hi everyone. I was trying to go through the processes as mentiones in this section n found out some X status exe's in my start up...i tried to delete them goin in safe mood but my windows almost crashed....so i reinstalled it. But dose files still running in my start up..... dey r as follow

Name: smss.exe
location : C:\WINDOWS\System32\smss.exe

Name: csrss
location: C:\WINDOWS\system32\csrss.exe

Name: Winlogon
location: C:\WINDOWS\system32\winlogon.exe

Name: wuauclt (there's anotherone wuauclt1)
location: C:\WINDOWS\system32\wuauclt.exe and wuauclt1.exe


here's is a screen shot of my current task manager: while am posting dis post :-

http://img40.imagevenue.com/img.php?image=..._122_1020lo.jpg

there must some more of dese trojan or worms but i got stuck just at the very begaining...sorry it my 1st post ever...so plz guide me through....n b easy if i did some mistakes in posting

looking forward from the fellow users....thnx in advance

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.

I'v found another one
Name: rundll32.exe
Location : C:\WINDOWS\system32\rundll32.exe


thnx for the response Admin..... btw those files r with in the system21 foleder as mentioned sir i'v chked through the start up data base... n dey all got X mark status on them.... so should i leave them like that n i'v provied a screen shot of my task amnager...plz hv a look sir..... if there's some more of these..... thnx in advance... more power to BC ...peace

Legitimate as well. So far you are all clean.

Hey admin not sure about the following one:

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


PLz hv a look on 'em...thnx in advance

This is not a startup that we monitor. If you use Windows Live i would leave this alone.



As stated inthe database, we usure if its necessary. You can experiment and tell us.

aprriciate the quick response sir

Process name: LVCom Server
Product: Logitech QuickCam or Labtec WebCam or LVCOMSX.EXE or Acer OrbiCam or Logitech Video Enumerator or Logitech Communications Manager
Company: Logitech Inc (www.logitech.com) or Labtec Inc (www.labtec.com)
File: lvcomsx.exe

If some of these files are listed in HijackThis or Ad-Aware, etc like this:

PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904

Are these legit? What are the ??? in fromt of the file paths?

Ignore the ??, just how its being read. Yes they are legit.