Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	52	58%
Not necessary items	10	11%
	62	69%

File and registry entries that can be both dangerous or safe

Questionable items	3	3%
Unknown items	24	27%
	27	30%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\AVG\AVG8\avgrsx.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\ATKKBService.exe More info about file atkkbservice.exe	Legitimate	Item found in 2-spyware.com library Process File: atkkbservice.exe or atkkbservice Process Name: ASUS Keyboard Service	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\PSIService.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Viewpoint\Common\ViewpointService.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\wscntfy.exe More info about file wscntfy.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\Rundll32.exe More info about file rundll32.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Razer\Copperhead\razerhid.exe More info about file razerhid.exe	Legitimate	Item found in 2-spyware.com library The file is related to Razor mouse application.	Change status
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe More info about file jusched.exe	Legitimate	Item found in 2-spyware.com library Checks if there are new versions of Java available.	Change status
C:\Program Files\Common Files\Real\Update_OB\realsched.exe More info about file realsched.exe	Legitimate	Item found in 2-spyware.com library Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe More info about file hpwuschd2.exe	Legitimate	Item found in 2-spyware.com library hpwuschd2.exe is a legitimate process related to Hewlett Packard software.	Change status
C:\Program Files\Razer\Copperhead\razerofa.exe More info about file razerofa.exe	Legitimate	Item found in 2-spyware.com library The file is related to Razer application.	Change status
C:\Program Files\Windows Live\Messenger\msnmsgr.exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
C:\Program Files\Windows Live\Contacts\wlcomm.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Winamp\winamp.exe More info about file winamp.exe	Legitimate	Item found in 2-spyware.com library File winamp.exe, which starts a process with the same name, is the main executable component of...	Change status
C:\Program Files\Steam\Steam.exe More info about file steam.exe	Legitimate	Item found in 2-spyware.com library This file is a part of application that comes with most games, published by Valve Corporation. It...	Change status
C:\Program Files\Mozilla Firefox\firefox.exe More info about file firefox.exe	Legitimate	Item found in 2-spyware.com library File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all...	Change status
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/	Not necessary	http://www.google.ca/ is your start page. If you do not like this fact, fix this item.	Change status
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll	Questionable	If you do not recognize this entry name "AIM Toolbar Search Class" and this path "C:\Program Files\AIM Toolbar\aimtb.dll", then fix this item	Change status
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll	Questionable	If you do not recognize this entry name "AOLSearchHook Class" and this path "C:\Program Files\AIM Search\AOLSearch.dll", then fix this item	Change status
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll More info about file avgssie.dll	Legitimate	Application program item according to inner database Related to AVG Antivirus 8.0	Change status
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)	Not necessary	Fix this item, because it points to file that cannot be found	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll More info about file windowslivelogin.dll	Legitimate	Application program item according to inner database The file belongs to Microsoft Windows Live application.	Change status
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll	Unknown	No exact entries found	Insert file into database
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll More info about file veohietoolbar.dll	Legitimate	System item according to inner database it is a toolbar for a web video player.	Change status
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll More info about file veohietoolbar.dll	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE More info about file updreg.exe	Legitimate	System item according to inner database Reminder to register with Creative. Comes with some of Creatives sound cards. Located in...	Change status
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe More info about file razerhid.exe	Legitimate	Application program item according to inner database The file is related to Razor mouse application.	Change status
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" More info about file jusched.exe	Legitimate	Application program item according to inner database Checks if there are new versions of Java available.	Change status
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit More info about file nvmctray.dll	Legitimate	System item according to inner database nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot More info about file realsched.exe	Legitimate	Application program item according to inner database Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" More info about file winampa.exe	Legitimate	Application program item according to inner database winampa.exe is represented by a system tray icon and stands for Winamp player agent.	Change status
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe More info about file hpwuschd2.exe	Legitimate	Application program item according to inner database hpwuschd2.exe is a legitimate process related to Hewlett Packard software.	Change status
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime More info about file qttask.exe	Legitimate	Application program item according to inner database Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\"....	Change status
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" More info about file reader_sl.exe	Legitimate	Application program item according to inner database reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp	Unknown	No exact entries found	Insert file into database
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User ''SYSTEM'')	Unknown	No exact entries found	Change status
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User ''Default user'')	Unknown	No exact entries found	Change status
O4 - Startup: Keylogger Hunter.lnk = C:\Program Files\Keylogger Hunter\KeyloggerHunter.exe	Unknown	No exact entries found	Insert file into database
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe More info about file acstart16.exe	Legitimate	Application program item according to inner database acstart16.exe is related to the AutoCAD application. Do not terminate this process while using...	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'AIM Toolbar' and points to file 'C:\Program Files\AIM Toolbar\aimtb.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe	Not necessary	This item represents extra button in your IE toolbar with a name 'PokerStars' and points to file 'C:\Program Files\PokerStars\PokerStarsUpdate.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe	Not necessary	This item represents extra button in your IE toolbar with a name 'PPLive' and points to file 'C:\Program Files\PPLive\PPLive.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'PPLive' and points to file 'C:\Program Files\PPLive\PPLive.exe'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "linkscanner" and file "C:\Program Files\AVG\AVG8\avgpp.dll".	Change status
O20 - AppInit_DLLs: avgrsstx.dll	Unknown	No exact entries found	Change status
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe More info about file atkkbservice.exe	Legitimate	Item found in 2-spyware.com database. Process File: atkkbservice.exe or atkkbservice Process Name: ASUS Keyboard...	Change status
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe More info about file adskscsrv.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate file related to Autodesk licensing...	Change status
O23 - Service: Google Update Service (gupdate1c95c4e9d98a4) (gupdate1c95c4e9d98a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe	Legitimate	Related to Winpcap (Windows Packet Capture Library)	Change status
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries