Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	63	72%
Not necessary items	0	0%
	63	72%

File and registry entries that can be both dangerous or safe

Questionable items	0	0%
Unknown items	25	28%
	25	28%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\savedump.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe More info about file sched.exe	Legitimate	Item found in 2-spyware.com library Scheduler for AntiVir Anti Virus program.	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Unlocker\UnlockerAssistant.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\igfxtray.exe More info about file igfxtray.exe	Legitimate	Item found in 2-spyware.com library From a user: I just(hours ago) installed some newer Intel graphics drivers in my system(82810E),...	Change status
C:\WINDOWS\system32\hkcmd.exe More info about file hkcmd.exe	Legitimate	Item found in 2-spyware.com library hkcmd.exe is a system process related to the Hotkey Command Module for Intel Graphics Contollers....	Change status
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe More info about file avguard.exe	Legitimate	Item found in 2-spyware.com library avguard.exe stands for AntiVir real-time protection process. Do not terminate it.	Change status
C:\WINDOWS\system32\igfxpers.exe More info about file igfxpers.exe	Legitimate	Item found in 2-spyware.com library Related to the integrated intel graphics adapter driver.	Change status
C:\WINDOWS\RTHDCPL.EXE More info about file rthdcpl.exe	Legitimate	Item found in 2-spyware.com library The file is related to Realtek HD Audio software.	Change status
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Common Files\Real\Update_OB\realsched.exe More info about file realsched.exe	Legitimate	Item found in 2-spyware.com library Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe More info about file reader_sl.exe	Legitimate	Item found in 2-spyware.com library reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe More info about file pdvdserv.exe	Legitimate	Item found in 2-spyware.com library Related to some DVD playing programs like CyberLink PowerDVD. Provides support for the DVD drive's...	Change status
C:\Program Files\Vietkey2000\VKNT.EXE	Unknown	No exact entries found	Insert file into database
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe More info about file googleupdaterservice.exe	Legitimate	Item found in 2-spyware.com library Service for Google Updater	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe More info about file ulcdrsvr.exe	Legitimate	Item found in 2-spyware.com library Legitimate file ulcdrsvr.exe is an essential component of Ulead DVD Workshop video editing...	Change status
C:\WINDOWS\system32\CAP2RSK.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\System32\alg.exe More info about file alg.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe More info about file avgnt.exe	Legitimate	Item found in 2-spyware.com library avgnt.exe is a security process that is associated with the Avira Internet Security Suite, which...	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\DOCUME~1\seasoft\LOCALS~1\Temp\Application\mFormat.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe More info about file yahoomessenger.exe	Legitimate	Item found in 2-spyware.com library An executable file of Yahoo! Messenger.	Change status
C:\Program Files\Free Download Manager\fdm.exe More info about file fdm.exe	Legitimate	Item found in 2-spyware.com library fdm.exe is the main component of Free Download Manager. It is not an essential system process and...	Change status
C:\Program Files\Software Informer\softinfo.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\UTSCSI.EXE	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\wbem\wmiprvse.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\wuauclt.exe More info about file wuauclt.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com	Legitimate	http://www.yahoo.com is your start page. This is a legitimate page.	Change status
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll More info about file rpbrowserrecordplugin.dll	Legitimate	System item according to inner database RealPlayer plug in	Change status
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll More info about file yiesrvc.dll	Legitimate	Application program item according to inner database The file is related to Yahoo! software.	Change status
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll More info about file swg.dll	Legitimate	System item according to inner database google toolbar notifier	Change status
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Yahoo! Barre d''outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll More info about file yt.dll	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe More info about file igfxtray.exe	Legitimate	System item according to inner database From a user: I just(hours ago) installed some newer Intel graphics drivers in my system(82810E),...	Change status
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe More info about file hkcmd.exe	Legitimate	System item according to inner database hkcmd.exe is a system process related to the Hotkey Command Module for Intel Graphics Contollers....	Change status
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe More info about file igfxpers.exe	Legitimate	Application program item according to inner database Related to the integrated intel graphics adapter driver.	Change status
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE More info about file rthdcpl.exe	Legitimate	Application program item according to inner database The file is related to Realtek HD Audio software.	Change status
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE More info about file skytel.exe	Legitimate	Application program item according to inner database skytel.exe stands for the Realtek Voice Manager, which is part of Realtek devices.	Change status
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE More info about file alcmtr.exe	Legitimate	Runs a tool related to RealTek sound card drivers on Windows startup.	Change status
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 More info about file imjpmig.exe	Legitimate	System item according to inner database Related to Windows East Asian language support (Japanese keyboard entry). Located in...	Change status
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC More info about file imscinst.exe	Legitimate	Application program item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\PINTLGNT\".	Change status
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC More info about file tintsetp.exe	Legitimate	System item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\TINTLGNT\".	Change status
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName More info about file tintsetp.exe	Legitimate	System item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\TINTLGNT\".	Change status
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot More info about file realsched.exe	Legitimate	Application program item according to inner database Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" More info about file reader_sl.exe	Legitimate	Application program item according to inner database reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" More info about file pdvdserv.exe	Legitimate	Application program item according to inner database Related to some DVD playing programs like CyberLink PowerDVD. Provides support for the DVD drive's...	Change status
O4 - HKLM\..\Run: [Vietkey] C:\Program Files\Vietkey2000\VKNT.EXE	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min More info about file avgnt.exe	Legitimate	Application program item according to inner database avgnt.exe is a security process that is associated with the Avira Internet Security Suite, which...	Change status
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [UniKey] E:\Setup\Unikey 3.6\UniKeyNT.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [Quickbar] C:\DOCUME~1\seasoft\LOCALS~1\Temp\Application\mFormat.exe /RunInst 64	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet More info about file yahoomessenger.exe	Legitimate	Application program item according to inner database An executable file of Yahoo! Messenger.	Change status
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun More info about file fdm.exe	Legitimate	Application program item according to inner database fdm.exe is the main component of Free Download Manager. It is not an essential system process and...	Change status
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll	Legitimate	Legitimate extra button in your browser - related to Yahoo! Services.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O23 - Service: AusLogics Windows Themes Helper (ALThemeHelper) - Unknown owner - C:\Program Files\Auslogics\AusLogics Visual Styler\themehelpersvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe More info about file sched.exe	Legitimate	Item found in 2-spyware.com database. Scheduler for AntiVir Anti Virus...	Change status
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe More info about file avguard.exe	Legitimate	Item found in 2-spyware.com database. avguard.exe stands for AntiVir real-time protection process. Do not terminate it....	Change status
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe More info about file googleupdaterservice.exe	Legitimate	Item found in 2-spyware.com database. Service for Google...	Change status
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe More info about file ulcdrsvr.exe	Legitimate	Item found in 2-spyware.com database. Legitimate file ulcdrsvr.exe is an essential component of Ulead DVD Workshop video editing...	Change status
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries