One For The Computer Buffs...

[StewartyBoy]

Hi,

Having issues with my laptop. It was running extremely slow so had a look at the task manager and it lists "csrss.exe" which apparently consumed your CPU usage and basically gives access to info on my computer.

How do I get shot of it??

[martin_allen]

it is actually a real process but some viruses disguse themselves as this. What anti virus you using? cscan should do it as it is a fairly old virus i think...

if you don't have an AV app then try this http://download.cnet.com/AVG-Anti-Virus-Fr...4-10320142.html but you should have something on there (even if it just needs updating). If you laptop is too slow to use put it on a usb through a different pc then run it with your laptop offline.

5t.

[StewartyBoy]

It doesnt show any information under it when bringing up task manager, or where the file goes to in explorer. I'll download the software and give it a go. I'll report back. Thanks

[pmacFTO]

Remember to boot into safe mode before doing a scan - a lot of virus processes don't load there. Run AVG as fivetide said but also try Eset Nod 32 - you could maybe even go to the website and do the online scanner.

Malwarebytes AntiMalware is very useful too.

If you have time run HiJackThis on your PC and post up the log - we can see what processes are suspicious

[Vimmy]

Hello matey, I did a bit of digging around and many sites say that it is a client/server runtime subsystem file that the system needs, so don't get rid of it, just yet. Viruses have been found masquerading as this file but there is a way to find out if its a virus or a pucka system file.

This site tells you how to test the file using task manager (section "CSRSS.exe - Confusion" - para's 4 and 5). I did the test on one of my XP machines, which was to go to the task manager, select the processes tab and look for csrss.exe process and right click it. When you right click it, try and terminate the process by selecting 'End Process' and see what happens. If it comes back like mine did it replies with an 'Unable to Terminate Process' pop up window telling me that this is indeed a critical system process and you are not able to terminate it - hurrah If you were able to terminate it then its more than likely you have a wee virus lurking and the necessary precautions have to be taken to remove it.

The file normally resides in the C:\Windows\system32 directory, if you search your pc for csrss.exe and see how many copies it comes back with, any more than 1 and not in the C:\Windows\system32 directory should be removed with a good antispyware/antivirus/registry cleaner.

This user site has user opinions on the file.

If there is only one version of the file and it cannot be stopped and its hogging resources then there may be something else causing it to grab all the cpu time. Can you provide the OS you are using, how much cpu time via the task manager that it is taking. My CSRSS.exe file when the laptop is idle sites at 0% cpu time and takes about 3228k of memory to run and has a file size of only 6Kb - but this is on Winblows XP, I couldn't say for certain how Vista/Win7 differ with this file by comparison.

I use Adaware as an antispyware tool free too and AVG for a decent and funnily enough free antivirus app and finally for a free registry checker/cleaner try this one

Give this a try and let us know how you get on.

Cheers,

Colin

[StewartyBoy]

---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:35, on 18/03/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

C:\Windows\Explorer.EXE

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SGPSA\ie3sh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - 91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"

O4 - HKLM\..\Run: [RecoverFromReboot] C:\Windows\Temp\RecoverFromReboot.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run:

---

"C:\page.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\LittleMissBoobsie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S5F7D.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run:

---

(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run:

---

(User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{124F43FF-33C1-4C62-9383-EC7700B06CFE}: NameServer = 172.31.76.69 172.31.140.69

O17 - HKLM\System\CS1\Services\Tcpip\..\{124F43FF-33C1-4C62-9383-EC7700B06CFE}: NameServer = 172.31.76.69 172.31.140.69

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe

--

End of file - 10313 bytes

[StewartyBoy]

No your computer isn't gubbed, I've posted the above. Thanks a lot guys, I appreciate the time spent digging through the web or even just your head to help me out.

I'll try each of your suggestions, but for now I've posted pmacFTO's suggested information to see if anything on there has become a pain in my a***...

Thanks!

[Vimmy]

Not gubbed is good news, let us know the final outcome

[pmacFTO]

C:\Windows\system32\Dwm.exe

C:\Program Files\SGPSA\ie3sh.exe

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll

Not sure what page.exe is - but if it is in the root of your C:/ drive I'd remove it.

WinSSHD seems to be for Remote Access - did anyone install that for you or is it a work PC?

Get rid of those. I'd also uninstall Windows Desktop Search - it can slow your PC a lot.

I assume you still have plenty HD space left on the C drive?

Have you done any scans yet with any of the apps I mentioned? Remember - boot to safe mode to do them first - update them online before you go into safe mode tho.

Edited March 23, 2010 by pmacFTO

[pmacFTO]

Helloo?

[Vimmy]

Lets hope its not gubbed for real

[StewartyBoy]

Hi Guys,

Sorry not had much time for getting the laptop in shape, will be doing it tonight and report back!