Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	24	44%
Not necessary items	10	19%
	34	63%

File and registry entries that can be both dangerous or safe

Questionable items	7	13%
Unknown items	10	19%
	17	32%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
E:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\system32\services.exe More info about file services.exe	Questionable	This item can be legitimate or spyware related, depending on its location and other factors. Make some further research on it.	Change status
E:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\system32\LxrJD31s.exe More info about file lxrjd31s.exe	Legitimate	Item found in 2-spyware.com library The file is related to Lexar Jump USB Thumb Drives software.	Change status
E:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\System32\WgaTray.exe More info about file wgatray.exe	Legitimate	Item found in 2-spyware.com library This is legitimate file related Microsoft Windows Genuine Advantage software.	Change status
E:\WINDOWS\System32\nostd.scr	Unknown	No exact entries found	Insert file into database
E:\WINDOWS\System32\bsys.scr	Unknown	No exact entries found	Insert file into database
E:\WINDOWS\System32\bssys.exe	Unknown	No exact entries found	Insert file into database
E:\Program Files\MSN Messenger\msnmsgr.exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
E:\Program Files\Messenger\MSMSGS.EXE More info about file msmsgs.exe	Legitimate	Item found in 2-spyware.com library Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe More info about file svchost.exe	Questionable	Process found in system process library but with a different location	Change status
E:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe	Unknown	No exact entries found	Insert file into database
E:\WINDOWS\System32\wuauclt.exe More info about file wuauclt.exe	Legitimate	Process found in system process library	Change status
E:\WINDOWS\explorer.exe More info about file explorer.exe	Legitimate	Process found in system process library	Change status
E:\Documents and Settings\Owner\Desktop\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
E:\Program Files\limewire\limewire.exe More info about file limewire.exe	Legitimate	Item found in 2-spyware.com library The file belongs to LimeWire P2P application.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diario69.com.br/homepage.asp	Not necessary	http://www.diario69.com.br/homepage.asp is your start page. If you do not like this fact, fix this item.	Change status
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diario69.com.br/homepage.asp	Not necessary	http://www.diario69.com.br/homepage.asp is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0	Not necessary	:0 is your Proxy Server. If you do not like this fact, fix this item.	Change status
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL	Questionable	If you do not recognize this path "E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL", then fix this item	Change status
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL More info about file mwssrcas.dll	Dangerous	Spyware related item according to inner database MWSSRCAS.DLL is a library file that contains malicious code, which implements main parasite...	Change status
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL More info about file mwsbar.dll	Dangerous	Spyware related item according to inner database MWSBAR.DLL is a dynamically linked library. In simple phrase, it is an essential component of a...	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll	Legitimate	legitimate bho toolbar, related to MSN Toolbar	Change status
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll	Legitimate	legitimate bho toolbar, related to Google Toolbar	Change status
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll	Legitimate	legitimate bho toolbar, related to MSN Toolbar	Change status
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - E:\WINDOWS\system32\mpeg4dec0.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll	Legitimate	legitimate bho, related to MSN Toolbar	Change status
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll More info about file msdxm.ocx	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [nostd] E:\WINDOWS\System32\nostd.scr	Questionable	HKLM - Run: [nostd], file: (params - 'NDOWS\System32\nostd.scr')	Change status
O4 - HKLM\..\Run: [bsys] E:\WINDOWS\System32\bsys.scr	Questionable	HKLM - Run: [bsys], file: (params - 'NDOWS\System32\bsys.scr')	Change status
O4 - HKLM\..\Run: [bssys] E:\WINDOWS\System32\bssys.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [WinZip] "E:\WINDOWS\System32\wzip32.exe" More info about file wzip32.exe	Dangerous	Spyware related item according to inner database wzip32.exe is an executable file which primary purpose is to start a parasite or launch some of its...	Change status
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - HKCU\..\Run: [cssrs] E:\WINDOWS\System32\cssrs.scr	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\MSMSGS.EXE" /background More info about file msmsgs.exe	Legitimate	System item according to inner database Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
O4 - Global Startup: svchost.exe	Questionable	Global Startup - link: 'svchost.exe', file: ''	Change status
O4 - Global Startup: ZDWLan Utility.lnk = E:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe	Unknown	No exact entries found	Insert file into database
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE	Not necessary	This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'E:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Messenger' and points to file 'E:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item.	Change status
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204	Legitimate	Legitimate ActiveX item from site http://go.microsoft.com/	Change status
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts /ei/SmileyCentralFWBInitialSetup1.0.0.15.cab	Questionable	Are you using an ActiveX object with no name located in 'http://ak.exe.imgfarm.com/images/nocache/funwebproducts /ei/SmileyCentralFWBInitialSetup1.0.0.15.cab'? If not, fix this item.	Change status
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)	Not necessary	It is a protocol hijacker that points to nowhere. Fix this item.	Change status
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll	Unknown	No exact entries found	Change status
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - E:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - E:\WINDOWS\SYSTEM32\LxrJD31s.exe More info about file lxrjd31s.exe	Legitimate	Item found in 2-spyware.com database. The file is related to Lexar Jump USB Thumb Drives...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries