lsass.exe takes cpu times for a few minutes after logon

[Mike Bright MSP]

Tomoki,

If you think it is Spyware / Adware, you should download
a program like AdAware or SpyBot, and run a scan to see
what it picks up. Below are some links to these kind of
utilities:

Ad-Aware
--------
www.lavasoftusa.com

SpyBot (Search and Destroy) (may need reconstructing in
notepad)
---------------------------
http://www.download.com/Spybot-Search-Destroy/3000-8022-
10289035.html?tag=lst-0-2

Install one of these, give it a run and see if it finds
anything. If it doesn't then you obviously have other
issues, in which case well think again.

Hope this helps

Mike Bright MCP, MSP

e:[email protected]

 

[Guest]

Mike-san,

Thank you for your advice.

I installed spybot and the latest rule, and scaned the box.
It found some tracing cookies, and registry settings (DSO Exploit and Alexa related).
I removed those things, but it doesn't change the situation.

I looked into task list again, and I found that one svchost.exe also take some cpu time. It looks like the svchost and lsass working together for something.

below is the output from tasklist.exe /svc :

svchost.exe 952 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Messenger, Netman, Nla, RasMan, Schedule,
seclogon, SENS, ShellHWDetection, srservice,
TapiSrv, TermService, Themes, TrkWks,
uploadmgr, W32Time, winmgmt, wuauserv, WZCSVC

Again, it only affects my local account.

Some more information.
I recently write some codes that use com+, com+ catalog, com+ events, com+ instruments, msmq, event tracing for windows.
Also, I applied group policy setting to disable windows messenger.

I don't remember anything else that likely affects the system behavior..

Any comments are welcome.

Thanks,
Tomoki