StewartyBoy Posted March 17, 2010 Share Posted March 17, 2010 Hi, Having issues with my laptop. It was running extremely slow so had a look at the task manager and it lists "csrss.exe" which apparently consumed your CPU usage and basically gives access to info on my computer. How do I get shot of it?? Link to comment
martin_allen Posted March 17, 2010 Share Posted March 17, 2010 it is actually a real process but some viruses disguse themselves as this. What anti virus you using? cscan should do it as it is a fairly old virus i think... if you don't have an AV app then try this http://download.cnet.com/AVG-Anti-Virus-Fr...4-10320142.html but you should have something on there (even if it just needs updating). If you laptop is too slow to use put it on a usb through a different pc then run it with your laptop offline. 5t. Link to comment
StewartyBoy Posted March 17, 2010 Author Share Posted March 17, 2010 It doesnt show any information under it when bringing up task manager, or where the file goes to in explorer. I'll download the software and give it a go. I'll report back. Thanks Link to comment
pmacFTO Posted March 17, 2010 Share Posted March 17, 2010 Remember to boot into safe mode before doing a scan - a lot of virus processes don't load there. Run AVG as fivetide said but also try Eset Nod 32 - you could maybe even go to the website and do the online scanner. Malwarebytes AntiMalware is very useful too. If you have time run HiJackThis on your PC and post up the log - we can see what processes are suspicious Link to comment
Vimmy Posted March 17, 2010 Share Posted March 17, 2010 Hello matey, I did a bit of digging around and many sites say that it is a client/server runtime subsystem file that the system needs, so don't get rid of it, just yet. Viruses have been found masquerading as this file but there is a way to find out if its a virus or a pucka system file. This site tells you how to test the file using task manager (section "CSRSS.exe - Confusion" - para's 4 and 5). I did the test on one of my XP machines, which was to go to the task manager, select the processes tab and look for csrss.exe process and right click it. When you right click it, try and terminate the process by selecting 'End Process' and see what happens. If it comes back like mine did it replies with an 'Unable to Terminate Process' pop up window telling me that this is indeed a critical system process and you are not able to terminate it - hurrah If you were able to terminate it then its more than likely you have a wee virus lurking and the necessary precautions have to be taken to remove it. The file normally resides in the C:\Windows\system32 directory, if you search your pc for csrss.exe and see how many copies it comes back with, any more than 1 and not in the C:\Windows\system32 directory should be removed with a good antispyware/antivirus/registry cleaner. This user site has user opinions on the file. If there is only one version of the file and it cannot be stopped and its hogging resources then there may be something else causing it to grab all the cpu time. Can you provide the OS you are using, how much cpu time via the task manager that it is taking. My CSRSS.exe file when the laptop is idle sites at 0% cpu time and takes about 3228k of memory to run and has a file size of only 6Kb - but this is on Winblows XP, I couldn't say for certain how Vista/Win7 differ with this file by comparison. I use Adaware as an antispyware tool free too and AVG for a decent and funnily enough free antivirus app and finally for a free registry checker/cleaner try this one Give this a try and let us know how you get on. Cheers, Colin Link to comment
StewartyBoy Posted March 18, 2010 Author Share Posted March 18, 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:35, on 18/03/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Windows\Explorer.EXE C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SGPSA\ie3sh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - 91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file) R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe" O4 - HKLM\..\Run: [RecoverFromReboot] C:\Windows\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: "C:\page.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\LittleMissBoobsie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S5F7D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{124F43FF-33C1-4C62-9383-EC7700B06CFE}: NameServer = 172.31.76.69 172.31.140.69 O17 - HKLM\System\CS1\Services\Tcpip\..\{124F43FF-33C1-4C62-9383-EC7700B06CFE}: NameServer = 172.31.76.69 172.31.140.69 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe -- End of file - 10313 bytes Link to comment
StewartyBoy Posted March 18, 2010 Author Share Posted March 18, 2010 No your computer isn't gubbed, I've posted the above. Thanks a lot guys, I appreciate the time spent digging through the web or even just your head to help me out. I'll try each of your suggestions, but for now I've posted pmacFTO's suggested information to see if anything on there has become a pain in my a***... Thanks! Link to comment
Vimmy Posted March 18, 2010 Share Posted March 18, 2010 Not gubbed is good news, let us know the final outcome Link to comment
pmacFTO Posted March 23, 2010 Share Posted March 23, 2010 (edited) C:\Windows\system32\Dwm.exe C:\Program Files\SGPSA\ie3sh.exe O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll Not sure what page.exe is - but if it is in the root of your C:/ drive I'd remove it. WinSSHD seems to be for Remote Access - did anyone install that for you or is it a work PC? Get rid of those. I'd also uninstall Windows Desktop Search - it can slow your PC a lot. I assume you still have plenty HD space left on the C drive? Have you done any scans yet with any of the apps I mentioned? Remember - boot to safe mode to do them first - update them online before you go into safe mode tho. Edited March 23, 2010 by pmacFTO Link to comment
Vimmy Posted March 30, 2010 Share Posted March 30, 2010 Lets hope its not gubbed for real Link to comment
StewartyBoy Posted March 30, 2010 Author Share Posted March 30, 2010 Hi Guys, Sorry not had much time for getting the laptop in shape, will be doing it tonight and report back! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now