Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

task manager


  • Please log in to reply
10 replies to this topic

#1 japri

japri

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 08 April 2005 - 12:19 PM

I have alot of processes running in task manager. I would like to know which ones need to stay and which ones can go. Thanks

BC AdBot (Login to Remove)

 


#2 LoLucky

LoLucky

  • Members
  • 331 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 08 April 2005 - 12:24 PM

how bout listing them so we can reply with what your looking for. =)
if its listed multiple times please still list them.
Also posting which Operating System would help greatly.

Edited by LoLucky, 08 April 2005 - 12:25 PM.


#3 japri

japri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 08 April 2005 - 12:37 PM

avgcc.exe hpotdd01.exe ProMon.exe msn6.exe taskmgr.exe Adaware.exe
Spysweeper.exe GWMDMMSG.exe explorer.exe HPZipm12.exe hkcmd.exe
aim.exe msmsgs.exe zlclient.exe ViewMgr.exe wanmpsvc.exe spoolsv.exe
vsmon.exe svchost.exe avgemc.exe svchost.exe svchost.exe svchost.exe
qttask.exe SpybotSD.exe svchost.exe lsass.exe services.exe mm_tray.exe
winlogon.exe csrss.exe smss.exe PRISMXL.exe NMSSvc.Exe avgupsvc.exe
avgamsvr.exe System System Idle Process


Am using Windows XP

#4 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:01:00 AM

Posted 09 April 2005 - 05:57 PM

I use winXP also.
Your list indicates:
Grisoft AVG running, set to auto-update, auto-start and as resident protection)
(avgcc.exe, avgupsvc.exe, avgamsvr.exe & avgemc.exe)
your task manager open at the time (taskmgr.exe).
zone alarm firewall (zlclient.exe).
spybot S&D (SpybotSD.exe).
Webroot spysweeper (Spysweeper.exe),

all good

Lavasoft Ad-Aware (Adaware.exe) is where I wonder,
since mine shows (Ad-Aware.exe)
and I know from the startup database click here that some malware mimics some processes.
(just type in exactly as seen to the search box any of the ones you listed)

Assuming you may have mis-typed that one, continuing (still all good):

winlogon.exe = normal winXP process, for logging on (perhaps fast user switch feature)
explorer.exe = windows explorer normal process
svchost.exe = a service running, and typically more than one will at any given time.
lsass.exe = normal windows process
services.exe = typically a normal windows process
csrss.exe = normally running windows process
smss.exe = also normal for the OS to run
wanmpsvc.exe = windows updater is active
spoolsv.exe = related to your printer, but how the OS "sees it".
System System Idle Process = normal
Basically I can say "mine does too" to all the above when I check the taskmanager.

The next ones are all "probably" what they seem to be.
Unless you are certain of the file path(s) involved,
it is possible that malware can use the same process filenames
by having them in different locations for a different purpose than
the original was designed to do.

You can tell by searching for each using your Search function,
enabling it to find all files hidden or otherwise when setting the advanced modes.
( the "advanced" search)
and checking where each of those .exe is located,
and whether there are any duplications.

Assuming that they all are started from the normal location,
and that is probable ...

hpotdd01.exe = HP software. info
ProMon.exe = a system tray icon. info
msn6.exe = an unknown.
GWMDMMSG.exe = an optional starting process. info
HPZipm12.exe = HP printer related. info
hkcmd.exe = an optional startup. info
aim.exe = AOL instant messenger. info
msmsgs.exe = windows messenger utility. info
ViewMgr.exe = an optional startup. info
vsmon.exe = probably zone alarm related. info
qttask.exe = related to quicktime. (probably) info
mm_tray.exe = (optional) music match jukebox. info
PRISMXL.exe = probably a remote computer management system process. info
NMSSvc.Exe = a maybe. info

The bottomline being one unknown, using typical online search & in particular the startup database here at bleepingcomputer.com

How you adjust your PC is up to you.
Before doing anything I would have done what I did.
Even then, I'd question after searching my own PC for filepaths,
I'd submit any questionable ones to one of these online scans to get a better idea
of the true nature of the exact file that is running at any given time,
until I became familiar with the idiosyncricies of the PC as it is operating.

virus total
virus scan
kaspersky individual file virus scan

Hope that helps to answer a question everyone should ask. :thumbsup:

Edited by phawgg, 09 April 2005 - 05:59 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#5 japri

japri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 09 April 2005 - 06:55 PM

Thank You for the info. I will check it out Appreciate it. Have a Great Day!!!!

#6 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:01:00 AM

Posted 09 April 2005 - 07:56 PM

You're welcome. :thumbsup:

About the unknown one:

I simply added it to a google search and came up with 8,000+ responses.
I usually pick from known addresses, which ones I'll explore first.
The Microsoft site was listed, and picking the "cache" feature I read (scanned, really)
one of the Knowledge Base articles to learn that a file named :

msn6.exe certainly does exist.

From that page at the bottom:

Msn.exe is the executable for MSN Explorer,
Msnusii.exe is the executable for the MSN Installer Wizard,
and Msn6.exe is a previous version of the software
and exists only on computers on which an upgrade
(not a clean installation) was performed.


Armed with that information, I'd then try to piece together
whether it made any sense for that file to be starting up.
Seems like it would, if your PC was upgraded to winXP,
as stated, and that file appearing would simply mean that
MSN explorer was active at the time you wrote the list.

To confirm, the search technique using your own PC would be handy to use,
and you can figure out if it is the right file by checking the location,
and perhaps opening MSN explorer to test the consistant
action of that file in your task manager.
patiently patrolling, plenty of persisant pests n' problems ...

#7 japri

japri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 09 April 2005 - 09:45 PM

I'm not real good on the computer and am still trying to figure out how to fix stuff on my own. I have had to re-install windows about 3 times now. My CPU usage on task mgr. is 0% to 4%. I read somewhere where it is suppose to be 85% or higher. Is this true. I wanted to try and find out if I can end process on any of the programs running? I removed a couple of viruses with the help of trend micro and I think I have another virus that my av isn't finding. Thanks Again.

#8 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:01:00 AM

Posted 09 April 2005 - 10:01 PM

The CPU use is typically very low at idle.
Using spyware scans and opening the task manager will reveal they often
will set the CPU use at 100%.
The best advice is to monitor the taskmanager while doing various things, multi-tasking as it were, opening and running programs simply to observe the actions being recorded by this useful utility.

The possiblity of a virus in action is just that, a possibility.

We never rule it out until it can be, but assuming it is the case
is probably not best, unless you have a good reason to.

You should install a free anti-virus program.
You should scan periodically with updated anti-spyware programs.
You should operate behind a firewall, also, as it appears you are.

It will take some time to do all of that successsfully, though

One program installation at a time, and learning about each using
the Help built-in and tutorials here is valuable.

Here are some tips I post when a members log was clean, as I suspect yours would be. Please understand it may not be exactly right as advice for you, (for example, you have a firewall), but it is not bad advice. Underlined words are links that should work to get the free programs:
1. Use secure Internet Explorer settings
  • Open IE and check tools-->internet options-->security-->click internet icon-->(default is medium).
  • Click custom and check that these settings are:
  • Download unsigned ActiveX controls - prompt
  • Initialize and script ActiveX controls not marked as safe - disable
  • Installation of desktop items - prompt
  • Launching programs and files in IFRAME - prompt
  • Navigate sub-frames across different domains - prompt
2. Use AntiVirus Software & Update Frequently. It's best to use only one.
  • An excellent free program is AVG, if you need an option.
  • This program can be set to automatically scan & either auto-update or
  • you may choose to do that yourself.
  • Virus definition updates with this program occur frequently, which is very good.
3. Use a Firewall, but use only one. If you install your own, disable the built-in winXP firewall.
  • Excellent free programs available include:
  • Sygate
  • Kerio
  • (others are also available)
  • Choose one (if you do not already use a firewall). Keep your Firewall up & monitor it's configurations
  • (fully understanding it's operation may require some thought & a little practice,
  • but it helps greatly to have it installed and functioning)
4. Use Microsoft Windows Updates Frequently
  • SP2 is the most recent Service Pack available.
  • More updates have already been to it, so remain current in regards to security issues in particular.
5. Use Spybot S&D & Update
  • Install and use this program with its TeaTimer option. (Advanced Mode-->Tools-->Resident)
  • It provides realtime spyware & hijacker protection alongside your virus protection.
  • Scan with this program on a regular basis, just as you would an antivirus software.
  • Check for updates when you do. Use the help menu, and a tutorial is available.
6. Use SpywareBlaster & Update
  • Install and use this program
  • Adding a large list of sites/programs into your Browser settings, it protects you from
  • running or downloading known malicious programs.
  • You may customize it if required to accomodate your individual needs,
  • and updates are also frequently issued with new definitions added
  • Make it a habit to run and update on a regular basis.
7. Use Ad-Aware & Update
  • Install, configure and use this program with the others.
  • It is very well thought of in it's effectiveness, it complements the actions of the others.
  • It provides for additional plug-in specialty tools as well as an upgrade if you choose them.
  • Updates are frequent, so I suggest that you do both that and run the program regularly.
8. Use an alternative Browser Frequently. You may use several if you like.
  • Consider using Firefox as an alternative to IE
    for fundamental security reasons.
  • You can have both easily. Doing so will provide you with several benefits and options.
  • Other alternative browsers are also available at no charge
  • They do not have inherent vulnerabilities to the extent that IE does.
  • They are not subject to the same attention by malware creators as IE, which is much more commonly used.
  • All of these recommendations will provide a valuable service to you,
  • and no conflicts exist when operating them together on your PC & winXP OS.
  • Please enact them for your own sake at that of the Internet itself.
9. Use BleepingComputer Tutorials & Resources Frequently. "and check for updates...:thumbsup:"
  • While cleaning your PC important tutorials were offered to explain what was being done.
  • Urgency to accomplish the task may have compromised your full understanding of what all was involved.
  • There is always room for improvement when using a personal computer.
  • Resources are available here and improving all the time.
  • Some that deal with these recommendations & other topics include:
Tutorials available for more in-depth considerations.
Switching from Internet Explorer to Firefox
Four Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware
Simple and easy ways to keep your computer safe and secure on the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Guide to Windows XP Recovery Features
Steps to take when connecting a new computer to the Internet
Microsoft Anti-spyware Beta 1 "let's see screenshots"

For your information.
Additional modifications can be made to your PC.
Optional running processes & the registry entries that make them run are not malware,
but can effect your boot initialization & other characteristics of how your PC operates.
You can enter the running process filenames into any of these online databases to learn more about them.
Bleepincomputer Startup Database.
ATW Task List.
Windows Startup Online.
ProcessLibrary
There are also other sites.
Since only you know how you use your programs, it's fair to say you might benefit
by knowing more about each of the ones that appear in your log.

For example:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
startup database info

Edited by phawgg, 09 April 2005 - 10:05 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#9 japri

japri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 09 April 2005 - 10:15 PM

I have not installed SP2 because one of the times I re-installed windows it seemed to slow down so much i could barely go from site to site. And at times it would freeze up so I never re-installed it. And I installed spyware blaster and spyware guard another time and it did the same thing and I couldn't log onto msn messenger. Right now a window has popped up that says WINDOWSSYSERROR IMMINENT WINDOWS CRASH WARNING We have detected fifty two errors in your windows computer. These errors will lead to a system crash in the next few hours. Save all your work and get the free Windows Bug Remover at: www. Fixed-PC.com. and some others come up to that say different things. The last time that happened Trend Micro helpedme remove two viruses. Then it went away. Trend Micro isn't coming up with anything now.

#10 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:01:00 AM

Posted 09 April 2005 - 10:25 PM

Windows like those are known as "goads".
They try to convince you to buy their product or visit their site for profit.
Was that happening while you were here, at this site?

SP2 should be installed with a CD you can get free from Microsoft for best results.

http://support.microsoft.com/?scid=ph;en-us;6794

http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

It will remove any of the present patches and replace everything from service pack 1 to august of 2004. Then you can update from there the newest dozen patches.

It takes time but it is worth the effort to have a secure system.

Installations such as you have described previously sound like they were not done right.

The changes are significant.
It takes the OS a little while to "settle down" and run right, sorta.

I also find that prior to installing it, it's a good idea to turn off system restore, then turn it back on.
The installation will automatically set a new restore point, and you do not want to go back further than it. That really confuses the OS.

Edited by phawgg, 09 April 2005 - 10:26 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#11 japri

japri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 10 April 2005 - 09:05 AM

When you were talking about the goads. What do you mean what was happening when I was there? It just pops whenever it feels like it. I went to one of the places it told me to go and had me run a supposedly scan and clean but when I ran SpySweeper the next day I had 25 traces and noticed one was Stop Sign, that I had ran from that error message. What causes these to pop up. Is it a virus, like I thought? Is there any way to get rid of it. The last time I removed those viruses I had to go into HKEY_LOCAL-MACHINE and I found what trend micro told me to look for to delete. I had to delete it off off of task mgr too. I guess thats another reason I was wondering if there was anything in task mgr that needed to be deleted and then deleted from HKEY_LOCAL_MACHINE too. I will re-read your replies back to me and see what I can come up with. Hey thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users