Not Sure What To Do

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about.

The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information.

The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here.

These are both amazing contests and I suggest everyone submit an entry for them.

- BleepingComputer Management

BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database

Not Sure What To Do, Winlogon, csrss, smss wuauclt

Options

slashdot View Member Profile	Mar 31 2008, 06:13 AM Post #1
Member Group: Members Posts: 19 Joined: 27-March 08 Member No.: 199,268	hi everyone. I was trying to go through the processes as mentiones in this section n found out some X status exe's in my start up...i tried to delete them goin in safe mood but my windows almost crashed....so i reinstalled it. But dose files still running in my start up..... dey r as follow Name: smss.exe location : C:\WINDOWS\System32\smss.exe Name: csrss location: C:\WINDOWS\system32\csrss.exe Name: Winlogon location: C:\WINDOWS\system32\winlogon.exe Name: wuauclt (there's anotherone wuauclt1) location: C:\WINDOWS\system32\wuauclt.exe and wuauclt1.exe here's is a screen shot of my current task manager: while am posting dis post :- http://img40.imagevenue.com/img.php?image=..._122_1020lo.jpg there must some more of dese trojan or worms but i got stuck just at the very begaining...sorry it my 1st post ever...so plz guide me through....n b easy if i did some mistakes in posting looking forward from the fellow users....thnx in advance

Grinler View Member Profile	Mar 31 2008, 11:41 AM Post #2
Bleep Bleep! Group: Admin Posts: 29,441 Joined: 24-January 04 From: USA Member No.: 3	All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder. -------------------- Lawrence

slashdot View Member Profile	Mar 31 2008, 09:18 PM Post #3
Member Group: Members Posts: 19 Joined: 27-March 08 Member No.: 199,268	QUOTE(Grinler @ Mar 31 2008, 11:41 AM) All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder. I'v found another one Name: rundll32.exe Location : C:\WINDOWS\system32\rundll32.exe thnx for the response Admin..... btw those files r with in the system21 foleder as mentioned sir i'v chked through the start up data base... n dey all got X mark status on them.... so should i leave them like that n i'v provied a screen shot of my task amnager...plz hv a look sir..... if there's some more of these..... thnx in advance... more power to BC ...peace This post has been edited by slashdot: Mar 31 2008, 09:24 PM

Grinler View Member Profile	Apr 1 2008, 11:12 AM Post #4
Bleep Bleep! Group: Admin Posts: 29,441 Joined: 24-January 04 From: USA Member No.: 3	Legitimate as well. So far you are all clean. -------------------- Lawrence

slashdot View Member Profile	May 8 2008, 04:03 AM Post #5
Member Group: Members Posts: 19 Joined: 27-March 08 Member No.: 199,268	Hey admin not sure about the following one: Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer) Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe Name: LVCOMSX.EXE Location : "C:\WINDOWS\system32\LVCOMSX.EXE" PLz hv a look on 'em...thnx in advance

Grinler View Member Profile	May 8 2008, 06:13 AM Post #6
Bleep Bleep! Group: Admin Posts: 29,441 Joined: 24-January 04 From: USA Member No.: 3	QUOTE Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer) Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe This is not a startup that we monitor. If you use Windows Live i would leave this alone. QUOTE Name: LVCOMSX.EXE Location : "C:\WINDOWS\system32\LVCOMSX.EXE" As stated inthe database, we usure if its necessary. You can experiment and tell us. -------------------- Lawrence

slashdot View Member Profile	May 8 2008, 09:11 PM Post #7
Member Group: Members Posts: 19 Joined: 27-March 08 Member No.: 199,268	aprriciate the quick response sir

eLenka View Member Profile	Jun 10 2008, 03:45 PM Post #8
Member Group: Members Posts: 97 Joined: 29-May 08 From: Dnepropetrovsk Member No.: 212,551	Process name: LVCom Server Product: Logitech QuickCam or Labtec WebCam or LVCOMSX.EXE or Acer OrbiCam or Logitech Video Enumerator or Logitech Communications Manager Company: Logitech Inc (www.logitech.com) or Labtec Inc (www.labtec.com) File: lvcomsx.exe

WickedGirl View Member Profile	Aug 6 2008, 08:30 PM Post #9
New Member Group: Members Posts: 6 Joined: 28-May 08 Member No.: 212,231	If some of these files are listed in HijackThis or Ad-Aware, etc like this: PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe size: 507904 Are these legit? What are the ??? in fromt of the file paths?

Grinler View Member Profile	Aug 7 2008, 09:25 AM Post #10
Bleep Bleep! Group: Admin Posts: 29,441 Joined: 24-January 04 From: USA Member No.: 3	QUOTE(WickedGirl @ Aug 6 2008, 09:30 PM) If some of these files are listed in HijackThis or Ad-Aware, etc like this: PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe size: 507904 Are these legit? What are the ??? in fromt of the file paths? Ignore the ??, just how its being read. Yes they are legit. -------------------- Lawrence

WickedGirl View Member Profile	Aug 22 2008, 04:49 AM Post #11
New Member Group: Members Posts: 6 Joined: 28-May 08 Member No.: 212,231	Hello Grinler! Thank you very much for responding. I think that I have figured out that the ??? are a type of wildcard. It enables the item mentioned in the file path to be addressed in all profiles created within Windows. I think this is it anyway!

« Next Oldest · Windows Startup Programs Database · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 2nd December 2008 - 02:45 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides