Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	48	55%
Not necessary items	4	5%
	52	60%

File and registry entries that can be both dangerous or safe

Questionable items	7	8%
Unknown items	26	30%
	33	38%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\csrss.exe More info about file csrss.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\SYSTEM32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe More info about file uguru.exe	Legitimate	Item found in 2-spyware.com library This program provides quick access to several Abit motherboard utilities. Such as: monitoring cpu...	Change status
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe More info about file opwarese2.exe	Legitimate	Item found in 2-spyware.com library The file is related to OmniPage software.	Change status
C:\Program Files\FarStone\GameDrive\gdtask.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\SOUNDMAN.EXE More info about file soundman.exe	Legitimate	Item found in 2-spyware.com library Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of...	Change status
C:\WINDOWS\system32\icasServ.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Zboard\Zboard.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\taskmon.exe More info about file taskmon.exe	Legitimate	Item found in 2-spyware.com library Taskmon.exe from Microsoft monitors the application usage. This information is later used by the...	Change status
C:\WINDOWS\system32\msdefender.exe	Unknown	No exact entries found	Insert file into database
C:\Documents and Settings\beefy\cftmon.exe More info about file cftmon.exe	Legitimate	Item found in 2-spyware.com library File cftmon.exe provides advanced language support. It allows to write in several different...	Change status
C:\WINDOWS\totacon.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\WinTV\Scheduler\TitanTV.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\hauppauge\WinTV1\Ir.exe More info about file ir.exe	Legitimate	Item found in 2-spyware.com library ir.exe is the main process for the Hauppauge Computer Works IR application. It is a legitimate and...	Change status
C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com library NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
C:\WINDOWS\system32\PnkBstrA.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe More info about file ulcdrsvr.exe	Legitimate	Item found in 2-spyware.com library Legitimate file ulcdrsvr.exe is an essential component of Ulead DVD Workshop video editing...	Change status
C:\Program Files\Canon\CAL\CALMAIN.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\wbem\wmiprvse.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\alg.exe More info about file alg.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\imapi.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\wuauclt.exe More info about file wuauclt.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
C:\WINDOWS\explorer.exe More info about file explorer.exe	Legitimate	Process found in system process library	Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partners.titantv.com/ttv/grid/grid.aspx?contentType=satellite	Not necessary	http://partners.titantv.com/ttv/grid/grid.aspx?contentType=satellite is your start page. If you do not like this fact, fix this item.	Change status
O2 - BHO: QXK Rhythm - {f09aa833-093b-4018-866a-2968357821b3} - C:\WINDOWS\fvowketqmvg.dll	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe More info about file uguru.exe	Legitimate	System item according to inner database This program provides quick access to several Abit motherboard utilities. Such as: monitoring cpu...	Change status
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" More info about file opwarese2.exe	Legitimate	Application program item according to inner database The file is related to OmniPage software.	Change status
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install More info about file nwiz.exe	Legitimate	System item according to inner database Nwiz.exe is Related to nVidia graphic cards drivers. Full name - NVIDIA nView Wizard.<br...	Change status
O4 - HKLM\..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore /Silence	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" /S	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE More info about file soundman.exe	Legitimate	System item according to inner database Related to Realtek Avance Logic soundcards. SOUNDMAN.EXE provides system tray access to a varity of...	Change status
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Zboard\Zboard.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\system32\icasServ.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [msdefender.exe] C:\WINDOWS\system32\msdefender.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe More info about file taskmon.exe	Legitimate	System item according to inner database Taskmon.exe from Microsoft monitors the application usage. This information is later used by the...	Change status
O4 - HKLM\..\Run: [40b66611] rundll32.exe "C:\WINDOWS\system32\kxuicfri.dll",b	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup More info about file nvcpl.dll	Legitimate	System item according to inner database Related to nVidia cards. NvCpl.dll is located in "C:\WINDOWS\SYSTEM\" on Windows 95/98/ME,...	Change status
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe More info about file spools.exe	Dangerous	Spyware related item according to inner database The spools.exe file is installed and used by Win-Spy. This process silently works in background and...	Change status
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\beefy\cftmon.exe More info about file cftmon.exe	Legitimate	Application program item according to inner database File cftmon.exe provides advanced language support. It allows to write in several different...	Change status
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"	Questionable	questionable item according to our database	Change status
O4 - HKCU\..\Run: [totacon] C:\WINDOWS\totacon.exe	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe More info about file spools.exe	Dangerous	Spyware related item according to inner database The spools.exe file is installed and used by Win-Spy. This process silently works in background and...	Change status
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\beefy\cftmon.exe More info about file cftmon.exe	Legitimate	Application program item according to inner database File cftmon.exe provides advanced language support. It allows to write in several different...	Change status
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe	Unknown	No exact entries found	Insert file into database
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe More info about file adobe gamma loader.exe	Legitimate	Application program item according to inner database From adobe: "The Adobe Gamma Control Panel is used to eliminate color casts in a monitor's display....	Change status
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\hauppauge\WinTV1\Ir.exe More info about file ir.exe	Legitimate	Application program item according to inner database ir.exe is the main process for the Hauppauge Computer Works IR application. It is a legitimate and...	Change status
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll	Legitimate	Legitimate button in your browser - related to Java software.	Change status
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Sun Java Console' and points to file 'C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll	Not necessary	This item represents extra button in your IE toolbar without name and points to file 'C:\Program Files\Spybot'. If you do not want it to be there, fix this item.	Change status
O9 - Extra ''Tools'' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll	Not necessary	This item represents extra menu item in your Tools menu in IE with a name 'Spybot' and points to file '{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}'. If you do not want it to be there, fix this item.	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BACBBA9-1F2A-4C5F-8E57-335054D22228}: NameServer = 208.67.220.220,208.67.222.222	Questionable	Do you recognize these IP addresses '208.67.220.220,208.67.222.222' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C99E94-77A9-491C-85BB-E544D52470FF}: NameServer = 208.67.220.220,208.67.222.222	Questionable	Do you recognize these IP addresses '208.67.220.220,208.67.222.222' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5550AA3-560B-412A-B683-1FF94BD2D524}: NameServer = 208.67.220.220,208.67.222.222	Questionable	Do you recognize these IP addresses '208.67.220.220,208.67.222.222' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222	Questionable	Do you recognize these IP addresses '208.67.220.220,208.67.222.222' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.62	Questionable	Do you recognize these IP addresses '85.255.113.125 85.255.112.62' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222	Questionable	Do you recognize these IP addresses '208.67.220.220,208.67.222.222' as your internet provider DNS servers? If not, fix this item.	Change status
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll	Unknown	No exact entries found	Change status
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll	Unknown	No exact entries found	Change status
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll	Legitimate	The file belongs to WMP11 Beta application.	Change status
O21 - SSODL: mpfanvqg - {FC5CB77E-7133-4710-97ED-07521C355EDE} - C:\WINDOWS\mpfanvqg.dll	Unknown	No exact entries found	Change status
O21 - SSODL: kBqxUJVkox - {40B666BF-EA1C-CC15-2D57-C6AE69F13631} - C:\WINDOWS\System32\lndfj.dll	Unknown	No exact entries found	Change status
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe	Legitimate	Related to Macrovision Corporation.	Change status
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe More info about file nvsvc32.exe	Legitimate	Item found in 2-spyware.com database. NVIDIA related software. nvsvc32.exe is an executable file that is responsible for launching...	Change status
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: Task Scheduler (Schedule) - www.icq-x.ru - C:\WINDOWS\system32\drivers\spools.exe More info about file spools.exe	Dangerous	Item found in 2-spyware.com database. The spools.exe file is installed and used by Win-Spy. This process silently works in background and...	Change status
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe More info about file ulcdrsvr.exe	Legitimate	Item found in 2-spyware.com database. Legitimate file ulcdrsvr.exe is an essential component of Ulead DVD Workshop video editing...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries