Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	58	68%
Not necessary items	18	21%
	76	89%

File and registry entries that can be both dangerous or safe

Questionable items	3	4%
Unknown items	4	5%
	7	9%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\Ati2evxx.exe More info about file ati2evxx.exe	Legitimate	Item found in 2-spyware.com library File ati2evxx.exe, which starts a process with the same name, is the standard component of video...	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Internet Explorer\iexplore.exe More info about file iexplore.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\ewido anti-malware\ewidoctrl.exe More info about file ewidoctrl.exe	Legitimate	Item found in 2-spyware.com library This is a vital component of ewido security suite, a popular anti-spyware and anti-malware program.	Change status
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe More info about file sqlservr.exe	Legitimate	Item found in 2-spyware.com library Main component of Microsoft SQL Server	Change status
C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com library A part of Spyware Doctor, a popular legitimate anti-spyware program.	Change status
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe More info about file wrsssdk.exe	Legitimate	Item found in 2-spyware.com library Related to Spy Sweeper anti-spyware program.	Change status
C:\WINDOWS\System32\wdfmgr.exe More info about file wdfmgr.exe	Legitimate	Item found in 2-spyware.com library A part of Microsoft Windows Media Player 10. It is used to eliminate software compatibility...	Change status
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe More info about file xcommsvr.exe	Legitimate	Item found in 2-spyware.com library BitDefender Communication Server. It is a vital component of the BitDefender antivirus.	Change status
C:\Program Files\Raxco\PerfectDisk\PDSched.exe More info about file pdsched.exe	Legitimate	Item found in 2-spyware.com library The file belongs to PerfectDisk application.	Change status
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe More info about file bdss.exe	Legitimate	Item found in 2-spyware.com library BitDefender Scan Server, a vital component of BitDefender antivirus software.	Change status
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe More info about file livesrv.exe	Legitimate	Item found in 2-spyware.com library BitDefender Security Update Service. Updates BitDefender antivirus software.	Change status
C:\Program Files\Softwin\BitDefender10\vsserv.exe More info about file vsserv.exe	Legitimate	Item found in 2-spyware.com library Legitimate file, related to BitDefender.	Change status
C:\WINDOWS\system32\Ati2evxx.exe More info about file ati2evxx.exe	Legitimate	Item found in 2-spyware.com library File ati2evxx.exe, which starts a process with the same name, is the standard component of video...	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe More info about file cli.exe	Legitimate	Item found in 2-spyware.com library File cli.exe is related to ATI graphics card drivers. It runs simple program, which is not required...	Change status
C:\WINDOWS\inet20026\schedule.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Softwin\BitDefender10\bdagent.exe More info about file bdagent.exe	Legitimate	Item found in 2-spyware.com library Legitimate file, related to BitDefender.	Change status
C:\WINDOWS\System32\wbem\wmiapsrv.exe More info about file wmiapsrv.exe	Legitimate	Item found in 2-spyware.com library The file belongs to Microsoft WMI Performance Adapter application.	Change status
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe More info about file cli.exe	Legitimate	Item found in 2-spyware.com library File cli.exe is related to ATI graphics card drivers. It runs simple program, which is not required...	Change status
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe More info about file cli.exe	Legitimate	Item found in 2-spyware.com library File cli.exe is related to ATI graphics card drivers. It runs simple program, which is not required...	Change status
C:\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch	Not necessary	http://my.netzero.net/s/search?r=minisearch is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch	Not necessary	http://my.netzero.net/s/search?r=minisearch is your default SearchURL. If you do not like this fact, fix this item.	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0	Not necessary	:0 is your Proxy Server. If you do not like this fact, fix this item.	Change status
R3 - URLSearchHook: (no name) - {CE6DEB89-744F-79E1-1CF6-70E29B707B94} - C:\WINDOWS\System32\rncn.dll	Questionable	If you do not recognize this path "C:\WINDOWS\System32\rncn.dll", then fix this item	Change status
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)	Not necessary	Fix this item because it points to a file that cannot be found	Change status
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: (no name) - {CE6DEB89-744F-79E1-1CF6-70E29B707B94} - C:\WINDOWS\System32\rncn.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe More info about file atiptaxx.exe	Legitimate	System item according to inner database ATI Desktop Control Panel from ATI Technologies, Inc. Located in "C:\Program Files\ATI...	Change status
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k	Questionable	questionable item according to our database	Change status
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay More info about file cli.exe	Legitimate	Application program item according to inner database File cli.exe is related to ATI graphics card drivers. It runs simple program, which is not required...	Change status
O4 - HKLM\..\Run: [Microsoft sheduler] C:\WINDOWS\inet20026\schedule.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg More info about file bdmcon.exe	Legitimate	Application program item according to inner database Related to BitDefender program.	Change status
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" More info about file bdagent.exe	Legitimate	Application program item according to inner database Legitimate file, related to BitDefender.	Change status
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray More info about file spysweeper.exe	Legitimate	Application program item according to inner database An executable file of SpySweeper anti-spyware program.	Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q More info about file swdoctor.exe	Legitimate	Application program item according to inner database Main component of Spyware Doctor, a popular anti-spyware program.	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Legitimate	Legitimate extra button in your browser - related to Spyware Doctor.	Change status
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Yahoo! Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe	Legitimate	Legitimate extra button in your browser - related to AOL Instant Messenger.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll	Legitimate	This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious.	Change status
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream10k.redhotnetworks.com/cabs/videox.cab	Questionable	Are you using an ActiveX object with no name located in 'http://stream10k.redhotnetworks.com/cabs/videox.cab'? If not, fix this item.	Change status
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll	Dangerous	The file is related to Trojan.ARTM.	Change status
O20 - Winlogon Notify: mswmmqce - C:\WINDOWS\System32\mswmmqce.dll (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll	Dangerous	The file is related to Trojan.ARTM.	Change status
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll	Legitimate	Related to SpySweeper v 4.5 by Webroot	Change status
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\ligkup.dll (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe More info about file ati2evxx.exe	Legitimate	Item found in 2-spyware.com database. File ati2evxx.exe, which starts a process with the same name, is the standard component of video...	Change status
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe	Legitimate	ATI Video Card Control Panel	Change status
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe More info about file ewidoctrl.exe	Legitimate	Item found in 2-spyware.com database. This is a vital component of ewido security suite, a popular anti-spyware and anti-malware...	Change status
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe	Legitimate	Raxco PerfectDisk	Change status
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe More info about file pdsched.exe	Legitimate	Item found in 2-spyware.com database. The file belongs to PerfectDisk...	Change status
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: Scaiedrph - Unknown owner - (no file)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com database. A part of Spyware Doctor, a popular legitimate anti-spyware...	Change status
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe More info about file wrsssdk.exe	Legitimate	Item found in 2-spyware.com database. Related to Spy Sweeper anti-spyware...	Change status
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)	Not necessary	Fix this item because it points to a file that does not exist	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries