Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	66	74%
Not necessary items	0	0%
	66	74%

File and registry entries that can be both dangerous or safe

Questionable items	7	8%
Unknown items	16	18%
	23	26%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Ahead\InCD\InCDsrv.exe More info about file incdsrv.exe	Legitimate	Item found in 2-spyware.com library Ahead Nero InCD Service. Allows to format writeable CDs and DVDs and use them as regular hard...	Change status
C:\WINDOWS\system32\LEXBCES.EXE More info about file lexbces.exe	Legitimate	Item found in 2-spyware.com library This file is a component of MarkVision software, published by Lexmark International. This software...	Change status
C:\WINDOWS\system32\LEXPPS.EXE More info about file lexpps.exe	Legitimate	Item found in 2-spyware.com library This file is related to Lexmark Printer Port Scanner utility, it is a standard component of the...	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe More info about file guard.exe	Legitimate	Item found in 2-spyware.com library ewido Anti-malware real-time guard	Change status
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\WINDOWS\system32\cisvc.exe More info about file cisvc.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\ewido anti-malware\ewidoctrl.exe More info about file ewidoctrl.exe	Legitimate	Item found in 2-spyware.com library This is a vital component of ewido security suite, a popular anti-spyware and anti-malware program.	Change status
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\Program Files\Softex\OmniPass\Omniserv.exe More info about file omniserv.exe	Legitimate	Item found in 2-spyware.com library The file belongs to Softex OmniPass application.	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\mqsvc.exe More info about file mqsvc.exe	Legitimate	Item found in 2-spyware.com library File mqsvc.exe is related to Microsoft Message Queue Service, found on some computers running...	Change status
C:\Program Files\Softex\OmniPass\OPXPApp.exe More info about file opxpapp.exe	Legitimate	Item found in 2-spyware.com library The file belongs to Softex OmniPass application.	Change status
C:\WINDOWS\system32\mqtgsvc.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe More info about file sdmcp.exe	Legitimate	Item found in 2-spyware.com library This is a part of Stardock software, which allows you to change the default look and feel of...	Change status
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe More info about file wbload.exe	Legitimate	Item found in 2-spyware.com library Vital component of Stardock Windows Blinds. Also related to legitimate products based on Windows...	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Softex\Weblink\WebLink.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe More info about file jusched.exe	Legitimate	Item found in 2-spyware.com library Checks if there are new versions of Java available.	Change status
C:\Program Files\Softex\OmniPass\scureapp.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe More info about file avgcc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\Program Files\SpyNoMore\SNM.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe More info about file avgemc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe More info about file dlbkbmgr.exe	Legitimate	Item found in 2-spyware.com library Dell All in one Printer. Located in "C:\Program Files\Dell AIO Printer A920\"	Change status
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe More info about file wkufind.exe	Legitimate	Item found in 2-spyware.com library Wkufind is a standard component of PictureIt! application, which is included in Microsoft Works...	Change status
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe More info about file avgas.exe	Legitimate	Item found in 2-spyware.com library Legitimate file, related to AVG anti-spyware.	Change status
C:\Program Files\Logitech\SetPoint\SetPoint.exe More info about file setpoint.exe	Legitimate	Item found in 2-spyware.com library The file is associated with Logitech Mouse/Keyboard application.	Change status
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE More info about file khalmnpr.exe	Legitimate	Item found in 2-spyware.com library The file is associated with Logitech Mouse/Keyboard application.	Change status
C:\WINDOWS\system32\cidaemon.exe More info about file cidaemon.exe	Legitimate	Item found in 2-spyware.com library This file is related to Microsoft Indexing Service - it is a complex system utility, which indexes...	Change status
C:\Documents and Settings\PaperBoy\My Documents\Unzipped\hijackthis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [WebLink] C:\Program Files\Softex\Weblink\WebLink.exe /boot	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe More info about file jusched.exe	Legitimate	Application program item according to inner database Checks if there are new versions of Java available.	Change status
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Long name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit More info about file nvmctray.dll	Legitimate	System item according to inner database nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe More info about file igfxtray.exe	Legitimate	System item according to inner database From a user: I just(hours ago) installed some newer Intel graphics drivers in my system(82810E),...	Change status
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP More info about file avgcc.exe	Legitimate	System item according to inner database It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe More info about file avgemc.exe	Legitimate	Application program item according to inner database It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE More info about file khalmnpr.exe	Legitimate	Application program item according to inner database The file is associated with Logitech Mouse/Keyboard application.	Change status
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" More info about file dlbkbmgr.exe	Legitimate	System item according to inner database Dell All in one Printer. Located in "C:\Program Files\Dell AIO Printer A920\"	Change status
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe More info about file wkufind.exe	Legitimate	Application program item according to inner database Wkufind is a standard component of PictureIt! application, which is included in Microsoft Works...	Change status
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized More info about file avgas.exe	Legitimate	Application program item according to inner database Legitimate file, related to AVG anti-spyware.	Change status
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 More info about file adobeupdatemanager.exe	Legitimate	Application program item according to inner database Related to Adobe Acrobat Reader.	Change status
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe	Unknown	No exact entries found	Insert file into database
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	A part of Adobe Acrobat Reader. Used to speed up the program's launch time.	Change status
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe More info about file setpoint.exe	Legitimate	Application program item according to inner database The file is associated with Logitech Mouse/Keyboard application.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll	Questionable	This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix.	Change status
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll	Questionable	This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix.	Change status
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll	Questionable	This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix.	Change status
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll	Questionable	This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix.	Change status
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll	Questionable	This item represents actions of so-called Layered Service Provider. It can be legitimate item or spyware. Be careful fixing it, because you can lose your internet connection. Find more information in Google or use a program called LSPFix.	Change status
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://echat.qwest.supportsoft.com/sdccommon/download/tgctlins.cab	Questionable	Are you using an ActiveX object with a name 'SupportSoft Installer' located in 'http://echat.qwest.supportsoft.com/sdccommon/download/tgctlins.cab'? If not, fix this item.	Change status
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB	Questionable	Are you using an ActiveX object with a name 'SysProWmi Class' located in 'http://support.dell.com/systemprofiler/SysPro.CAB'? If not, fix this item.	Change status
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204	Legitimate	Legitimate ActiveX item from site http://go.microsoft.com/	Change status
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll	Legitimate	Related to Intel(R) integrated graphics controller	Change status
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll	Legitimate	Related to Stardock WindowBlinds	Change status
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll	Legitimate	Related to Secure Password Management	Change status
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll	Legitimate	Related to Stardock WindowBlinds	Change status
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe More info about file guard.exe	Legitimate	Item found in 2-spyware.com database. ewido Anti-malware real-time...	Change status
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe More info about file ewidoctrl.exe	Legitimate	Item found in 2-spyware.com database. This is a vital component of ewido security suite, a popular anti-spyware and anti-malware...	Change status
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe More info about file incdsrv.exe	Legitimate	Item found in 2-spyware.com database. Ahead Nero InCD Service. Allows to format writeable CDs and DVDs and use them as regular hard...	Change status
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE More info about file lexbces.exe	Legitimate	Item found in 2-spyware.com database. This file is a component of MarkVision software, published by Lexmark International. This software...	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe More info about file omniserv.exe	Legitimate	Item found in 2-spyware.com database. The file belongs to Softex OmniPass...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries