcor Micro multimedia card readers. File shwicon2k.exe runs...	Change status
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE More info about file alcxmntr.exe	Legitimate	System item according to inner database RealTek AC97 Event Monitor. ALCXMNTR.EXE is located in "C:\WINDOWS\" on Windows 95/98/ME/XP...	Change status
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" More info about file ccapp.exe	Legitimate	System item according to inner database From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe More info about file nerocheck.exe	Legitimate	Application program item according to inner database Related to Nero CD/DVD Burning software. From the publisher: "This program constantly checks for...	Change status
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" More info about file gcasserv.exe	Legitimate	Application program item according to inner database An essential component of Microsoft AntiSpyware.	Change status
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u	Questionable	questionable item according to our database	Change status
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook More info about file rundll32.exe	Legitimate	System item according to inner database Rundll32.exe loads and runs 32-bit DLLs. Rundll32.exe comes with all versions of Microsoft Windows....	Change status
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background More info about file msmsgs.exe	Legitimate	System item according to inner database Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q More info about file swdoctor.exe	Legitimate	Application program item according to inner database Main component of Spyware Doctor, a popular anti-spyware program.	Change status
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'Spyware Doctor' and points to file 'C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll'. If you do not want it to be there, fix this item.	Change status
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll	Legitimate	Related to Intel(R) integrated graphics controller	Change status
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe	Legitimate	related to Atheros Wireless LAN	Change status
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe	Legitimate	Required for PhotoshopCS	Change status
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe	Legitimate	Related to Autodesk, Inc.	Change status
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe More info about file ccevtmgr.exe	Legitimate	Item found in 2-spyware.com database. ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus...	Change status
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe More info about file ccproxy.exe	Legitimate	Item found in 2-spyware.com database. File related to Symantec...	Change status
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe More info about file ccsetmgr.exe	Legitimate	Item found in 2-spyware.com database. An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe More info about file navapsvc.exe	Legitimate	Item found in 2-spyware.com database. Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on...	Change status
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe More info about file firedaemon.exe	Legitimate	Item found in 2-spyware.com database. File firedaemon.exe is the main executable component of FireDaemon system tool, published by...	Change status
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE	Unknown	No exact entries found	Insert file into database
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related...	Change status
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe More info about file savscan.exe	Legitimate	Item found in 2-spyware.com database. This executable file is a standard part of antivirus and security-related software, published by...	Change status
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Runs a service related to Spyware Doctor, a popular legitimate anti-spyware program.	Change status
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe More info about file sndsrvc.exe	Legitimate	Item found in 2-spyware.com database. This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs...	Change status
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe More info about file spbbcsvc.exe	Legitimate	Item found in 2-spyware.com database. Essential component of Symantec's Norton Internet Security...	Change status
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe More info about file symlcsvc.exe	Legitimate	Item found in 2-spyware.com database. An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe More info about file firedaemon.exe	Legitimate	Item found in 2-spyware.com database. File firedaemon.exe is the main executable component of FireDaemon system tool, published by...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries