Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Noticed CSRSS.EXE running in task mgr - is it a virus worm?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Noticed CSRSS.EXE running in task mgr - is it a virus worm?

Unread postby dtheall » August 3rd, 2011, 12:03 pm

I noticed csrss.exe running in my task list. Checked it out and realize it is a valid windows process but could also be used by virus/worms if computer is infected. Some sites say you will see more than one instance, or the exe will be located in Windows not sys32... I only see one instance of this process running and it is in small caps (not all CAPS CSRSS.EXE). I also see that the application is in /system32 but there are files under X86 - I don't know what that is or what it means. Would just like a review of my DDS to ensure I have no infections. Malwarebytes runs clean. Panda says no infections. I am not getting any popups or website redirects. Machine is operating normally. thank you!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by CE USER at 11:50:49 on 2011-08-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1317 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\dlcqcoms.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\CE USER\Downloads\HijackThis.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcqmon.exe] "c:\program files\dell photo aio printer 966\dlcqmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 966\memcard.exe"
mRun: [DLCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCQtime.dll,_RunDLLEntry@16
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: the1st.com\firstremotedeposit
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43AB16-24D3-4DC7-9851-0EA56EC12695} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B68A1825-B1E5-4D1F-A60B-A870D5A234BC} : DhcpNameServer = 24.92.226.11 24.92.226.12
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ce user\appdata\roaming\mozilla\firefox\profiles\8y7ytiwg.default\
FF - component: c:\users\ce user\appdata\roaming\mozilla\firefox\profiles\8y7ytiwg.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ce user\appdata\roaming\mozilla\firefox\profiles\8y7ytiwg.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 126024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143624]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-11 136176]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-11 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.SYS [2007-1-19 54016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-03 13:42:21 388096 ----a-r- c:\users\ce user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-03 13:42:20 -------- d-----w- c:\program files\Trend Micro
2011-08-03 01:28:31 3636788 ----a-w- c:\programdata\SPLBF3C.tmp
2011-08-02 23:28:19 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0783d94f-ff83-4b02-b686-ba450caa0c5a}\mpengine.dll
2011-07-28 14:38:34 -------- d-----w- C:\Downloads
2011-07-28 13:49:19 -------- d-----w- C:\Intel
2011-07-28 13:37:36 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-07-28 13:37:36 45056 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-07-28 13:37:36 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-07-28 13:37:34 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-07-28 13:36:53 -------- d-----w- C:\dell
2011-07-13 17:08:47 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 17:08:47 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 17:08:37 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:08:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 17:08:30 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-09 12:04:51 431304 ----a-w- c:\programdata\SPL7D84.tmp
2011-07-05 10:12:48 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 10:08:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 00:18:55 1927328 ----a-w- c:\programdata\SPLC058.tmp
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-07 11:06:47 44544 ----a-w- c:\windows\system32\agremove.exe
.
============= FINISH: 11:51:49.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/2/2010 7:57:04 PM
System Uptime: 8/3/2011 9:02:14 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0UK439
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 41.78 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.975 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP295: 7/28/2011 9:37:14 AM - Installed RICOH Media Driver ver.2.07.01.04
RP296: 7/28/2011 9:37:43 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP297: 7/28/2011 9:38:10 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP298: 7/28/2011 9:38:37 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP299: 7/28/2011 9:38:59 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP300: 7/28/2011 9:39:49 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP301: 7/28/2011 9:40:14 AM - Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
RP302: 7/29/2011 6:24:03 AM - Windows Update
RP303: 8/1/2011 8:38:41 AM - Scheduled Checkpoint
RP304: 8/2/2011 6:56:49 AM - Scheduled Checkpoint
RP305: 8/2/2011 7:27:51 PM - Windows Update
RP306: 8/3/2011 9:41:45 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BurnAware Free 3.1.3
Byki
Byki Express for CE USER
Carbonite
CCleaner
CintaNotes 1.3
D3DX10
Dell PC Fax
Dell Photo AIO Printer 966
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
Panda Cloud Antivirus
Print to Fax
QuickBooks
QuickBooks Pro 2009
QuickTime
Remote Control USB Driver
RICOH Media Driver ver.2.07.01.04
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype™ 5.0
SpywareBlaster 4.4
SUPERAntiSpyware
SupportSoft Assisted Service
TellerScan Driver v2.7 Certified
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2005 Tools for Office Second Edition Runtime
VoiceOver Kit
Windows Driver Package - Digital Check Corporation (TSUSB2) USB (01/08/2007 1.10.0000)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
8/3/2011 7:58:14 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/3/2011 7:57:41 AM, Error: EventLog [6008] - The previous system shutdown at 6:55:31 AM on 8/3/2011 was unexpected.
8/3/2011 6:49:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
8/3/2011 6:48:39 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 6:48:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/3/2011 6:47:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/3/2011 6:39:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/3/2011 6:39:07 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2011 6:35:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/3/2011 6:13:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
8/3/2011 6:11:08 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The WebClient service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/3/2011 6:11:07 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/3/2011 11:48:19 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
8/1/2011 8:49:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
7/28/2011 8:38:56 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:13 AM on 7/28/2011 was unexpected.
7/28/2011 6:46:18 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KERMIT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4A43AB16-24D3-4DC7-9851-0EA56EC1269. The master browser is stopping or an election is being forced.
7/28/2011 12:21:02 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Product Detail - Compare Page, owned by CE USER, failed to print on printer Dell Photo AIO Printer 966. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 2578000. Number of bytes printed: 0. Total number of pages in the document: 8. Number of pages printed: 3. Client computer: \\CEUSER-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
7/28/2011 10:16:40 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 6:12:56 AM, Error: EventLog [6008] - The previous system shutdown at 6:10:58 AM on 7/27/2011 was unexpected.
.
==== End Of File ===========================
dtheall
Regular Member
 
Posts: 85
Joined: November 12th, 2007, 7:14 pm
Advertisement
Register to Remove

Re: Noticed CSRSS.EXE running in task mgr - is it a virus wo

Unread postby deltalima » August 8th, 2011, 4:19 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Noticed CSRSS.EXE running in task mgr - is it a virus wo

Unread postby deltalima » August 8th, 2011, 4:34 pm

Hi dtheall,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

I see you are using

QuickBooks Pro 2009


Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Noticed CSRSS.EXE running in task mgr - is it a virus wo

Unread postby dtheall » August 9th, 2011, 7:38 am

You can close this out. I don't think the machine is infected. thanks!
dtheall
Regular Member
 
Posts: 85
Joined: November 12th, 2007, 7:14 pm

Re: Noticed CSRSS.EXE running in task mgr - is it a virus wo

Unread postby deltalima » August 9th, 2011, 9:06 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware