Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	47	68%
Not necessary items	9	13%
	56	81%

File and registry entries that can be both dangerous or safe

Questionable items	2	3%
Unknown items	10	14%
	12	17%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Norton AntiVirus\navapsvc.exe More info about file navapsvc.exe	Legitimate	Item found in 2-spyware.com library Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on...	Change status
C:\WINDOWS\System32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\Program Files\ltmoh\Ltmoh.exe More info about file ltmoh.exe	Legitimate	Item found in 2-spyware.com library Ltmoh.exe is a Modem On Hold utility. It handles incoming and outgoing calls while being connected...	Change status
C:\Program Files\Apoint2K\Apoint.exe More info about file apoint.exe	Legitimate	Item found in 2-spyware.com library Apoint.exe is related to Alps Pointing-device Driver. This process is touch-pad related and located...	Change status
C:\WINDOWS\System32\00THotkey.exe More info about file 00thotkey.exe	Legitimate	Item found in 2-spyware.com library A driver that comes preinstalled on Toshiba notebooks. It provides support for front laptop buttons.	Change status
C:\WINDOWS\System32\TPWRTRAY.EXE More info about file tpwrtray.exe	Legitimate	Item found in 2-spyware.com library A driver that comes preinstalled on Toshiba notebooks. It provides support for Toshiba's own ACPI...	Change status
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe More info about file tfncky.exe	Legitimate	Item found in 2-spyware.com library tfncky.exe is related to Toshiba laptop software. If you have a Toshiba laptop, leave this process...	Change status
C:\WINDOWS\System32\TFNF5.exe More info about file tfnf5.exe	Legitimate	Item found in 2-spyware.com library Toshiba Hotkey Utility for Display Devices - a tool that comes preinstalled on Toshiba notebooks.	Change status
C:\PROGRA~1\NORTON~1\navapw32.exe More info about file navapw32.exe	Legitimate	Item found in 2-spyware.com library Part of Norton Anti-Virus.	Change status
C:\WINDOWS\System32\ezSP_Px.exe More info about file ezsp_px.exe	Legitimate	Item found in 2-spyware.com library Installed by the Easy Systems CD & DVD writing software.	Change status
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe More info about file touched.exe	Legitimate	Item found in 2-spyware.com library A driver that comes preinstalled on Toshiba notebooks. It allows to turn on or turn off a touchpad...	Change status
C:\Program Files\Apoint2K\Apntex.exe More info about file apntex.exe	Legitimate	Item found in 2-spyware.com library Alps Pointing-device Driver. Touch-pad related. Located in "C:\Program Files\Apoint\".	Change status
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE	Unknown	No exact entries found	Insert file into database
C:\Program Files\Messenger\msmsgs.exe More info about file msmsgs.exe	Legitimate	Item found in 2-spyware.com library Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE	Unknown	No exact entries found	Insert file into database
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\System32\winlogin.exe More info about file winlogin.exe	Dangerous	Item found in 2-spyware.com library winlogin.exe is a malicious process installed and used by Randex.e worm, which spreads in the...	Change status
C:\WINDOWS\explorer.exe More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Mozilla Firefox\firefox.exe More info about file firefox.exe	Legitimate	Item found in 2-spyware.com library File firefox.exe launches Mozilla Firefox web browser, implements user interface and controls all...	Change status
C:\toshiba\ivp\ism\ivpsvmgr.exe	Unknown	No exact entries found	Insert file into database
C:\Documents and Settings\Paul\Desktop\3chars\HiJackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/	Not necessary	http://www.yahoo.com/ is your start page. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157	Not necessary	http://go.microsoft.com/fwlink/?LinkId=69157 is your Default Page URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Default Search URL. If you do not like this fact, fix this item.	Change status
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896	Not necessary	http://go.microsoft.com/fwlink/?LinkId=54896 is your Search Page. If you do not like this fact, fix this item.	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =	Not necessary	Fix this item because it points to nowhere	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =	Not necessary	This is your folder of IE toolbar links, but it points to nowhere. If you do not like this fact, fix this item.	Change status
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll	Legitimate		Change status
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx	Legitimate	legitimate bho toolbar, related to Adobe Acrobat reader	Change status
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll More info about file navshext.dll	Legitimate	Application program item according to inner database Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses...	Change status
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll	Unknown	No exact entries found	Insert file into database
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll More info about file navshext.dll	Legitimate	Application program item according to inner database Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses...	Change status
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll More info about file yt.dll	Legitimate	Application program item according to inner database Yahoo! Toolbar	Change status
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe More info about file ltmoh.exe	Legitimate	This entry runs the Modem On Hold utility, which handles incoming and outgoing calls while being connected to the Internet.	Change status
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe More info about file apoint.exe	Legitimate	Driver related item according to inner database. Apoint.exe is related to Alps Pointing-device Driver. This process is touch-pad related and located...	Change status
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe More info about file 00thotkey.exe	Legitimate	Runs a driver, which comes preinstalled on Toshiba notebooks. This driver provides support for front laptop buttons.	Change status
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe	Legitimate	Application program item according to inner database 000stthk.exe is a process installed by and related to Toshiba laptop computers. It gives the...	Change status
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE More info about file tpwrtray.exe	Legitimate	Driver related item according to inner database. A driver that comes preinstalled on Toshiba notebooks. It provides support for Toshiba's own ACPI...	Change status
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20 More info about file tfncky.exe	Legitimate	Application program item according to inner database tfncky.exe is related to Toshiba laptop software. If you have a Toshiba laptop, leave this process...	Change status
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe More info about file tfnf5.exe	Legitimate	Application program item according to inner database Toshiba Hotkey Utility for Display Devices - a tool that comes preinstalled on Toshiba notebooks.	Change status
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe More info about file navapw32.exe	Legitimate	Application program item according to inner database Part of Norton Anti-Virus.	Change status
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe More info about file ezsp_px.exe	Legitimate	Application program item according to inner database Installed by the Easy Systems CD & DVD writing software.	Change status
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe More info about file touched.exe	Legitimate	Driver related item according to inner database. A driver that comes preinstalled on Toshiba notebooks. It allows to turn on or turn off a touchpad...	Change status
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run More info about file pinger.exe	Legitimate	System item according to inner database This file is related to Pinger - a system tool, which comes pre-installed on Toshiba computers. It...	Change status
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background More info about file msmsgs.exe	Legitimate	System item according to inner database Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use...	Change status
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog	Unknown	No exact entries found	Insert file into database
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm	Not necessary	This item represents extra button in your IE toolbar with a name 'Related' and points to file 'C:\WINDOWS\web\related.htm'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Show &Related Links' and points to file 'C:\WINDOWS\web\related.htm'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll	Not necessary	This item represents extra button in your IE toolbar with a name 'Real.com' and points to file 'C:\WINDOWS\System32\Shdocvw.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll	Legitimate	This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious.	Change status
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com	Questionable	This item changes your "default" Start page in IE. It will appear if you Restore default web settings. If you are an administrator and you do not recognize address "", fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2C66FD-008A-4D10-87CA-747616FB9804}: NameServer = 210.23.235.34 210.23.234.65	Questionable	Do you recognize these IP addresses '210.23.235.34 210.23.234.65' as your internet provider DNS servers? If not, fix this item.	Change status
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe More info about file navapsvc.exe	Legitimate	Item found in 2-spyware.com database. Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on...	Change status
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe More info about file sbserv.exe	Legitimate	Item found in 2-spyware.com database. Part of Norton Anti-virus. SBServ.exe is located in "C:\Program Files\Common Files\Symantec...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries