1. Hi Guest
    We are running a survey about laptop service in India, and we'd love your inputs. Please help us improve the quality of laptop servicing, and if you've had any bad experiences, now is the time to be heard.
    Take the survey

Great Problem

Discussion in 'QnA (read only)' started by Nighthawk, Nov 27, 2004.

Thread Status:
Not open for further replies.
  1. Nighthawk

    Nighthawk New Member

    Joined:
    Nov 18, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Peep out of ur monitor!
    I run Windows XP Professional on 1.7Ghz Pentium 4 Processor with 256 MB RAM and 40 GB HDD. These are the processes that run in background in my computer -
    SVCHOST.EXE - LOCAL SERVICE
    System Idle Process - SYSTEM
    System - SYSTEM
    SMSS.EXE - SYSTEM
    CSRSS.EXE - SYSTEM
    WINLOGON.EXE - SYSTEM
    SERVICES.EXE - SYSTEM
    LSASS.EXE - SYSTEM
    SVCHOST.EXE - SYSTEM
    SVCHOST.EXE - SYSTEM
    SPOOLV.EXE - SYSTEM
    INETINFO.EXE - SYSTEM

    1) Is there any process in the above list which can be ended after the computer is switched on, so that I can free more RAM?

    2) LSASS.EXE is a code for the Sasser Trojan Virus. It runs among my other system processes. I tried the Sasser Removal Tool from Symantec but it said my PC is not infected by it. Is it that my PC is really not infected? Or the virus was able to hide from the glitches of the tool?

    3) Is there any other process which you doubt is a Trojan virus or worm process is the above list? If yes, please tell me about it and how to get rid of it.

    Please do help.
     
  2. NikhilVerma

    NikhilVerma Member

    Joined:
    May 12, 2004
    Messages:
    930
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    UK
    2) lsass.exe is not a virus dude.

    Post your HijackThis log file for the better assesment of the problem 8)
     
  3. technoteen

    technoteen New Member

    Joined:
    Oct 9, 2004
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Nagpur
    m8 the inetinfo.exe service for IIS Server - i think none of personal home users need IIS Sever
    also go to run command and enter "c:\WINDOWS\system32\services.msc" to start the services managment console, in it check which services are really required by you and disable the services you really dont require. hey but be sure about what you are disabling coz it can even cause your system to malfunction.
     
  4. OP
    OP
    Nighthawk

    Nighthawk New Member

    Joined:
    Nov 18, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Peep out of ur monitor!
    Hey Nikhil .........how do I post my HackThis log file
    BTW Thanx for the help.
     
  5. go4inet

    go4inet New Member

    Joined:
    Feb 18, 2004
    Messages:
    300
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    INETINFO.EXE - SYSTEM

    This is only for IIS 5.0 ! which funcions under inetpub die. You can end this process. I dont think these stuffs wud bring ur RAM down.

    Coz these are the basic files tht needs to be running. My better advice wud be : Upgrade to 256 MB Ram ! So tht u can have some fun :)

    And I had 128 MB till 1 month back. Now 128 + 512 MB Ram :) Rocks !
     
  6. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Please post your HijackThis Logfile for better assesment of your problem.
     
  7. mariner

    mariner New Member

    Joined:
    Dec 21, 2003
    Messages:
    522
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    mumbai
    visit www.blackviper.com to get an indepth knowledge of the processes running in the background.

    even dexy has written about it in the TA forums .u candownload the text file from there too.

    visit www.softpedia.com for downloading "hijackthis".

    lastly as vinay said upgrade ur ram if possible.
     
  8. alib_i

    alib_i New Member

    Joined:
    Jun 24, 2004
    Messages:
    1,191
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    omnipresent
    you cannot stop all the svchosts ... (services hosts exe file)
    but instead you need to stop a few unneccessary services ..
    go to start->run->services.msc
    look for services which are of no use ...
    if u dont know which to stop and which not to .. then look up in the forum ..
    you'll see a few posts related to this ..
     
  9. OP
    OP
    Nighthawk

    Nighthawk New Member

    Joined:
    Nov 18, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Peep out of ur monitor!
    Here is my HijackThis scan result:

    Logfile of HijackThis v1.98.2
    Scan saved at 5:27:48 AM, on 11/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    D:\Softwares\Norman\Nvc\Bin\Zanda.exe
    D:\SOFTWARES\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    D:\SOFTWARES\NORMAN\Nvc\BIN\NYMSE.EXE
    D:\SOFTWARES\NORMAN\Nvc\BIN\NIP.EXE
    D:\SOFTWARES\NORMAN\Nvc\BIN\nvcoas.exe
    D:\SOFTWARES\NORMAN\Nvc\BIN\nipsvc.exe
    D:\SOFTWARES\NORMAN\Nvc\BIN\NJEEVES.EXE
    D:\SOFTWARES\NORMAN\Nvc\BIN\NVCSCHED.EXE
    D:\SOFTWARES\NORMAN\Nvc\BIN\cclaw.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    D:\Softwares\Mozila\firefox.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    D:\Softwares\Messenger\YPager.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Suraj Chandrakar\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Norman ZANDA] D:\SOFTWARES\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Softwares\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://D:\Softwares\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Softwares\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Softwares\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\SOFTWA~1\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\SOFTWA~1\MESSEN~1\YPAGER.EXE
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA806B07-DF40-402D-AD60-BAAD9073DD58}: NameServer = 202.144.96.4 202.144.50.4
     
  10. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Your logfile is clean except for :
     
  11. This is mine :

    Logfile of HijackThis v1.98.2
    Scan saved at 12:43:50 PM, on 11/30/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Cursor XP\CursorXP.exe
    C:\Program Files\Desktop Architect\datray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\NIPUNN\My Documents\Setups\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediffmail.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nipun's Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Cursor XP\CursorXP.exe
    O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1CDCB38-DFC1-4F27-9ECD-2D4B5249FB15}: NameServer = 202.138.97.193 202.138.96.2
    O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)

    Plz tell me if there is any prblm.........
     
  12. amitsaudy

    amitsaudy New Member

    Joined:
    May 15, 2004
    Messages:
    525
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Phew!
    Thats huge...
     
  13. go4inet

    go4inet New Member

    Joined:
    Feb 18, 2004
    Messages:
    300
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    Hmm...if every one starts showing their hijack, this is gonna turn as a SPAM thread !
     
  14. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    <--How come this is running ...??? Desktop Architect was meant for theming in Win9X only .. and not in Win XP .. You should uninstall it . . as MS had themselve put it under not supported programs list ....


    Put a checkmark next to these entries and click on Fix Checked ..
     
  15. Well...........
    I use it make the desktop icon text background transparent & to outline the icon text with black...........
    Is there any other way i can do dat without usin' Desktop Architect ?
     
  16. Minimalistix

    Minimalistix I'm back!

    Joined:
    May 16, 2004
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai, Maharashtra
    Solutions for NightHawk and Nipun

    nipun_the_gr8 wrote:
    Well...........
    I use it make the desktop icon text background transparent & to outline the icon text with black...........
    Is there any other way i can do dat without usin' Desktop Architect ?


    Your HijackThis log file shows that you are running Windows XP.
    So, the good news for you Nipun is that there's no need for you to run Desktop Architect
    to have transparent backgrounds for your icons on your desktop anymore.

    Here's how you can have that same effect in Win XP:

    1. Right-Click on "My Computer" and Select "Properties".
    (TIP: You may just hit Windows Key + Pause/Break)

    2. Click on the "Advanced" Tab.

    3. Click on "Settings" under "Performance".

    4. Under "Visual Effects" check the option "Use drop shadows for icon labels on the desktop".
    (2nd Last Option)


    NightHawk wrote:
    1) Is there any process in the above list which can be ended after the computer is switched on, so that I can free more RAM?


    INETINFO.EXE - SYSTEM
    NightHawk if you are NOT running a webserver off your PC with a properly configured firewall
    THEN technically speaking everytime you get online you are higly vulnerable to being hacked
    by hackers or some other automated exploit scripts looking for victims worldwide at random.

    And Yes running IIS (Internet Information Server) does tax your RAM!!
    So, here's how you can stop it from starting up automatically at boot-up.

    1. Open Command Prompt (cmd.exe) and Run: "net stop iisadmin"

    2. If it prompts you that some other services are dependent, press 'y' to confirm the operation.
    (The other two services dependent on IIS are "SMTP" service and "WWW Publishing". These are not critical to your system, so you can safely terminate them along with the "iisadmin")

    3. Now, Click on "Start" > "Run" and Run "services.msc".

    4. Now Find "IIS Admin", "Simple Mail Transfer Protocol" and "World Wide Web Publising".

    5. Double-Click and Set "Startup type" for "IIS Admin" to "Disabled" and for the other two to "Manual".

    6. Restart your System to find out that INETINFO.EXE is gone!!
     
Thread Status:
Not open for further replies.

Share This Page