Results of analyzing your log

The HijackThis log analyzer beta 2 is a brand new service, so it is natural that it may have a few issues with entry descriptions and status. You can help us to improve the analyzer! If you have some information on unknown items, please share it with us and thousands of 2-Spyware.com visitors. We will carefully check your submission and approve it, if it is correct. You can also change status of entries that do not look identified correctly to you. Also feel free to post your description for existing items. We will review and add it to the analyzer's database. Thank you!

Files and registry entries considered to be safe

Legitimate items	51	64%
Not necessary items	2	3%
	53	67%

File and registry entries that can be both dangerous or safe

Questionable items	15	19%
Unknown items	12	15%
	27	34%

Files and registry entries considered to be DANGEROUS. Fix immediately!

Dangerous items

Line:	Status:	Comments:	Actions:
C:\WINDOWS\System32\smss.exe More info about file smss.exe	Legitimate		Change status
C:\WINDOWS\system32\winlogon.exe More info about file winlogon.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\services.exe More info about file services.exe	Legitimate	In most of cases it is legitimate system process, only sometimes can be used by malicious software	Change status
C:\WINDOWS\system32\lsass.exe More info about file lsass.exe	Legitimate	Process found in system process library	Change status
C:\Lotus\Notes\nslsvice.exe	Unknown	No exact entries found	Insert file into database
C:\WINDOWS\system32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\svchost.exe More info about file svchost.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\system32\spoolsv.exe More info about file spoolsv.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Intel\ASF Agent\ASFAgent.exe More info about file asfagent.exe	Legitimate	Item found in 2-spyware.com library This is an essential part of Dell OpenManage Client. This software is used to control, manage and...	Change status
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe More info about file ccsetmgr.exe	Legitimate	Item found in 2-spyware.com library An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
C:\Program Files\Symantec AntiVirus\DefWatch.exe More info about file defwatch.exe	Legitimate	Item found in 2-spyware.com library This file is a standard component of Norton AntiVirus Corporate Edition application. Process...	Change status
C:\Lotus\Notes\ntmulti.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Silver Bullet Technology\Ranger\Tools\Log Service\Rangerlogservice.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\Symantec AntiVirus\SavRoam.exe More info about file savroam.exe	Legitimate	Item found in 2-spyware.com library This is a part of some Symantec applications. It is used to provide roaming user support and...	Change status
C:\Program Files\Symantec AntiVirus\Rtvscan.exe More info about file rtvscan.exe	Legitimate	Item found in 2-spyware.com library File rtvscan.exe is an essential component of Norton AntiVirus application, published by Symantec...	Change status
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe More info about file ccevtmgr.exe	Legitimate	Item found in 2-spyware.com library ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus...	Change status
C:\WINDOWS\system32\userinit.exe More info about file userinit.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\Explorer.EXE More info about file explorer.exe	Legitimate	Process found in system process library	Change status
C:\WINDOWS\System32\DSentry.exe More info about file dsentry.exe	Legitimate	Item found in 2-spyware.com library DVD Sentry piece of software that detects DVDs and prompts the user to run the Dell installed DVD...	Change status
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe More info about file directcd.exe	Legitimate	Item found in 2-spyware.com library directcd.exe is an application process used by Roxio's Easy CD/DVD Creator when burning a CD or a...	Change status
C:\Program Files\Common Files\Symantec Shared\ccApp.exe More info about file ccapp.exe	Legitimate	Item found in 2-spyware.com library From Symantec: "ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
C:\PROGRA~1\SYMANT~2\VPTray.exe More info about file vptray.exe	Legitimate	Item found in 2-spyware.com library System tray icon for Norton Anti-Virus. Located in "C:\Program Files\NavNT\"	Change status
C:\WINDOWS\System32\hkcmd.exe More info about file hkcmd.exe	Legitimate	Item found in 2-spyware.com library hkcmd.exe is a system process related to the Hotkey Command Module for Intel Graphics Contollers....	Change status
C:\WINDOWS\System32\igfxpers.exe More info about file igfxpers.exe	Legitimate	Item found in 2-spyware.com library Related to the integrated intel graphics adapter driver.	Change status
C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Process found in system process library	Change status
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe More info about file acrotray.exe	Legitimate	Item found in 2-spyware.com library Related to Adobe Acrobat Reader program.	Change status
C:\Documents and Settings\ASB\Desktop\hijackthis_sfx.exe	Unknown	No exact entries found	Insert file into database
C:\Program Files\HijackThis\HijackThis.exe More info about file hijackthis.exe	Legitimate	Item found in 2-spyware.com library This is the main component of HijackThis security application, designed to perform system scans and...	Change status
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll More info about file acroiefavclient.dll	Legitimate	System item according to inner database The file belongs to Adobe Acrobat to display .pdf files in Internet Explorer.	Change status
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe More info about file dsentry.exe	Legitimate	Application program item according to inner database DVD Sentry piece of software that detects DVDs and prompts the user to run the Dell installed DVD...	Change status
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" More info about file directcd.exe	Legitimate	Application program item according to inner database directcd.exe is an application process used by Roxio's Easy CD/DVD Creator when burning a CD or a...	Change status
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" More info about file ccapp.exe	Legitimate	System item according to inner database From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS....	Change status
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe More info about file vptray.exe	Legitimate	Application program item according to inner database System tray icon for Norton Anti-Virus. Located in "C:\Program Files\NavNT\"	Change status
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe More info about file igfxtray.exe	Legitimate	System item according to inner database From a user: I just(hours ago) installed some newer Intel graphics drivers in my system(82810E),...	Change status
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe More info about file hkcmd.exe	Legitimate	System item according to inner database hkcmd.exe is a system process related to the Hotkey Command Module for Intel Graphics Contollers....	Change status
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe More info about file igfxpers.exe	Legitimate	Application program item according to inner database Related to the integrated intel graphics adapter driver.	Change status
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\aakervik\LOCALS~1\Temp\msprint.exe	Unknown	No exact entries found	Insert file into database
O4 - HKLM\..\Run: [44811e40] rundll32.exe "C:\WINDOWS\system32\brqsvfgr.dll",b	Unknown	No exact entries found	Insert file into database
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe More info about file ctfmon.exe	Legitimate	Application program item according to inner database When you run a Microsoft Office XP or Microsoft Office 2003 program, the file Ctfmon.exe (Ctfmon)...	Change status
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe More info about file acrotray.exe	Legitimate	Application program item according to inner database Related to Adobe Acrobat Reader program.	Change status
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE More info about file osa.exe	Legitimate	Application program item according to inner database The Office Startup Assistant (Osa.exe or OSA) is a program that improves the performance of Office...	Change status
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)	Not necessary	Fix this item because it points to a file that cannot be found	Change status
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)	Not necessary	Fix this item because it points to a file that cannot be found	Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra button in your browser - related to windows messenger.	Change status
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe	Legitimate	Legitimate extra tools menu item - related to Windows Messenger.	Change status
O11 - Options group: [INTERNATIONAL] International*	Questionable	This item represents a group added to Advanced Options tab in IE Tools > Internet Options menu. Should the item called "INTERNATIONAL" be there? If not, fix it.	Change status
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://abfst01.americanbus.com/sametime/MSJavX86.exe	Questionable	Are you using an ActiveX object with a name 'Microsoft VM' located in 'http://abfst01.americanbus.com/sametime/MSJavX86.exe'? If not, fix this item.	Change status
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} (Crystal Reports Print Control 11.0) - http://200.202.77.16/crystalreportviewers11/ActiveXControls/PrintControl.cab	Questionable	Are you using an ActiveX object with a name 'Crystal Reports Print Control 11.0' located in 'http://200.202.77.16/crystalreportviewers11/ActiveXControls/PrintControl.cab'? If not, fix this item.	Change status
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls /en/x86/client/muweb_site.cab?1184683653241	Questionable	Are you using an ActiveX object with a name 'MUWebControl Class' located in 'http://www.update.microsoft.com/microsoftupdate/v6/V5Controls /en/x86/client/muweb_site.cab?1184683653241'? If not, fix this item.	Change status
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab	Questionable	Are you using an ActiveX object with no name located in 'http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab'? If not, fix this item.	Change status
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab	Questionable	Are you using an ActiveX object with a name 'Shockwave Flash Object' located in 'http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'? If not, fix this item.	Change status
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab	Questionable	Are you using an ActiveX object with a name 'PopCapLoader Object' located in 'http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab'? If not, fix this item.	Change status
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://abfmail02.americanbus.com/dwa7W.cab	Questionable	Are you using an ActiveX object with a name 'Domino Web Access 7 Control' located in 'http://abfmail02.americanbus.com/dwa7W.cab'? If not, fix this item.	Change status
O16 - DPF: {E9CF1117-B55B-4AE2-B77D-045B4EEC1FAA} (Wells Fargo Scanner Control) - https://wellsoffice.wellsfargo.com/dsktpdp/cabinet/WFSCAN.cab	Questionable	Are you using an ActiveX object with a name 'Wells Fargo Scanner Control' located in 'https://wellsoffice.wellsfargo.com/dsktpdp/cabinet/WFSCAN.cab'? If not, fix this item.	Change status
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americanbus.com	Questionable	Do you recognize these IP addresses 'americanbus.com' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\Software\..\Telephony: DomainName = americanbus.com	Questionable	Do you recognize these IP addresses 'americanbus.com' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americanbus.com	Questionable	Do you recognize these IP addresses 'americanbus.com' as your internet provider DNS servers? If not, fix this item.	Change status
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = americanbus.com	Questionable	Do you recognize these IP addresses 'americanbus.com' as your internet provider DNS servers? If not, fix this item.	Change status
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "livecall" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL".	Change status
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL	Questionable	It may be a trace of dangerous protocol hijacker or a legitimate item. Make some research about the name "msnim" and file "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL".	Change status
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll	Legitimate	The file belongs to WMP11 Beta application.	Change status
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe More info about file asfagent.exe	Legitimate	Item found in 2-spyware.com database. This is an essential part of Dell OpenManage Client. This software is used to control, manage and...	Change status
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe More info about file ccevtmgr.exe	Legitimate	Item found in 2-spyware.com database. ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus...	Change status
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe	Legitimate	Related to Norton/Symantec AntiVirus.	Change status
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe More info about file ccsetmgr.exe	Legitimate	Item found in 2-spyware.com database. An essential component of security-related Symantec software such as Norton AntiVirus and Norton...	Change status
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE	Legitimate	Related to IBM Corporation. http://www.ibm.com/	Change status
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe More info about file defwatch.exe	Legitimate	Item found in 2-spyware.com database. This file is a standard component of Norton AntiVirus Corporate Edition application. Process...	Change status
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Lotus\Notes\nslsvice.exe	Legitimate	IBM Lotus Notes Single Logon Service - http://www.anti-spy.info/process/nslsvice.exe.html	Change status
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe	Legitimate	Related to IBM Lotus Note software.	Change status
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe More info about file netsvc.exe	Legitimate	Item found in 2-spyware.com database. netsvc.exe is a parasitic process related to the Trojan.W32.Mytob worm. This security threat grants...	Change status
O23 - Service: Ranger Log - Silver Bullet Technologies, Inc. - C:\Program Files\Silver Bullet Technology\Ranger\Tools\Log Service\Rangerlogservice.exe	Unknown	No exact entries found	Insert file into database
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe More info about file savroam.exe	Legitimate	Item found in 2-spyware.com database. This is a part of some Symantec applications. It is used to provide roaming user support and...	Change status
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe More info about file sndsrvc.exe	Legitimate	Item found in 2-spyware.com database. This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs...	Change status
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe More info about file spbbcsvc.exe	Legitimate	Item found in 2-spyware.com database. Essential component of Symantec's Norton Internet Security...	Change status
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe More info about file rtvscan.exe	Legitimate	Item found in 2-spyware.com database. File rtvscan.exe is an essential component of Norton AntiVirus application, published by Symantec...	Change status

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Recommended software:

Malwarebytes Anti Malware

(91/100)

There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...

SpyHunter

(89/100)

SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are not computer savvy, but...

Spyware Doctor

(87/100)

Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...

STOPzilla

(86/100)

STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses, and viruses....

XoftSpySE Anti Spyware

(84/100)

XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to install and use. Trial version...

Latest Spyware news:

• Carl A Someone signature loved by spammers
• State of Utah Reveals Why 780k People Records Were Stolen
• The iPhone And iPad Are Targets For Hackers
• Malicious tweets spread rogue AV infecting Android users
• Be aware about malware spread via hotel Wi-Fi connections
• SecureCloud Key Management Systems Released by Trend Micro
• Microsoft and Adobe Releases Critical Security Updates. Update Now!
• Internet Apocalypsis Upcoming - Prepare for DNSChanger Servers Closure
• Hacks Through Compromised Websites Increases Rapidly, Says Symantec
• Facebook judged for its privacy controls

Subscribe to news

Encyclopedia of parasites:

ErrorSmart 24/05/12
Windows Safety Maint... 24/05/12
Windows Multi Contro... 23/05/12
System Protection Tools 23/05/12
Redirect 22/05/12
Windows Secure Kit 2012 22/05/12
WeatherBug 21/05/12
Dugenpal 21/05/12
Komodola 21/05/12
SpyGraphica 20/05/12
Windows Private Shield 20/05/12
WinMaximizer 19/05/12
Windows Pro Safety R... 18/05/12
Stekct 18/05/12
Linfo 18/05/12
Wiarp 18/05/12
Farfli 18/05/12
Happili redirect 18/05/12
Vasport 17/05/12
SeekService.com 17/05/12

Library of files:

mrt.exe 23/05/12
taskeng.exe 23/05/12
mplayer.exe 14/04/12
ccApp.exe 20/03/12
guest.js 06/03/12
BCU.exe 20/02/12
pbupdate.exe 20/02/12
dumprep.exe 20/02/12
arp.exe 12/02/12
hero remote control.... 08/02/12

Archive of files
Archive of startup entries