Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	41	42%
Not necessary items	6	6%
	47	48%

File and registry entries that can be both dangerous or safe

Questionable items	13	13%
Unknown items	37	38%
	50	51%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
D:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\system32\services.exe More info about file services.exe	Questionable	This item can be legitimate or spyware related, depending on its location and other factors. Make some further research on it.	Change status
D:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe More info about file issch.exe	Legitimate	Item found in 2-spyware.com library Executable issch.exe is a standard component of InstallShield software. It is used to connect to...	Change status
D:\Program Files\iTunes\iTunesHelper.exe More info about file ituneshelper.exe	Legitimate	Item found in 2-spyware.com library Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\".	Change status
D:\Program Files\Java\jre6\bin\jusched.exe More info about file jusched.exe	Legitimate	Item found in 2-spyware.com library Checks if there are new versions of Java available.	Change status
D:\Program Files\Common Files\Real\Update_OB\realsched.exe More info about file realsched.exe	Legitimate	Item found in 2-spyware.com library Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
D:\Program Files\DrWeb\spiderml.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\DrWeb\DRWEBSCD.EXE	Unknown	No exact entries found	Insert file into database
D:\PROGRA~1\DrWeb\spidernt.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\PC Tools Internet Security\pctsTray.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Google\Google Talk\googletalk.exe More info about file googletalk.exe	Legitimate	Item found in 2-spyware.com library Main component of Google Talk	Change status
D:\WINDOWS\System32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
D:\Program Files\Registry Mechanic\RegMech.exe More info about file regmech.exe	Legitimate	Item found in 2-spyware.com library Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
C:\Program Files\WordWeb\wweb32.exe	Unknown	No exact entries found	Insert file into database
D:\WINDOWS\Integrator.exe More info about file integrator.exe	Legitimate	Item found in 2-spyware.com library integrator.exe is an application process related to TuneUp Utilities 2006. It is a legitimate...	Change status
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Java\jre6\bin\jqs.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE More info about file mdm.exe	Legitimate	Item found in 2-spyware.com library mdm.exe is a system process - Machine Debug Manager. Used by developers. Located in "C:\PROGRAM...	Change status
D:\Program Files\PC Tools Internet Security\pctsAuxs.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\PC Tools Internet Security\pctsSvc.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com library This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
D:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe	Unknown	No exact entries found	Insert file into database
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
D:\WINDOWS\System32\reader_s.exe	Unknown	No exact entries found	Insert file into database
D:\WINDOWS\system32\25.tmp	Unknown	No exact entries found	Insert file into database
D:\Documents and Settings\Prasad\reader_s.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Mozilla Firefox\firefox.exe More info about file firefox.exe	Legitimate	Item found in 2-spyware.com library File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all...	Change status
D:\WINDOWS\system32\2B.tmp	Unknown	No exact entries found	Insert file into database
C:\Program Files\Internet Download Manager\IDMan.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Internet Download Manager\IEMonitor.exe	Unknown	No exact entries found	Insert file into database
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
D:\WINDOWS\System32\wbem\wmiprvse.exe	Legitimate	Process found in system process library	Change status
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c:/rapidhacker.dll	Unknown	No exact entries found	Change status
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com	Questionable	Do you want an URL address "advanced-virus-remover2009.com" to be redirected to "92.241.176.188" when you type it? If not, then fix this
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com	Questionable	Do you want an URL address "www.advanced-virus-remover2009.com" to be redirected to "92.241.176.188" when you type it? If not, then fix this
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com	Questionable	Do you want an URL address "advanced-virus-remover2009.com" to be redirected to "92.241.176.188" when you type it? If not, then fix this
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com	Questionable	Do you want an URL address "www.advanced-virus-remover2009.com" to be redirected to "92.241.176.188" when you type it? If not, then fix this
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll More info about file orbitcth.dll	Legitimate	Application program item according to inner database Orbit Downloader	Change status
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll	Legitimate	legitimate bho toolbar, related to Internet Download Manager	Change status
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll More info about file rpbrowserrecordplugin.dll	Legitimate	System item according to inner database RealPlayer plug in	Change status
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll More info about file msdxm.ocx	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" More info about file reader_sl.exe	Legitimate	Application program item according to inner database reader_sl.exe is Related to Adobe Acrobat Reader.	Change status
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup	Questionable	questionable item according to our database	Change status
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start More info about file issch.exe	Legitimate	Application program item according to inner database Executable issch.exe is a standard component of InstallShield software. It is used to connect to...	Change status
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime More info about file qttask.exe	Legitimate	Application program item according to inner database Provides system tray access to Apple's Quicktime Player. Located in "C:\Program Files\QuickTime\"....	Change status
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" More info about file ituneshelper.exe	Legitimate	Application program item according to inner database Related to Apple's iTunes for Windows. Located in "C:\Program Files\iTunes\".	Change status
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" More info about file jusched.exe	Legitimate	Application program item according to inner database Checks if there are new versions of Java available.	Change status
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot More info about file realsched.exe	Legitimate	Application program item according to inner database Related to Real-One player. Located in "C:\Program Files\Common Files\Real\Update_OB\".	Change status
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "D:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [SpIDerMail] "D:\Program Files\DrWeb\spiderml.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [DrWebScheduler] "D:\Program Files\DrWeb\DRWEBSCD.EXE"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [SpIDerNT] D:\PROGRA~1\DrWeb\spidernt.exe /agent	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\PC Tools Internet Security\pctsTray.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [reader_s] D:\WINDOWS\System32\reader_s.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [servises] D:\WINDOWS\System32\servises.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart More info about file googletalk.exe	Legitimate	Application program item according to inner database Main component of Google Talk	Change status
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Prasad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H More info about file regmech.exe	Legitimate	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKLM\..\Policies\Explorer\Run: [servises] D:\WINDOWS\System32\servises.exe	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKUS\S-1-5-18\..\Run: [reader_s] D:\Documents and Settings\Prasad\reader_s.exe (User ''SYSTEM'')	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKUS\S-1-5-18\..\Run: [servises] D:\WINDOWS\System32\servises.exe (User ''SYSTEM'')	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] D:\WINDOWS\System32\servises.exe (User ''SYSTEM'')	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKUS\.DEFAULT\..\Run: [reader_s] D:\Documents and Settings\Prasad\reader_s.exe (User ''Default user'')	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] D:\WINDOWS\System32\servises.exe (User ''Default user'')	Questionable	Application program item according to inner database Main component of Registry Mechanic, a popular registry cleaner for Windows.	Change status
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe	Unknown	No exact entries found	Insert file into database
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe	Unknown	No exact entries found	Insert file into database
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm	Not necessary	Do you want item 'Download all links with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm	Not necessary	Do you want item 'Download FLV video content with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm	Not necessary	Do you want item 'Download with IDM' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item.	Change status
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL	Not necessary	This item represents extra button in your IE toolbar with a name 'Research' and points to file 'C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm	Not necessary	This item represents extra button in your IE toolbar with a name 'Related' and points to file 'D:\WINDOWS\web\related.htm'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Show &Related Links' and points to file 'D:\WINDOWS\web\related.htm'. If you do not want it to be there, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA53C79-7C0E-44DB-882A-497CA015EF2E}: NameServer = 192.168.2.2	Questionable	Do you recognize these IP addresses '192.168.2.2' as your internet provider DNS servers? If not, fix this item.	Change status
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Google Update Service (gupdate1c9deb698b2ad87) (gupdate1c9deb698b2ad87) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe More info about file ipodservice.exe	Legitimate	Item found in 2-spyware.com database. This is a legitimate component of iTunes music program. It offers wide range of music playing and...	Change status
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsAuxs.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsSvc.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - D:\PROGRA~1\DrWeb\SpiderNT.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: ThreatFire - PC Tools - D:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - D:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe	Unknown	No exact entries found	Insert file into database

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries