Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	35	40%
Not necessary items	15	17%
	50	57%

File and registry entries that can be both dangerous or safe

Questionable items	3	3%
Unknown items	32	36%
	35	39%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\Windows\system32\taskeng.exe	Unknown	No exact entries found	Insert file into database
C:\Windows\system32\Dwm.exe	Unknown	No exact entries found	Insert file into database
C:\Windows\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Windows\System32\rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Synaptics\SynTP\SynTPStart.exe	Unknown	No exact entries found	Insert file into database
C:\Windows\System32\rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\HP\QuickPlay\QPService.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe More info about file hpwuschd2.exe	Legitimate	Item found in 2-spyware.com library hpwuschd2.exe is a legitimate process related to Hewlett Packard software.	Change status
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe More info about file hpwamain.exe	Legitimate	Item found in 2-spyware.com library hpwamain.exe is the HPWAMain Module for HP computers.	Change status
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe More info about file wifimsg.exe	Legitimate	Item found in 2-spyware.com library wifimsg.exe stands for the WiFi processing module on HP computers, belonging to the Wireless...	Change status
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe More info about file jusched.exe	Legitimate	Item found in 2-spyware.com library Checks if there are new versions of Java available.	Change status
C:\Program Files\Grisoft\AVG7\avgcc.exe More info about file avgcc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\iTunes\iTunesHelper.exe More info about file ituneshelper.exe	Legitimate	Item found in 2-spyware.com library Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\".	Change status
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	Item found in 2-spyware.com library reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
C:\Program Files\Windows Sidebar\sidebar.exe More info about file sidebar.exe	Dangerous	Item found in 2-spyware.com library sidebar.exe is an executable file which primary purpose is to start a parasite or launch some of...	Change status
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\MySpace\IM\MySpaceIM.exe	Unknown	No exact entries found	Insert file into database
C:\Windows\ehome\ehtray.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Windows Media Player\wmpnscfg.exe	Unknown	No exact entries found	Insert file into database
C:\Windows\ehome\ehmsas.exe More info about file ehmsas.exe	Legitimate	Item found in 2-spyware.com library The file belongs to Microsoft Windows Media Center application.	Change status
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe More info about file syntpenh.exe	Legitimate	Item found in 2-spyware.com library System tray access for Synaptics touch pads. Located in "C:\Program Files\Synaptics\SynTP\".	Change status
C:\Program Files\Grisoft\AVG7\avgw.exe More info about file avgw.exe	Legitimate	Item found in 2-spyware.com library File avgw.exe is related to AVG Anti-Virus. It performs some significant antivirus tasks, that are...	Change status
C:\Program Files\MySpace\IM\MySpaceIM.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop	Not necessary	http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop	Not necessary	http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local	Not necessary	*.local overrides your Proxy Server. If you do not like this fact, fix this item.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =	Not necessary	This is your folder of IE toolbar links, but it points to nowhere. If you do not like this fact, fix this item.	Change status
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll	Legitimate		Change status
O1 - Hosts: ::1 localhost	Questionable	Do you want an URL address "localhost" to be redirected to "::1" when you type it? If not, then fix this
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll More info about file coieplg.dll	Legitimate	System item according to inner database symantec shared file	Change status
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll More info about file ipsbho.dll	Legitimate	System item according to inner database Description ipsbho.dll is a IPS Browser Helper DLL belonging to Symantec Intrusion Detection from...	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll More info about file coieplg.dll	Legitimate	System item according to inner database symantec shared file	Change status
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit More info about file nvmctray.dll	Legitimate	System item according to inner database nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" More info about file ccapp.exe	Legitimate	System item according to inner database From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe More info about file hpwuschd2.exe	Legitimate	Application program item according to inner database hpwuschd2.exe is a legitimate process related to Hewlett Packard software.	Change status
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe More info about file hpwamain.exe	Legitimate	Application program item according to inner database hpwamain.exe is the HPWAMain Module for HP computers.	Change status
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe More info about file wifimsg.exe	Legitimate	Application program item according to inner database wifimsg.exe stands for the WiFi processing module on HP computers, belonging to the Wireless...	Change status
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" More info about file jusched.exe	Legitimate	Application program item according to inner database Checks if there are new versions of Java available.	Change status
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP More info about file avgcc.exe	Legitimate	System item according to inner database It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" More info about file ituneshelper.exe	Legitimate	Application program item according to inner database Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\".	Change status
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime More info about file qttask.exe	Legitimate	Application program item according to inner database Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\"....	Change status
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" More info about file reader_sl.exe	Legitimate	Application program item according to inner database reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto More info about file msconfig.exe	Legitimate	System item according to inner database Microsoft System Configuration Utility. Located in "C:\Windows\System" on Windows 98/ME and...	Change status
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun More info about file sidebar.exe	Dangerous	Spyware related item according to inner database sidebar.exe is an executable file which primary purpose is to start a parasite or launch some of...	Change status
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe	Unknown	No exact entries found	Insert file into database
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ''SYSTEM'')	Unknown	No exact entries found	Change status
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ''SYSTEM'')	Unknown	No exact entries found	Change status
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ''Default user'')	Unknown	No exact entries found	Change status
O4 - Global Startup: Vongo Tray.lnk = ?	Not necessary	Fix this item because it points to nowhere	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'Send to OneNote' and points to file 'C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'S&end to OneNote' and points to file 'C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'HP Smart Select' and points to file 'c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O13 - Gopher Prefix:	Dangerous	This item adds a prefix "Gopher Prefix: " for every URL address you enter in the IE and redirects you to wrong address. Fix this item.	Change status
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll	Unknown	No exact entries found	Change status
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe More info about file xaudio.exe	Legitimate	Item found in 2-spyware.com database. xaudio.exe is part of the Conexant SoftK56 Modem Driver package and is responsible for Modem Audio...	Change status
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData \ipsdefs\20080305.003\IDSvix86.sys [2008-03-06 261680]	Not necessary	. If you do not like this fact, fix this item.	Change status
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]	Questionable	If you do not recognize this entry name "rv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]" and this path "rv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]", then fix this item	Change status
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 41008]	Questionable	If you do not recognize this entry name "c:\windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 41008]" and this path "c:\windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 41008]", then fix this item	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries