Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	66	85%
Not necessary items	0	0%
	66	85%

File and registry entries that can be both dangerous or safe

Questionable items	5	6%
Unknown items	7	9%
	12	15%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft products. avgamsvr.exe is legitimate.	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe More info about file avgemc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\Program Files\Eset\nod32krn.exe More info about file nod32krn.exe	Legitimate	Item found in 2-spyware.com library The core component of NOD32 Antivirus System.	Change status
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com library A part of Spyware Doctor, a popular legitimate anti-spyware program.	Change status
C:\WINDOWS\system32\tcpsvcs.exe More info about file tcpsvcs.exe	Legitimate	Item found in 2-spyware.com library Microsoft TCP/IP Services, represented by tcpsvcs.exe file, are included in Windows NT 4/2000/XP...	Change status
C:\WINDOWS\System32\snmp.exe More info about file snmp.exe	Legitimate	Item found in 2-spyware.com library This file is related to SNMP Service - it is a legitimate tool, which is a part of Microsoft...	Change status
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe More info about file starwindservice.exe	Legitimate	Item found in 2-spyware.com library StarWindService.exe is a process which belongs to Alcohol 120% and provides network drive sharing...	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe More info about file avgcc.exe	Legitimate	Item found in 2-spyware.com library It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
C:\WINDOWS\system32\wscntfy.exe More info about file wscntfy.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Eset\nod32kui.exe More info about file nod32kui.exe	Legitimate	Item found in 2-spyware.com library its the Eset nod32 antivirus item its safe as far as i know	Change status
C:\Program Files\MSN Messenger\msnmsgr.exe More info about file msnmsgr.exe	Legitimate	Item found in 2-spyware.com library Microsoft Windows Messenger chat client.	Change status
C:\WINDOWS\System32\alg.exe More info about file alg.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Spyware Doctor\swdoctor.exe More info about file swdoctor.exe	Legitimate	Item found in 2-spyware.com library Main component of Spyware Doctor, a popular anti-spyware program.	Change status
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com library This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
C:\Program Files\Mozilla Firefox\firefox.exe More info about file firefox.exe	Legitimate	Item found in 2-spyware.com library File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all...	Change status
D:\Program Files\Sports Interactive\Football Manager 2007\fm.exe	Unknown	No exact entries found	Insert file into database
C:\Documents and Settings\Vendetta\Desktop\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll More info about file acroiehelper.dll	Legitimate	Application program item according to inner database File related to Adobe Acrobat Reader program.	Change status
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll More info about file ssv.dll	Legitimate	System item according to inner database Related to Java Virtual Machine software, which is legitimate.	Change status
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Legitimate	legitimate bho toolbar, related to PCTools Spyware Doctor	Change status
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd More info about file cmicnfg.cpl	Legitimate	System item according to inner database system tray access for C-Media sound cards.	Change status
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP More info about file avgcc.exe	Legitimate	System item according to inner database It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC More info about file imscinst.exe	Legitimate	Application program item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\PINTLGNT\".	Change status
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE More info about file nod32kui.exe	Legitimate	Application program item according to inner database its the Eset nod32 antivirus item its safe as far as i know	Change status
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 More info about file imjpmig.exe	Legitimate	System item according to inner database Related to Windows East Asian language support (Japanese keyboard entry). Located in...	Change status
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE More info about file imekrmig.exe	Legitimate	Application program item according to inner database The file belongs to Microsoft Office suite.	Change status
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC More info about file tintsetp.exe	Legitimate	System item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\TINTLGNT\".	Change status
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName More info about file tintsetp.exe	Legitimate	System item according to inner database Translation component from Microsoft. Located in "C:\WINDOWS\System32\IME\TINTLGNT\".	Change status
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Long name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit More info about file nvmctray.dll	Legitimate	System item according to inner database nVidia graphics cards related. NVMCTRAY.DLL is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\RunServices: [Windows Recylinder Check] kzssfkylnj.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background More info about file msnmsgr.exe	Legitimate	System item according to inner database Microsoft Windows Messenger chat client.	Change status
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q More info about file swdoctor.exe	Legitimate	Application program item according to inner database Main component of Spyware Doctor, a popular anti-spyware program.	Change status
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe	Unknown	No exact entries found	Insert file into database
O4 - Startup: Y''z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe	Questionable	questionable item according to our database	Change status
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe More info about file reader_sl.exe	Legitimate	A part of Adobe Acrobat Reader. Used to speed up the program's launch time.	Change status
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll	Legitimate	Legitimate extra button in your browser - related to Spyware Doctor.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab	Legitimate	Legitimate ActiveX item from site http://www.kaspersky.com/	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{13474596-785F-4B23-AC66-181B30DE17D8}: NameServer = 202.188.0.133,202.188.0.15	Questionable	Do you recognize these IP addresses '202.188.0.133,202.188.0.15' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS1\Services\Tcpip\..\{13474596-785F-4B23-AC66-181B30DE17D8}: NameServer = 202.188.0.133,202.188.0.15	Questionable	Do you recognize these IP addresses '202.188.0.133,202.188.0.15' as your internet provider DNS servers? If not, fix this item.	Change status
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "livecall" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL".	Change status
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "msnim" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL".	Change status
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe More info about file adskscsrv.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate file related to Autodesk licensing...	Change status
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe More info about file avgamsvr.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe More info about file avgupsvc.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe More info about file avgemc.exe	Legitimate	Item found in 2-spyware.com database. It is a part of the AVG Anti-Virus program made by Grisoft. It is also related to other Grisoft...	Change status
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe More info about file nod32krn.exe	Legitimate	Item found in 2-spyware.com database. The core component of NOD32 Antivirus...	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe More info about file sdhelp.exe	Legitimate	Item found in 2-spyware.com database. A part of Spyware Doctor, a popular legitimate anti-spyware...	Change status
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe More info about file starwindservice.exe	Legitimate	Item found in 2-spyware.com database. StarWindService.exe is a process which belongs to Alcohol 120% and provides network drive sharing...	Change status
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries