HiJackThis! Log auto analyzer V2

Old Version of HijackThis
We suggest you upgrade to the latest version of HijackThis (version 2.0.4") at www.merijn.org

Smss.exe
What is it?
Session Manager SubSystem - smss.exe

What does it do?
smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).

Additional Reading:
Smss.exe does not resolve forward references in environment

You will not be able to end this through task manager!

More info

Virus Precaution:

The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.

Adware.Advision - Symantec Corporation
Adware.DreamAd - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
W32.Dalbug.Worm - Symantec Corporation
W32.Resdoc - Symantec Corporation

Winlogon.exe

What is it?
Windows Logon Process - Winlogon.exe

What does it do?
Direct Quote from here:
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.

Search MS for more info: Link

Virus Precaution:
The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.

Troj/Madr-B @ Sophos
Netsky.D @ Trend Micro

services.exe
services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.

lsass.exe
What is it?
Local Security Authentication Server - lsass.exe

What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS

The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.

Svchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
http://support.microsoft.com/?kbid=314056

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

MsMpEng.exe
MsMpEng.exe is one of the core files to windows defender which is the microsoft anti spyware software.

Svchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

More Info
More Info

EvtEng.exe
EvtEng.exe belongs to EvtEng Module to provide additional support to your Intel Wireless hardware. If you're not using your wireless hardware feel free to remove this.

S24EvMon.exe
S24EvMon.exe is used in the situations where you have a wireless and wired LAN connection at the same time. It acts like a software "bridge" to use the bandwidth of both connections at the same time.

vsmon.exe

What is it?
True Vector Internet Monitor - vsmon.exe

What does vsmon.exe do?
This process is associated with Zone Alarm's personal firewall. This is the process that runs in the background and sends you the alert messages anytime an application either breaks one of the already created rules or it doesn't have a rule in place already so you have to "train it".

It is highly suggested that you use a firewall application like this one.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of vsmon.exe is: %windows%systemvsmon.exe

At this time There's quite a few viruses running around using this filename!
for vsmon.exe

Also .

ccsetmgr.exe

What Is It?

Norton Security - ccsetmgr.exe

What Does ccsetmgr.exe Do?

This is one of MANY processes that are used by Norton Security (AV + Net Security) If its under the appropriate directory you'll have nothing to worry about. If you're experiencing slowdowns you'll want to upgrade your hard drive and/or your RAM. Norton is a resource hog.

Virus Precautions:
The normal location of ccsetmgr.exe is: C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDccsetmgr.exe

ZCfgSvc.exe

What is it?

ZCfgSvc.exe is part of intell wireless network adapters proset utility. It is included with the installation of the drivers?and included with the?OEM install of PC?notebooks with Intel Cintrino technology

What does it do?

Allows monitoring and configuration of the wireless connection.

More info:

You can read more about Intel wireless technology's proset utility?and Cintrino device drivers[url=http://support.intel.com/support/wireless/wlan/sb/CS-010623.htm]@ intel.com[/url]

ccevtmgr.exe

What Is It?

Norton Security - ccEvtMgr.exe

What Does ccevtmgr.exe Do?

This particular process is the event log manager which monitors the virus scanning process and will trigger the alert process as needed.

Virus Precautions:
The normal location of ccevtmgr.exe is: C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDccevtmgr.exe

1XConfig.exe

What is it?

1XConfig.exe is?associated with?shuttle multimedia device?drivers, software?or?USB utillities.

What does it do?

Provides a tray icon to access and config shuttle multimedia?utillities,?Monitor usb devices, connections?or?configuration.

More info:

Might have been included with software utilities for a Shuttle X?PC, an?OEM slim PC or other add on device,?more specifically USB card readers.

?Not certain about this file,?ask?[url=www.google.com]google[/url]

explorer.exe

What is it?
Windows Explorer - explorer.exe

What does it do?
explorer.exe - Below is a direct quote from Microsoft found on THIS page:

This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.

I have found that stopping this process is needed sometimes to stop some other processes.

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Deloder-A @ Sophos
MyDoom.B @ Symantec

Spoolsv.exe

What is it?
SPOOLer SerVice - spoolsv.exe

What does it do?
spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs

You will be able to end this through task manager!

More info

Virus Precaution:
The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.

Backdoor.Ciadoor.B - Symantec Corporation
Hacktool.Privshell - Symantec Corporation
VBS.Masscal.Worm (vbs) - Symantec Corporation
Graybird-A @ Sophos

acs.exe

What is it?

acs.exe is associated with the Atheros configuration service.

What does it do?

used for configuring wireless network connections.

More info:

ALUSchedulerSvc.exe

What is it?

ALUSchedulerSvc.exe or "Live Update" is associated with Symantec's�security software.

What does it do?

Symantec Live Update Scheduler handles�regularly scheduled�automatic software and virus definition updates.

More info:

Read more about Symantec's applications @ symantec.com

btwdins.exe

What is it?

btwdins.exe is an?application for bluetooth wireless communication devices.

What does it do?

Senses the presence of bluetooth enabled devices in the area of?the PC that is equiped with the?bluetooth transceiver.

There are over 1200 unique Bluetooth enabled products on the market ranging from automobiles to personal computers, mobile phones to pulse oximeters. There are over 2000 companies, worldwide, that build Bluetooth wireless technology into their products.

More info:

http://www.bluetooth.com/help/tech.asp

[url=http://www.microsoft.com/hardware/mouseandkeyboard/features/bluetooth.mspx]www.microsoft.com[/url]?bluetooth info

DefWatch.exe
DefWatch.exe is a part of Norton Antivirus. By Symantec Corporation and is the virus definition monitor that will make sure your virus definitions do not get too horribly outdated. You should leave this process running so your definitions don't get out of date.

OProtSvc.exe

What is it?

OProtSvc.exe is associated with Intel Proset wireless software.

What does it do?

More info:

IoctlSvc.exe
IoctlSvc.exe - This third party application seems to be harmless, currentely not sure what it does.

RegSrvc.exe
RegSrvc.exe is a part of the Intel PROSet drivers and is used by your wireless connection. Ending this process may cause your network connection to quit working properly.

Svchost.exe

What is it?
Service Host Process - svchost.exe

What does it do?

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

More Info
More Info

rtvscan.exe

What is it?
Real Time Virus scan (Symantec Security) - rtvscan.exe

What does it do?
Symantec Internet Security Suite is taking Norton AV to another level and scan the files as they enter your system instead of the usual scan right after they hit your system. You should not end this process if you have it running.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe

Also .

igfxtray.exe

What is it?
Intel Graphics Tray- igfxtray.exe

What does it do?
igfxtray.exe? - This application gives you easy access to your Intel graphics configuration by giving options to you in the system tray.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:WINNTSystem32igfxtray.exe

hkcmd.exe

What is it?
Intel's HotKey Command - hkcmd.exe

What does hkcmd.exe do?
Not much data has been found on this. It seems like every manufacturer has their own hotkey programming application and this is the one brought to you by Intel.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of hkcmd.exe is C:WINDOWSSystem32hkcmd.exe

At this time no viruses were found running as this process. You will want to check since new bugs come through daily.

Also .

SynTPLpr.exe
SynTPLpr.exe is Synaptics touchpad driver helper. Required for touchpad features to work. More information can be found here.

Quote:

Synaptics TouchPad? devices are touch-sensitive pads that sense the position of a person's finger on its surface to provide screen navigation, cursor movement, and a platform for interactive input. Synaptics TouchPad devices are the industry leading solution, known for their durability, reliability, and accuracy. Synaptics TouchPad solutions can be custom designed to meet your requirements for sizes, thickness, feature functionality and electrical interfaces.

Synaptics TouchPad devices also offer advanced device driver features that allow end users to customize their TouchPad device settings to meet their individual preferences.

SynTPEnh.exe
SynTPEnh.exe is Synaptics touchpad driver helper. Required for touchpad features to work. More information can be found here.

Quote:

Synaptics TouchPad devices also offer advanced device driver features that allow end users to customize their TouchPad device settings to meet their individual preferences.

wlanutil.exe
wlanutil.exe - This is a wireless LAN configuration utility.

ACU.exe
We Don't know! Please post a comment with information about this file

ifrmewrk.exe
ifrmewrk.exe - This is a process with Intel/Pro wireless software.

EOUWiz.exe
EOUWiz.exe - This process is not visible it can be uninstalled in the control panel, this starts when Windows starts but is is not A Windows core program, this is able to record inputs, the danger with this process is 6%.

jusched.exe

What is it?
Java Update Scheduler - jusched.exe

What does it do?
jusched.exe - This is Sun's Java automatic update utility. If you would like to disable this scheduler then go to your control panel and click on the java module. The go to the updates tab and uncheck "check for updates automatically".

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of jusched.exe is C:Program FilesJavaj2re1.4.2_04injusched.exe. Obviously j2re1.4.2_04 is the version number. At this time my search shows nothing that you need to worry about..

PLBkMon.exe
We Don't know! Please post a comment with information about this file

HotfixQ0306270.exe
We Don't know! Please post a comment with information about this file

PicasaMediaDetector.exe
PicasaMediaDetector.exe is Picasa an automated photo organizer. More information can be found here.

Quote:
A free software download from Google.

Picasa is software that helps you instantly find, edit and share all the pictures on your PC. Every time you open Picasa, it automatically locates all your pictures (even ones you forgot you had) and sorts them into visual albums organized by date with folder names you will recognize. You can drag and drop to arrange your albums and make labels to create new groups. Picasa makes sure your pictures are always organized.

ccApp.exe

What Is It?

Norton Security - ccApp.exe
?

What Does it Do?

ccapp.exe - This is one of MANY processes that are used by Norton Security (AV + Net Security) If its under the appropriate directory you'll have nothing to worry about. If you're experiencing slowdowns you'll want to upgrade your hard drive and/or your RAM. Norton is a resource hog.

This process is referred to as Common Client App which is also used by auto protect and email checking.

Virus Precautions:
The normal location of ccapp.exe is: C:Program FilesCommon FilesSymantec Sharedccapp.exe

vptray.exe

What is it?
Norton AV Tray icon- vptray.exe

What does it do?
This executable belongs to Norton Antivirus and is nothing more than a try icon which gives you quicker access to various settings. I hate cluttered task bars so I personally would end this task from my startup list.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesSymantec_Client_SecuritySymantec AntiVirusvptray.exe

VM_STI.EXE

This is a valid program that is bundled with many digital cameras that use a USB connection. It is unknown at this time whether or not it is needed to run.

MSASCui.exe
MSASCui.exe is a part of the windows defender program which runs in the background to protect you from spyware.

zlclient.exe

What is it?
Zone Alarm - zlclient.exe

What does it do?
zlclient.exe is a part of Zone Labs Internet Security. You should not end this process for any reason. This is the firewall I use behind my router as a second level of protection. The most important part of this is having to give permission to applications before they access the internet in any way. routers and the windows firewall have a tendency to allow anything out and only blocking inbound connections.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program Filesone LabsoneAlarmzlclient.exe

iTunesHelper.exe
iTunesHelper.exe belongs to Apples Itunes which is an online MP3 store. Ituneshelper.exe will play the music and it also monitors for when you plug your ipod in so it can transfer files over to it.

Ipod's rock... Even with the horrible U2... U2 sucks and Bono needs to keep his mouth shut and out of politics. Nobody cares what a musician thinks.

Oh wait, Bono isn't a musician....

iPodService.exe
iPodService.exe monitors for when you connect your ipod. see also ituneshelper.exe. Ipods are great and if you own one you are slightly cooler than me.

DesktopWeather.exe
DesktopWeather.exe - This is the weather channels desktop program.

ctfmon.exe

What is it?
Language bar AKA Alternative User Input Services - ctfmon.exe

What does it do?
ctfmon.exe - it's an ever annoying helper tool that comes rather unexpectedly at times and liked by nearly nobody.

Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.

Loads of information can be found on microsoft's site here.

Unless you're using anything in that list above you'll want to stop this file from loading!

How do I get rid of it?
There's been a number of threads in our forum as well as others about this. A typical thread can be found here.

control panel --> regional and language options --> languages tab --> details button --> language bar button

Virus Precaution:
Just like so many of the other files I've written about so far, ctfmon.exe is located in the c:windowsSystem32ctfmon.exe. At the time of this writing there isn't any spyware, viruses or anything like that masking itself as this file. If you find any info on one then please let me know!

acrotray.exe

What is it?
Adobe Acrobat Distiller - acrotray.exe

What does it do?
While printing large files to the PDF format this process may consume large chunks of your CPU. Do not end this process if you're printing something to PDF.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe

Also .

BTTray.exe
BTTray.exe is a System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device

wweb32.exe
wweb32.exe - This process is from WordWeb thesaurus/dictionary, this is non esential only terminate if causing problems.

wuauclt.exe

What is it?
Windows Update Automatic Client - wuauclt.exe

What does it do?
wuauclt.exe - This is used by the automatic update tool in Windows ME to check the Windows Update site every so often to see if any updates need to be installed.

More Info
More Info

Virus Precaution:
The original wuauclt.exe from Microsoft gets placed in the Located at C:WINDOWSSystem32wuauclt.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

.

Backdoor.Clt @ Symantec Corporation
Troj/Cult-B @ Sophos

iexplore.exe

What is it?
Internet Explorer - iexplore.exe

What does iexplore.exe do?
This is the main executable to the browser brought to you by Microsoft. If you're using this then please look into Firefox. This browser is a security hazard

Microsoft's information page.

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of iexplore.exe is C:Program FilesInternet Exploreriexplore.exe There's a LOT of bugs you need to worry about if the exe is running in any location other than that one.

search Trend Micro.

iexplore.exe

HijackThis.exe
This is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here.

Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

AcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader http://www.adobe.com/products/acrobat/reads
AcroIEhelper.ocx AcroIEhelper.dll - Adobe Acrobat reader http://www.adobe.com/products/acrobat/readstep2.html

SDhelper.dll - SpyBot Search&Destroy http://www.safer-networking.org/index.php
SDhelper.dll - SpyBot Search&Destroy http://www.safer-networking.org/index.php

Unnamed BHO
ssv.dll - Related to Sun_Java_software http://java.com/en/download/index.jsp

IgfxTray
"System Tray access to display settings for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled

HotKeysCmds
"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled

SynTPLpr
"Synaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads

SynTPEnh
"Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

ACU
"Atheros wireless Client Utility"

IntelWireless
Associated with the Intel PRO/Set Wireless software

EOUApp
Intel ProSET Wireless related - provides additional configuration options for these devices

SunJavaUpdateSched
"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

PLFFAP
"Prolific Technology Inc. USB Flash Disk driver - is it required in startup?"

Picasa Media Detector
"Media detector for Picasa's automatic photo organizer"

QuickTime Task
System Tray access to Apple's "Quick Time" viewer from version 5 onwards

ccApp
"Part of earlier versions of Norton AntiVirus - Auto-protect and E-mail check will not function without this"

vptray
"System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here"

BigDogPath
"Bundled with some software for digital cameras that use a USB connection - what does it do and is it required?"

Windows Defender
"Main user interface for Microsoft's Windows Defender on XP/Vista - which ""helps protect your computer against pop-ups

Zone Labs Client
"Firewall program from Zonelabs. Pro version inlcudes other online security options"

iTunesHelper
Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation

DW4
"Desktop Weather 4 by The Weather Channel - provides current temperature

Ctfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"

Internet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness

Sun Java Console
Related to Sun Java

ieSpell
ieSpell - A Spell Checker for Internet Explorer

ieSpell Options
Related to ieSpell - A Spell Checker for Internet Explorer. Note: The entry's name may also be (no file)

Research
Microsoft Office related

@btrez.dll-401x
BlueTooth

File Missing
When a file is missing, you should always have HijackThis fix the item.

Windows Messenger
Related to Microsoft's Windows Messenger.

IE Advanced Options
This is rarely modified by programs.

Unnamed BHO
http://www.truedoc.com

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

Unnamed BHO
yinst0401.cab - Yahoo Messenger Installer

muweb_site.cab
Microsoft Windows Update more here

Unnamed BHO
http://messenger.yahoo.com

Unnamed BHO
http://messenger.msn.com

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

Internet Settings
These may not be bad if your internet connection is set manually

File Missing
When a file is missing, you should always have HijackThis fix the item.

Extra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these

AppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.

ShellServiceObjectDelayLoad Registry key autorun
HJT automatically weeds out the good ones here so we'll flag this as bad. Consult a HJT expert before cleaning anything.

Atheros Configuration Service
related to Atheros Wireless LAN

Automatic LiveUpdate Scheduler
Related to to the Symantec LiveUpdate service which updates your Symantec products periodically.

Bluetooth Service
Bluetooth Service

Symantec Event Manager

Symantec Life Update service used for auto updating symantec products in the background. Commonly in \%Program Files%\Common Files\Symantec Shared\

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

Symantec Settings Manager

Norton/symantec settings manager. There has been a couple known problem files using this startup name. Check the folder this file is running from.

Symantec AntiVirus Definition Watcher
Related to Symantec AntiVirus Software.

EvtEng
Related to Intel Corporation http://www.what-process.com/process-info.aspx?p=EvtEng.exe

Google Updater Service
(gusvc) - Google - commonly found in a location like this: C:Program Files (x86)GoogleCommonGoog

InstallDriver Table Manager
Related to Macrovision Corporation.

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

LiveUpdate
Related to Norton Internet securty suite and provides up to date antivirus data for your Norton Anti

OwnershipProtocol
Related to PROSet Wireless Software from Intel

PLFlash DeviceIoControl Service
Related to PLFlash_DeviceIoControl Service from Prolific Technology Inc. Note: located in C:WindowsS

RegSrvc
Intel PROset

File Missing
When a file is missing, you should always have HijackThis fix the item.

Spectrum24 Event Monitor
Intel Corporation

SAVRoam
Related to Norton/Symantec AntiVirus

Symantec Network Drivers Service

Norton Personal Firewall and Norton Internet Security. believed to be the email scanner.

Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

Symantec AntiVirus
Related to Symantec AntiVirus

TrueVector Internet Monitor
Zone Alarm Firewall