Question to WEB Master:

Thanks again,

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I will assume he is running Windows2000, 98, or XP. 

There are two basic ways to see what is running in memory.

To check what is running in the foreground, press and release the CTRL-ALT-Delete keys to launch the Windows task Manager.

To check what is running in the Background, run the System Configuration Utility; Start, Run, MSCONFIG.

I am in no way advising any reader of this document to directly modify the Windows System Registry. The information herein is very general and does not intended to give specific instruction to solve a computer problem.

How to check what’s running in the foreground. (Windows XP, 98, 2000)

Press and release the CTRL-ALT-Delete keys to launch the Windows task Manager; In XP this key stroke sequence will present the initial login dialog box that includes a button for TaskManager.  Select that option. Task manager offers 5 tabs; Applications, Processes, Performance, Networking, and Users.  

.Performance is of interest if you think some program is eating up your memory or CPU processor time. 

.Processes is tough to wade through, however it will show you just what process is hogging CPU processing time, if any. 

.Networking and Users will help you detect any computer or users connected to your system, which can also eat up memory and CPU processing time. 

.Applications shows programs running in the foreground.  Listed here are programs like Word, Excel, and Outlook, or the programs running with or without icons in the system tray. That’s on your task bar where you will see Icons for Norton Antivirus, AOL, Instant Messenger, and stuff like that.  That latter group usually gets loaded from one of two places; being your Start Menu's Programs\Startup group, or the Registry's HKEY_LOCAL_MACHINE…….RUN= Key.

The fully qualified name of the registry’s RUN= Key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. 

STAY OUT OF THE REGISTRY!   LAST WARNING! 

You don't need to edit the registry to fix issues with background programs unless you have a real virus.  If you believe you have a Virus then run a full Virus scan of the system and report any virus to your PC/Network Support technician or company Help Desk.

Let me sway off the path just a bit.  The terms Virus, Trojan, and Worm conger up all kinds of devious behavior on the part of some programmer.  However, most users don't even consider having their default home page changed without permission to be the act of a Virus.  But in my book it is. 

On the computers that come to me for suspected Virus infections, I find that most of the programs utilizing the registry's RUN= Key to be legitimate software and at one time the user had interest in the program, but wasn’t given the option to remove or uninstall said program(s).  Ad programs are the worst culprits, AOL instant messenger, and Real Player are three examples of what I call indigenous weed programs. KAZA is a huge CPU killer and creates a huge security threat to the Network. Most users of KAZA don’t realize that KAZA has created a SHARE on their computer that can be seen by anyone else on the World Wide Network. This fact was right there in the Disclaimer you didn’t read when you installed KAZA.

Warning!  Do not ever try to uninstall AOL from a Windows98 computer.  If you do actually get the program to completely uninstall, you will have to reformat your hard drive and reinstall Windows.  Now would you call AOL a Virus?  No!  Then why can't it be removed?

OK;  Enough of my rambling.  You asked a simple question and I wrote you a chapter. 

Here is how you safely examine the Registry for programs running in the Background.

Start\Run\MSCONFIG  runs the Windows System Configuration Utility.  On XP, the utility has (6) tabs.  Your interested in the two on the far right. On my system, the Startup Tab shows 24 programs that have requested execution.  I have disabled 14 of them without any adverse effects to my system. 

The names of the program can be a bit cryptic, but their purpose becomes more obvious when you look at the Command Path to the program executable.  For example, if you have Norton Antivirus installed then you have a little program named ccapp.exe in your Start Up. Looking to the right of this program you see the Command of C:\Program Files\Common Files\Symantec Shared\ccapp.exe Looks to me like this is a legitimate background process and I better leave it alone. On the other hand, if you see a program called "Keill.exe" in a directory called \...\Windows\System\Temp. you may wonder if this is a real Windows system program. How do you find out? Easy! Lets check out ccapp.exe. Open your WEB browser, click the Search Icon, enter ccapp.exe into the search phrase dialog box and let her rip.

WinTasks Process Library

Process File: ccapp or ccapp.exe
Process Name: Symantec Common Client
Description: The Symantec Common Client Application is included with Norton AntiVirus 2003 and Norton Personal Firewall 2003
Common Errors: N/A
System Process: No

MSCONFIG: The great thing about the MSConfig tool is that Microsoft provided it as a Debugging tool, free of charge.  Using the check box to the left of each program will Enable or Disable the program from running.  You reboot and see if the change caused a problem, and if not, leave it turned off.  If you turn a program Off and after rebooting find it is back on again, then you have a program that is behaving like a Virus.  It may not be a Virus, but it is behaving like one.  This can happen because you Disabled a program that the Windows operating system, or other system application requires, whereby, Windows is kind of protecting you from yourself when it re-enables the application you foolishly disabled.

Be warned, this tool is not fool proof. Work with the Startup TAB but keep you mouse clicking fingers off the other Tabs unless you really know what your doing. LAST WARNING!

Lesson Over.