Over 1 million tech questions and answers.

csrss.exe trojan please help ASAP (Firefox crashed/ didnt restore windows)

Q: csrss.exe trojan please help ASAP (Firefox crashed/ didnt restore windows)

Microsoft confirmed I have the virus when they check command prompt, csrss.exe (which sends email PWs or unecessary ones and downloadhelp.exe. It already shut down security tasks, and kaspersky didn't catch it, maybe cause malware bytes was installed too?

Please help with the removal! He said if I reboot I may get the blue screen which can make it worse. What should I do??

Thanks

Using Windows XP

DDS FILE:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Os at 17:10:28 on 2012-04-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.378 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\os\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxps://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262676841203
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262676836453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{37F52497-B5D4-4FFF-8FA0-43DE8A52246C} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\os\application data\mozilla\firefox\profiles\3qc9ow07.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.txt=Word Reader-TXT
.
=============== Created Last 30 ================
.
2012-04-19 20:10:05 -------- d-----w- c:\documents and settings\os\application data\TeamViewer
2012-04-03 0548 -------- d-----w- C:\HakkasanApr2
2012-03-30 21:20:14 -------- d-----w- C:\kaspseria
2012-03-29 16:42:22 -------- d-----w- c:\program files\iPod
2012-03-29 16:42:16 -------- d-----w- c:\program files\iTunes
2012-03-29 16:22:10 -------- d-----w- C:\simon
2012-03-22 20:50:49 -------- d-----w- c:\program files\HitmanPro
2012-03-22 20:44:36 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
.
==================== Find3M ====================
.
2012-03-03 05:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 00:47:24 709968 ----a-w- c:\windows\isRS-000.tmp
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 17:15:28.49 ===============



................and HIJACKTHIS log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:28:25 PM, on 4/19/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java? Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - https://install.home...ive/HS_live.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1262676841203
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1262676836453
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

RELEVANCY SCORE 200
Preferred Solution: csrss.exe trojan please help ASAP (Firefox crashed/ didnt restore windows)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: csrss.exe trojan please help ASAP (Firefox crashed/ didnt restore windows)

Hello flakeup. Welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please: do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
do not run any tools or scans other than those requested;
follow all instructions in the order they are presented;
if you have problems with or do not understand the instructions, ask before continuing;
stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
do not attach any logs/reports, etc.. unless specifically requested to do so.
All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

=====================

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Please read this: How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

============================

The system is still infected with ZeroAccess. Before we begin to attempt to clean it, I'd like to gather a little more infrormation.

When you run this tool, it's important to remember to choose Skip not 'Cure' if it finds something. We are interested in a scan only, not a fix.
Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, Change the action to Skip. Do NOT allow it to Cure anything.
Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller<version_date_time>log.txt
Attach that log, please.

Read other 2 answers
RELEVANCY SCORE 174.4

Microsoft confirmed I have the virus when they check command prompt, csrss.exe (which sends email PWs or unecessary ones and downloadhelp.exe. It already shut down security tasks, and kaspersky didn't catch it, maybe cause malware bytes was installed too?

Please help with the removal! He said if I reboot I may get the blue screen which can make it worse. What should I do??

Thanks

Using Windows XP

LOG:

DDS FILE:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Os at 17:10:28 on 2012-04-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.378 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C... Read more

A:Csrss.exe trojan please help ASAP (Firefox crashed/ didnt restore

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Before suggesting some remedial tools I need more information.Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.T... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

Hey.

Me and my friend were LANing, and he started to delete a few processes due to the fact that his virtual memory use were high.
He accidentally deleted csrss.exe, and it made the laptop crash.
We turned it on again, but then the screen went all weird, and turned from black to white and vica versa.

Is there any way to solve this, or do we have to reformat? I don't even know if that'll work, since we can see nothing but the black and white colour on the screen.

Thanks!

-Asytile (Mis-spelled my name)

A:Windows Vista | csrss.exe aborted, computer crashed

Nevermind, people. It seemed to repair itself by us letting it rest for a while. Thanks anyway. (Even though no replies)

Read other 2 answers
RELEVANCY SCORE 65.6

 BTKQSYvCMAACo8y.jpg   38.72KB
  2 downloads

 BS7P5HuIYAAldzj.jpg   91.01KB
  2 downloads
 
 
I need help my sony vaio model PCG 7X1M has crashed and i have tried everything and nothing works as both screens are stuck and doesnt move, i cant seem to reboot windows nor reboot the BIOS battery as its on the motherboard which i cant get to also worred about my files what should i do

A:Windows vista has crashed HELP ASAP

These instructions apply to both Windows Vista and Windows 7.
 
If your have a Windows Vista or Windows 7 installation disc start with step 2.
 
Step 1.  Create a Windows Vista or Windows 7 Recovery disc.
 
Download a legal Windows Vista Recovery ISO image here. 
 
Download a legal Windows 7 Recoverry ISO image here.
 
You will need to burn the ISO file to a CD or DVD, please downlaod ImgBurn and install it.
 
Insert a blank CD or DVD into your CD/DVD drive.
 
Open ImgBurn, and click on Write image file to disc.
 

 
Click on the Browse for a file icon:
 

 
Locate the ISO file, and click on the Open button.
 
Click on the blue arrow to start burning bootable disc.
 

 
Step 2.  Place the disc you created in the tray of your CD/DVD drive, close it and reboot the computer.  
 
Notice:  You may need to change the boot order in the BIOS to make the CD/DVD drive the first device.
 
At the first screen click on Repair your computer, this will run the repair porcess and try to make a repair.   
 

 
When done you will be presented with the System Recovery Options dialog box,click on Next.
 

 
The next screen will be the System Recovery Options, select Command Prompt.
 

 
In the Command Prompt copy and paste or type chkdsk /r and then press Enter.  If you type this in please notice the space between chkdsk and /r.
 
To finish ty... Read more

Read other 7 answers
RELEVANCY SCORE 57.6

My Hub of Life, ​Aboard the M.Y. B'Lee'vn, Golden Tides Marina, Puget Sound, Washington

My Next Hub of Life​AMD 2600+barton/ASUS A7N8X Deluxe MB/ATI 9600pro all in wonder/516 Corsair XTM memory/WD SATA 120G. HD/ XP Professional sp1b ​

I have not been able to make system restore work the odd number of times I have tried it.
Every time fooling me as it looked like all was well until after reboot.
I find a message stating that nothing has been changed.

I doo believe I'm the "ManGod" of this computer (administrator)
Any suggestions?

A question of safety? Are there any: not so great after affects from a system restore,,,,,?

OH!
Same with creating a backup disc. I fail!
I keep getting a message that the file name is wrong.
(File Name: backupblablasomething) and this is the default file name.
A this point they defeat me,,the gremlins ya know.
This is using Microsoft's backup: start/ program/accessories/system tools/backup.

Iam trying to backup all files and folders in my computer. Iam concerned with photos, and a host of freeware I have collected. maybe a few serious items to somewhere in there.

Bytheway, a bit off topic I know HOWEVER!
Letmegiveitatry!
I cannot sort out, which ATI 9600pro all in wonder driver(latest) to use for my Nvida chipset on my motherboard for the life of me. (probably my parinoia of deleting and reinstalling drivers, (Iam told to keep it to a minimum, any truthin this?)
Some drivers descriptions soun... Read more

A:system restore didnt,,,,,restore!

Read other 6 answers
RELEVANCY SCORE 57.2

Hello, thank you in advance for this excellent resource and your selfless help, I'm really grateful to have somewhere I can turn to.

Been getting a BSOD often when running full screen videos, and have updated all applicable drivers with no luck. Keep seeing csrss.exe running in Task Manager when comp slows down, and found an extra copy of the csrss.exe file OUTSIDE of it's normal Windows>System32 location. Have also had email and video game accounts hacked lately and figured this might be the source, as I have no other clues to go on. Running Avast! Free edition and Ad-Aware Free scans seems to be useless.

Here is my embarrassingly messy log, and cheers to whoever responds:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by <Name Blocked> at 23:20:04.01 on Thu 03/24/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.711 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *E... Read more

A:csrss.exe trojan issue Windows 7

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 8 answers
RELEVANCY SCORE 57.2

Hi I have a Philips x58 and it crashed just recently.. i had the tech guys cover option on it from pc world when i bought it.. It crashed and it will only come on to the tech guys screen... system restore... which ever otion i choose i still cant get it to restore... i never even thought of creating a restore point.. so i guess i have no chance of getting any of my content back... i dont want to loose 400 photos from last few years... is there anyone who can help me restore it... because i cant bring myself to reset the laptop back to its original state...

Please help, im moving to france soon with out a phone and need to sort it before i go....

Any help would be much appreciated....
 

A:Help ASAP with Crashed Philips x58

if possible take out the hard drive and hook it up to a desktop see if you can get your photo's-data off,if you achieve this pop back in laptop and do a factory restore
 

Read other 2 answers
RELEVANCY SCORE 56

ok brand new inspiron 1501 amd64 dual core windows vista basic, plenty of ram/memory,computer freezes up and screen goes black or leaves lines on screen and has to be manually restarted and will not wake up from sleep mode without having to hit the power button! online chat with dell suggested a factory image restore but did not solve my problem cause it happened again......help plz do not want to send computer back because of all of the delays with dell!
 

A:factory restore didnt fix my computer freeze..help

Read other 11 answers
RELEVANCY SCORE 56

I have first been getting these problems when I downloaded Comodo IS Pro. Apparently when I approached them for help,the technician did not reply to me after telling me to install.

Thus I did a system restore and the computer could load in normal mode(however the screen,etc loaded slow like hell.)

Yesterday, I downloaded comodo firewall and something familiar appeared

From Problem Reports and solution, these are the service that crashed:

4X svchost.exe
1X lsm.exe
1X sandboxie.exe
1X wininit.exe

But guard32.dll from comodo is the module causing it according to Problem Reports and Solution, but anyone knows why and how to solve it?

A:Svchost crashed, windows start up crashed, local session manager crashed

Have you tried uninstalling Commodo to see if it is causing the problem?

Read other 3 answers
RELEVANCY SCORE 55.6

Hi there.

New and a bit panicked. I have an acer aspire E15 laptop. this morning it kept freezing. i attempted a system restore. black lines overtook the screen. Now nothing comes on the screen and the laptop keeps trying to to turn itself on. if i hold down the power button it stops but if i hit it again it just goes back into loop. I'm not sure if this is the right place for this but if anyone can help i would be eternally thankful.
 

Read other answers
RELEVANCY SCORE 55.2

Hi i did a back up of windows file for my aunt using windows 7 back up and retstore feature, im trying to put all her files back but when i do that the files are going to its original location to a certain user( that wasnt even listed on a profile) Please does anyone know how i can restore the files back to my aunts profile. this is her work pc. its a dell inspiron 1470. i m so desperate right now i need some help please. my aunt is going to kill me if i cant restore her files. files are back up to a external drive.

A:restore didnt go to correct profile please help major deadline

If you just did a back-up to an external drive, the original files should still be on the computer you backed-up from, so clearly you did something other than just a straight-forward back-up. Could you detail exactly what you did, why you did it and why, if you are restoring to the same computer, are the original files no longer there.

Read other 6 answers
RELEVANCY SCORE 55.2

When i hit a Google keyword in Mozilla & click on a result
some times its load a another site mostly below site and spam sites


but this don't do internet explorer 8

is it a Adware, Virus or my firefox
pls Help

A:Firefox Lods sites i didnt requested

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 55.2

I had 2 versions of firefox on my pc, and both had bookmarks. So i deleted one program and when i opened the other firefox there was no more bookmarks!! How do i get them back? I managed to use get data back and it found the back up Json files but it wont accept them? when i use a json viewer in firefox to view the backups i get "There was an error parsing the json document. The document may not be well formed.'' I really only need a few sites back but stuck now?

A:I deleted firefox and didnt save my bookmarks!! I need them!!

Try a system restore to a point in time before you deleted your other version of Firefox, and then make sure you save your bookmarks to an external source before you delete it (Firefox) again.

Read other 9 answers
RELEVANCY SCORE 54.4

Hello everyone

I have this big problem with my HP Pavilion a730n Desktop. After doing the System Restore setting the restore point on February 14, the monitor turned off and the computer just freezes. I unplugged the PC a couple of times and plugged again but it just stays the same, it freezes!!!

Hope you can help me! Don't know what to do!!!

Thanks in advance

EDLL
 

A:HP Pavilion Desktop a730n with Windows XP crashed after System Restore

How long did you leave the computer unplugged? If you just unplugged and plugged in right away your not giving the hardware time to reset. Unplug the computer and leave it sit for a bought 10 minutes. That should be enough time for the system to reset. I suspect it may be a hardware lock. Not ruling out software as yet.
 

Read other 2 answers
RELEVANCY SCORE 54.4

Hi,

Recently, I have a series of application crashes and it depends on the boot. if I get a good bootup, my apps will just run. However, if it's a bad boot, all my apps will crash during launch.
I've disabled non-Microsoft Services using MSconfig,
ran the following:
SURT,
sfc /scannow
Attaching CBS folder below.


Thanks.

Wayne

Read other answers
RELEVANCY SCORE 53.6

My Lenovo T60 crashed and was not able to be repaired. I do not know what caused my laptop to crash, but according to the PC Tech, the hard drive was reformatted. To be honest, I am here in the Philippines and did not bring my recovery disks with me & I am not so sure about the technical ability of the PC Tech.

That being said, he installed Windows XP Professional on my laptop and partitioned my hard drive. I have a 250 GB Western Digital HD. Before my laptop crashed, the drive was NOT partitioned. After the installation, I now have two drives, C, with 40 GB and D, with about 200 GB.

I lost a lot of photos and music, and other important documents. I decided to try to recover some of these files and used Recuva. The good news is that a lot of missing documents can be recovered. While listing the files and looking at them, I noticed that I had several System Restore points that I can recover.

My question is, can I use the most recent System Restore point that I recover and use that to reinstall all the missing software? I had MS Office 2007 Professional, MS Visio 2007, MS Project 2007, and other software that I do not have the installation disks with me.

From what I have read, System Restore will reinstall the system (registry, files, and software only) and not the My Documents folder.

If this can work, where do I put the system restore file? If need be, I can delete the new partition and resize the C partition, restore, and then repartition the hard drive afterwards.
... Read more

A:Can I use a recovered System Restore point file to restore missing sw crashed laptop?

Since you already lost everything, try the System restore but first backup everything Recuva found onto a USB key. If your version Windows was not the same what the tech installed, it might not work. Also, he should have first ask you what to do with your files before formatting.
Otherwise you will have to wait till you can re-install everything.
 

Read other 3 answers
RELEVANCY SCORE 52.4

Hi all. First post, thought I'd better get to know how my 'puter works a bit more than I do!I've recently done a restore to 'factory state' on my Acer 5720 from the disc image in the restore partition on my HD. This completely overwrote the C: partition but left the D: partition untouched. I'm still a bit paranoid as I was restoring Windows due to having undeleteable cookies, recurring popups, and a few other bits and bobs I couldn't identify myself or through Googling them, which made me a bit paranoid as to what was lurking. I didn't format D: prior, which contained music, a couple of spreadsheets, and some photos. I have since formatted D: and Mcafee shows no problems (though I know it's not the best).Firstly, as still a bit of a preamble, is there any chance that the recovery partition - the factory state image, not a backup I've made - (no drive letter) could ever get infected or is it safe to do a restore from there??Secondly, concerning csrss.sxe, I appear to have two of these in task manager. On the first screen of task manager I have one, but when I right click and select perform administrative tasks, I have two of them, using 1076K and 1044K. I thought there was only one per user, and I'm the only user on here (prior to restore there was a second user). I can only find one csrss.exe when I do a search and it's in C:\Windows\System32 with a file size of 6.00KB and size on disc of 8.00KB. Should I have two of these running in task manager as I've read th... Read more

A:restore partition and two csrss.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 52.4

I pulled the plug for my PC by mistake when I was sorting something out and I had firefox running with 3 windows opened. I switched it back on and restarted firefox. The session restore tab appeared this all my windows listed and checked, but when I hit restore only 1 was restored.

This has happened to me before on firefox 3.6, all I did was exit and start firefox again and the other windows showed up. But that didn't work on firefox 14.

I've managed to restore the sessionstore.js file to a previous version. When I restarted firefox 5 windows were listed in session restore but I could only view the tabs on 2 of them (why?). Clicked on restore and only those 2 windows appeared.

Is there any way I can recover the other 3?

A:Firefox won't restore all my windows in session restore.

Check your Firefox History list (unless you've already cleared it).

Read other 2 answers
RELEVANCY SCORE 51.6

Hello all, Im sorry, but i had to double post as its been 2 weeks without any response from anyone. I recognize that the site is run by volunteers, but I have been waiting for help for nearly 14 days...I would really appreciate some help clearing out my computer.I managed to do a MBAM scan in Safe Mode a couple days back, and it managed to clean out rapid.installer, and some other things. The blue screen and warnings have gone. The porn icons on my desktop left, and the pop ups are not happening as often. However, i still do get them...i have been running MBAM scans daily since, and still come up with about 25 infections (trojan.vundo.h) each time...attached is the most recent Hijack This Log and MBAM log...I really am looking forward to a response. Thanks
 

A:help clearing trojan.vundo/ (Didnt get a response for 2 weeks)

Read other 16 answers
RELEVANCY SCORE 51.6

I have a virus on the computer. we had mcafee and it would not delet the virus so my mom bought norton wich didnt help. the virus uses fake system alerts telling me I have spyware. i have used spybot just to be sure and come up with nothing. The alerts only appear while on the internet. It also makes popups in internet explorer telling me to scan my computer or download something. I use firefox for internet so i Know its not real.

Logfile of HijackThis v1.99.1
Scan saved at 2:58:07 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOW... Read more

A:Solved: Trojan. tried mcaffee and norton but didnt remove

Read other 14 answers
RELEVANCY SCORE 50

My Firefox browser hangs occasionally and learned that more than one CSRSS,exe is running when I checked Task Manager. I suspect I have a malware/trojan program running on my computer. I have genuine Windows 7 Premium (64 bit) runs on Toshiba laptop (Satellite P745-S4320). I have original Windows 7 Home Premium boot disk.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by JongTae at 13:49:24 on 2014-07-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3712 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86... Read more

A:[SOLVED] Multiple CSRSS.exe running with Hanging Firefox

satyros66,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Read other 10 answers
RELEVANCY SCORE 50

Hello there - I have two issues I need help with please... here goes;

QUESTION((1))Firefox is my preferred browser by a mile - because it has so many add-ons, can be customised in so many ways, is very secure, etc etc etc!
But I can see that it uses a HUGE amount of memory!
See the following screenshot;

Notice it is using over 140k in memory! Whilst the nearest to it is only using 20k.... why is this? And is there any way to reduce this?

QUESTION((2)) ...regarding CSRSS.EXE...
Take a look at the screenshot again... I've drawn a circle around the .exe I'm talking about...

I did a Google search for Csrss.exe and it came up with page after page about viruses! I tried ending the process and Windows crashed!
Now I understand that normally, Csrss.exe is nothing to worry about, but the fact that it uses the 4th most memory on that list concerns me.
Also, in the shot provided, what does the third column mean (entitled "CPU")?
As only a few programs have numbers in this column, can anyone explain what it means?
But more importantly, does my CSRSS.EXE file look ok to you TechGuys? As I've read up a little on it, and only if it hogs the majority of your memory do you need to worry - but as you can see, it is 4th on my list!... So it is (sort of) hogging my memory...

Any help would be really really appreciated! Please let me know what you think, even if you can only answer 1 of the questions, I would be so grateful!

Thanks a lot - badbadbad

A:[SOLVED] Firefox uses loads of memory!! &amp; csrss.exe - virus??

1). 142mb isn't all that much for a browser, especially if you have some addons installed and a few tabs open. I've currently got 16 addons and about 20 tabs open, and the memory used is 130mb.

2). csrss.exe is an important Windows file. It's not a good idea to delete it or any other file without knowing what it does. If it's in Windows\System32, then it's probably genuine and safe. If it's in any other folder, it could be malware. It's only using 5mb, which is a drop in the ocean compared to your total RAM, so it's not hogging memory at all. The CPU column tells you the percentage of CPU usage. Click the column header twice to re-order the list.

How much RAM is installed in your computer? If you're using Vista, I would expect it to be at least 1gb (1024mb).

Read other 7 answers
RELEVANCY SCORE 50

Hello,I have a laptop running Vista Premium Service Pack 2. Firefox has been running slow, with a lot of "(not responding)" going on. I have Malwarebytes, Avira, and now Avast and they have found nothing after scans (safe mode also).So i looked up some of the processes running and saw that maybe csrss.exe could be malware running. I tried autoruns and stopped a few of the processes, but I know I am in over my head and need help...So, help anyone?Thanks in advance!Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

A:Firefox Slow (Not Responding) - found csrss.exe, but can't remove all of it.

Try running Firefox safe mode and a different browser. How do they perform?

Read other 7 answers
RELEVANCY SCORE 49.2

Hi, i was requested to repost in here along with all the necessary logs from the preparation guide. Included are both DDS logs, with the attach file zipped up and attached, GMER log and recent HJT log.I have a problem with a CSRSS file located in my appdata/local/temp path which is found by Malwarebytes but keeps being detected every time i log on. I also have two CSRSS and dwr running in windows task manager. My computer freezes after about 10 minutes of use.DDS 1.DDS (Ver_2011-08-26.01) - NTFSx86 MINIMALInternet Explorer: 8.0.6001.19088Run by Death Metal Realm at 10:24:03 on 2011-08-26Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3032.2539 [GMT 1:00].AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\Explorer.EXEC:\Windows\system32 ... Read more

A:Help with CSRSS.exe trojan, or something!

HiPlease do the following:Refer to the ComboFix User's Guide Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

Read other 18 answers
RELEVANCY SCORE 49.2

EDIT:MOVED to Virus,Trojan and Malware Removal Logs ~~boopmeI have been email hacked & infected with the csrss.exe trojan & would like to know how to remove it.Logfile of HijackThis v1.99.1Scan saved at 4:04:34 PM, on 4/24/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Free Download Manager\fdm.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ta... Read more

A:csrss.exe trojan

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your version of HijackThis is obsolete.Remove it using the Add/Remove Programs list.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted re... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

I play World of Warcraft on my home computer - only my wife and I use the computer and the game account is never ever shared with anyone else. Today I got an e-mail from Blizzard, the company that makes the game, saying that my password had been changed. I tried logging in, and of course, couldn't. I was able to get the password reset, but by the time I logged in my account had been hacked, tons of in-game stuff stolen, etc.

Obviously, someone was able to get my password and log in. In my processes, I see csrss.exe running, and when I checked it on www.processlibrary.com, it said that csrss.exe was part of a Trojan. However, neither my normal security software (McAfee), nor Spybot are able to detect any spyware on the computer.

Any ideas on what could be happening?

Thanks a lot.

A:Do I have a Trojan? CSRSS?

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say ... Read more

Read other 3 answers
RELEVANCY SCORE 49.2

hi
my laptop has been acting up, with a malware bytes log that found csrss.exe
i killed a similar named process with process explorer and got a BSOD

your assistance would be greatly appreciated..
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7417

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

09/08/2011 18:28:02
mbam-log-2011-08-09 (18-28-02).txt

Scan type: Quick scan
Objects scanned: 182306
Time elapsed: 31 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jhg\AppData\Local\temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

last time i tried a complete scan i got a BSOD...

here's an HJT log in the meantime...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:18:48, on 10/08/2011
Platf... Read more

A:trojan csrss.exe

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 40 answers
RELEVANCY SCORE 49.2

I have a nasty little virus from my nephews who used my computer while I was gone. I backed up my files to the 4th of this month, but that did no good. I am still infected! Looks as if he was downloading pirated crap to his flash drive, but checking it out on my machine first. I am pretty livid! Any help you guys can give me would be great.Here is the info you guys need from reading other posts.aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-15 19:49:06
-----------------------------
19:49:06.045 OS Version: Windows x64 6.1.7600
19:49:06.045 Number of processors: 4 586 0x403
19:49:06.046 ComputerName: MARK-PC UserName: Mark
19:49:10.035 Initialize success
19:49:16.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:16.983 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 11
19:49:18.998 Disk 0 MBR read successfully
19:49:19.003 Disk 0 MBR scan
19:49:19.008 Service scanning
19:49:19.826 Disk 0 trace - called modules:
19:49:19.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:49:19.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007acc060]
19:49:19.851 3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a83680]
19:49:19.858 Scan finished successful... Read more

A:csrss.exe dwm.exe TROJAN

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6371

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

4/15/2011 7:41:21 PM
mbam-log-2011-04-15 (19-41-21).txt

Scan type: Quick scan
Objects scanned: 191140
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Users\Mark\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> 4736 -> Unloaded process successfully.
c:\Users\Mark\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 4280 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_U... Read more

Read other 5 answers
RELEVANCY SCORE 49.2

i recently went on to msn and my friend sent me a link, and i thought it was a trusted link because he sent it but it gave me a virus and now its sending it to my friends and apparently loads of msn users have suffered from it. So i tried to look for removel things but didnt help so i looked on task maneger and looked for suspicious things, I saw csrss.exe and uniblue process library says its a virus OR part of a microsoft thing, so on the task maneger this csrss.exe has nothing for discription cos if it was microsoft or another company it would have said so im not sure what it is, also their is an nvvsvc.exe with no description; winlogon.exe witho no... and atieclxx which could be part of ATI since i used to have an ati card but changed to nvidia.

A:csrss.exe is this a trojan?

Hello yoyodasher,

We can't guess at where the malware may be residing. Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 49.2

I have noticed a definite slowing of processing on my laptop recently. I discovered a possible trojan virus disguised as a Windows system file: csrss.exe. I downloaded Hijackthis and this is the log of my first scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:59:41 PM, on 9/14/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Fi... Read more

A:Possible Trojan?? (csrss.exe)

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 49.2

This process has been running on my PC (I've just found it now) not sure what it is, I done a google search and it turned out it is a necessary windows system file I read, but also to contradict that I read it was a trojan?

Can anyone shine a light on this for me.

Thank you

A:Is csrss.exe a trojan?

When you open up task Manager , by right clicking on the task bar and choose Start Task Manager . On the Processes tab if you right click on the csrss and choose Properties the location should be C:\Windows\System32 .

csrss - Client Server Runtime Process

Read other 9 answers
RELEVANCY SCORE 49.2

Hello Guys !!!!
Anyone help me.
I tried to help my syster with her laptop,
she had a problem with peach tree program, his son did a repair on windows, ( i dont know how he did) the thing is she brings me the machine, first i did a system check point ,
then i do a restore point to view if the machine works fine, the machine still the problem and when i roll back to the systeme restore point i did, i lost all documents was in desktop and in "my documents" i dont find , if any knows if i recovered it ,
i apreciate your help,
thanks
rolando alejandro
 

A:i didnt find "my documents" when did a restore

try "undoing" the system restore & it will return the laptop 2 it's previous state... folders intact probably
 

Read other 1 answers
RELEVANCY SCORE 49.2

I'm not quite sure what, if anything is going on here, but I'm having some problems and when I was surfing last night A-Squared threw up so many warnings every time I tried to connect to a page that I ended up shutting it down. Today, I ran a scan and it came back all clear, as did Kaspersky AV. I am still leary though.

The problems started benignly enough but seemed to multiply.

-My printer won't print from any web browser. The message comes up, it looks as though it will print, then it sits in the queue. It had just printed something moments before from the net but now it won't. Pages from Word, Notepad and running a Printer Test Page print fine, but from the browsers will not. (EDIT- IE will now print. FF will still not.) I've checked the connections, reset them, unplugged and waited then plugged back in; nothing's worked. In trying to deal with that, other things came up.

-System Restore will not work. It goes through the entire process, seems as though it is working, then when the computer comes back on, and the restore message pops up, it says "System Restore was unsuccessful. Unspecified error." I have used it before and it has always worked well.

-While monitoring an install, ZSoft Uninstaller, became stuck on the taskbar. It was minimized to the taskbar and would not maximize. Right clicking didn't give me a context menu and nothing I did could make anything happen with the program. I brought up the task manager to try to end the task from ... Read more

A:csrss.exe, System Restore not working, A-Squared Anti-Malware acting oddly

Bump, please.
New issue: an icon has appeared on my desktop called Update.exe
The only thing different I have done today was plug in a USB backup drive but it didn't have enough power to install the driver so I am not sure that is where it came from. I have also removed a couple of programs. Should I run the DDS and gmer again?

Read other 1 answers
RELEVANCY SCORE 48.8

Hi, I just got a new Dell Windows 8 all in one touchscreen desktop, about a week ago. I am having problems connecting my wireless printer and another issue with videos not playing. I Googled Dell Tech Support and got a phone # in to what I thought was Dell Support. I'm not so sure it was, now, because after taking control of my computer and scanning files, they told me I had a Trojan virus called csrss.exe/Black Trojan, which is not allowing many processes to run, and that they could fix it for $278. Also, when I hung up from them and reverse searched the #, a company site called Support Center 247 came up. I ran malewarebytes and nothing came up. Can someone help?
Cate

A:CSRSS.EXE Trojan virus possible?

Support Center 24/7 is a fake.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is pl... Read more

Read other 1 answers
RELEVANCY SCORE 48.8

Please bear with me as this is my aunt's computer. I've switched to a mac so my PC-detective skills are a tad rusty. Here's what's going on.

System Info: HP Pavillion running Windows Vista 32 bit Service Pack 1 (in the process of updating)

First symptom was a slow start up. And by that I mean literally 10 minutes. So I started uninstalling programs she doesn't need/use. I also ran Startup Manager and deleted a ton of stuff from there. Mistake. I'm sure I deleted something I shouldn't have. Upon reboot, there was no desktop (icons, start menu, etc.). Was able to add explorer.exe to the shell registry and now when it starts up, still no desktop but I can go to task manager and start a new task; explorer.exe and the desktop appears. That's a secondary issue (I'll research the solution to that later), but I wanted to include it in case it's relevant.

In task manager there is a process that is csrss.exe. After much research I believe it is the Ahlem.A trojan. If I try to end the process I get an error Access Denied (good thing). Then however, the list of processes goes from 10 to about 60, with TWO csrss.exe. One very small, one large. If I try to end the big one, I get the blue screen of death. This is what makes me think it is the trojan.

I have run Malwarebytes Anti-Malware, but it didn't find anything. I also ran Ad-Aware and AVG, both of which found nothing. Currently running SUPERAntiSpyware, but am not anticipating ... Read more

A:CSRSS.exe-possible Ahlem.a trojan?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:52:19 PM, on 5/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Alright, so I have a pretty brand new computer. I keep all my spyware and antivirus software and firewall up to date. I constantly clear my cache, temporary files, and avoid opening unknown emails. In short, I keep my computer clean. I use Internet Explorer and Firefox, both with pop up blockers. However just today, I began getting popups for fake spyware and antivirus software, which I instantly knew was being caused by some sort of malicious program. So I hit control, alt, and delete and looked at all the processes that were running. csrss.exe was being run, and it was the only process that had a blank description, so after a little Googling, I discovered that is possibly a Trojan.

I appreciate any help you guys may have. This is the only family computer in our house, and we cannot afford another one if it were to crash.

Thank you a lot, and I hope to hear from you guys soon.

-Hishaam

A:Possible csrss.exe trojan infection?

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results butto... Read more

Read other 13 answers
RELEVANCY SCORE 48.8

Here's the situation. Recently someone's been using my computer, and upon getting it back I now notice that a lot of times when I access a website, I get a fake error page with the address of "http://winguard2009.microsoft.com/block.php?r=59.6". The page says that the website I'm trying to access is running a malicious script, even though it really isn't, and suggests that I download Antivirus System PRO. It takes a lot of re-entering the URL of the website I want to access if I want to access a site. Sometimes I can never reach a site due to this fake antivirus page popping up. This is mostly happening with Internet Explorer, I have only seen this happen with Firefox once.

I recognize these symptoms to be related to a trojan affecting csrss.exe. Am I right? I supplied my HijackThis log to paint a better picture.

My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:21 AM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOW... Read more

A:Possible csrss.exe trojan problem?

I'll close this thread now since you're receiving help in another thread.
 

Read other 1 answers
RELEVANCY SCORE 48.4

Hi!

I have .bak file of my SQL database that's need to be restored within the next two hours. My tech support is closed for the wekeend. I will pay for this service if any one is intresting to help me out.

It's need to be done ASAP! Within the next few hours.

Please help me!

Sincerely
Fredrik
Sweden

Please mail me on [email protected] or post it here.
 

Read other answers
RELEVANCY SCORE 48.4

how do i turn on system restore?

A:need help asap (can't turn on system restore)

Control Panel>System> System restore tab. all of the properties for it are under there

Read other 4 answers
RELEVANCY SCORE 48.4

Hi, I love this site and you guys have helped me so much, so first of all, thank you!

Now the bad news.... I got the WIndows Vista Repair virus about a month ago on my Acer PC. At first, it ran all of those warning messages and then it shut down the computer and reloaded as what appeared to be a completely wiped computer. The only icon on the desktop was the Windows Vista Repair. I tried to find programs by searching for a few minutes before trying to shut down (which the virus had also made me incapable of doing), and resorting to popping out the battery to shut it down. I restarted in safe mode with networking and tried to get on this site, but even in safe mode my browser was auto-redirecting me to sales sites. By following instructions for removal on this site, and downloading programs onto a flash drive from a different computer, I was able to get my computer in working order again, although it would still, at times, randomly shut down my internet browser (and the process and amount of time I spent getting it just to that state of operation was ridiculous, much worse than any virus I've EVER had...I can explain what all happened and the steps I took if necessary). A couple of weeks later, I left my computer on while I went to a friend's house for the night, and when I came back in the morning I couldn't get it to unfreeze. I shut it down and for the next two days, every time I tried to turn it on it would just run on a loop, booting up part of the way bu... Read more

A:Computer now completely crashed; started with a WIndows Vista Recovery virus, fixed it, then a couple weeks later it crashed :(

Hello, can you please let me know what version of Windows this is?

Read other 2 answers
RELEVANCY SCORE 48.4

Hello everyone,

I had a little problem with Firefox right now. A few hours ago, I got viruses on my computer from an ad, these viruses made it so I could not open anything such as regedit, system restore, safe mode, IE, Firefox, Malware bytes, etc. After doing some research online, I found the answer to make Malware bytes run and it removed all of the viruses/spyware/malware. The only problem im having now is that Firefox keeps bringing up the "Mozilla Crash Reporter" everytime I open up Firefox, Firefox will NOT open. I did research online and couldn't find the answer and was hoping someone here could help me? Id greatly appreciate it. Im running Windows XP home edition service pack 3. My brother doesn't know about this and I want to fix it ASAP.

Thanks
Raynor7

EDIT: Ok another thing happened, I went online and found a program thats supposed to help me open regedit. I checked a minute ago and the problem with opening regedit is back, the only way I can open it is if I run the program. I opened regedit and I looked at the system restore and it happens to be turning itself off?

Heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:42 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\s... Read more

A:Firefox crashes need help ASAP!!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 48.4

Hello , i dont know if this is the right place to post this , but i have a big problem. I live in the middle of nowere and recently got sattelite internet , and am limmited to 200mb download a day , and need a program to count how much i download every 24 hours , i found one that deals with greasemonkey if anyones familir with it i would love some help.Reply here , or AIM me at bradster101190 , i appreciate it so much.

A:Need firefox/greasemonkey help ASAP

please

Read other 2 answers
RELEVANCY SCORE 48.4

Ok, yesterday I was downloading using a Firefox browser and most of you will know when you download something using a Firefox broswer you get 2 files 'zip file' and something else (random file) on a 'Desktop' when downloading...
Suddenly yesterday my internet disconnected when I was downloading and zip file was there and random file with zip file was there too...
I don't know why but I thought it was unusual and thought it should've been finished downloading so I wanted to know why it was there still because it should be gone when it's finished and only zip file should be on Desktop...
I right clicked on that random file and pressed connect program (C) somehow out of the blue I just changed it to zip file which I should've left it alone and delete it or something...
I don't know why I did it but I did. It was stupid of me to do that but yeah..
I'm not getting any problems after that but I can't get use to it plus I don't like the look.
It's not the old proper look so I'm really hating it...

Random file = A file which downloads with a zip file so there's a zip file and one random which disapears when downloading is finished... I can't explain it proply

So the main thing I want/need help is, how to change it back to normal. I don't know if I made a clear explaination but I hope someone will understand.
 

A:FIREFOX problem. Help asap...

Read other 10 answers
RELEVANCY SCORE 48.4

I've been on here reading lots of posts for a few days and haven't quite found what I'm looking for so I'm posting in hopes of finding a solution.

I have a year and a half old HP Notebook, out of warranty, with an OEM Win 7 (I think 32 bit).
I have the Key off the bottom of the machine.
I did not make back-ups or any Repair or Recovery Disks

About a week a ago my HD crashed and wouldn't boot to anything but the windows logo. I ran all diagnostics available in the BIOS and it determined that the HD was bad. I tried Recovering with the internal Recovery drive/partition and now when I boot I get a screen asking me to Repair Windows or Start normally. If I choose Repair, it goes to a screen with a blue background and white light rays coming in from the top. For a second a window pops up and disappears (It looks like a command line window) and then nothing else happens. There is a functioning mouse arrow on screen, but nothing else and nothing seems to be happening. I've let this sit for hours just in case and nothing happens. If I choose Start normally, it goes to the Win logo screen and tries to start up and within 5 min it goes to the "blue and white light ray screen".

I have assumed that this drive is no longer going to work and have obtained a brand new drive, exactly the same as the original. Now I need to find a way to install this and get it up and running with Win 7. ( I am aware that I can order Recovery Disks from HP and get this done quickly, but right now... Read more

A:I have a Crashed HD and want to restore Win 7 to my new one.

Hello SHazle, welcome to Seven Forums!


There's information at the links below, I'm not sure if that's for the model type HP lappy you have but it will give you some ideas.
Upgrade - install - replace HP laptop HDD - YouTube

Also have a look at this link below for some ideas and be sure to post back with any further questions you may have and to keep us informed.

Clean Install : Factory COA Activation Key

Read other 3 answers
RELEVANCY SCORE 48

Hi, I think the 3 things i posted above are infected with a trojan. One of them is this C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe that i think might be infected but im not sure. Everytime I go on google and try to click on the link I get redirected and kaspersky says something like this:

"4/10/2011 3:50:24 PM CSRSS.EXE Denied: zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447DrXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G (analysis using the database of suspicious URLs) zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447DrXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G URL found in the database"

But i still get redircted.
I have deleted a few trojans with mbam and kaspersky but they seem to just keep respawning right away.
I really need help so anyone that can help please give me any info that you have.
Here is the Hijackthis log when i scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:58 PM, on 4/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Users\Sammy\AppData\Local\Temp\csrss.exe
C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86... Read more

A:csrss.exe conhost.exe dwm.exe trojan virus

Hello sam_man ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.We need to run an OTL Custom ScanPlease download OTL from the link below:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.OTL should now start. Change the following settings:
- Click on Scan All Users checkbox given at the top.Copy and Paste the following code into the textbox.

netsvcs
%systemroot%\system32\*.dll /lockedfiles
Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.tx... Read more

Read other 36 answers
RELEVANCY SCORE 48

Hello,
 
Today on my Nod32 im starting to get this message:
 
csrss.exe a variant of MSIL/Agent.ABP trojan
C:\Users\Name\AppData\Roaming\csrss.exe
- Couldnt clean!
 
But when i go to that folder and scan the csrss.exe, it doesnt show as a threat..
What should i do?

A:Getting csrss.exe as MSIL/Agent.ABP trojan

Welcome aboard  csrss.exe is a legit file but not in "Roaming" folder.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to y... Read more

Read other 9 answers