[Resolved] csrssc.exe and other problems

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] csrssc.exe and other problems

Options

KathyB View Member Profile	May 12 2008, 11:13 PM Post #1
Authentic Member Group: Authentic Member Posts: 26 Joined: 12-May 08 From: near St Louis, MO Member No.: 79,008 Operating System: Win XP SP2	Dear Savvy Techs :-) I somehow got the virus. When I realized the computer was hosed I went out and purchased Trend Internet Security 2008. It finally loaded and scanned but I still have virus issues. Internet explorer kept opening unwanted windows so I downloaded firefox. I ran the hijjack log while in Safe mode. Your assistance would be greatly appreciated. Kat Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:45 PM, on 5/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\drivers\spools.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Kathleen Monique.YOUR-4DACD0EA75\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\KATHLE~1.YOU\LOCALS~1\Temp\winlogan.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Kathleen Monique.YOUR-4DACD0EA75\cftmon.exe O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [73bc44f8] rundll32.exe "C:\WINDOWS\system32\hdbtaicj.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\KATHLE~1.YOU\LOCALS~1\Temp\winlogan.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Kathleen Monique.YOUR-4DACD0EA75\cftmon.exe O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\KATHLE~1.YOU\LOCALS~1\Temp\csrssc.exe O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user') O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181538615337 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181969628250 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {b7d07999-2adb-4aeb-997e-f61cb7b2e2cd} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{39353CF2-E306-4E98-908C-8583966C496D}: NameServer = 85.255.114.40,85.255.112.134 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.114.40,85.255.112.134 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.40 85.255.112.134 O17 - HKLM\System\CS1\Services\Tcpip\..\{34D4AE2D-0B75-4166-8727-548F8D517A49}: NameServer = 85.255.114.40,85.255.112.134 O21 - SSODL: mpfanvqg - {A9A9B2A5-8A50-4C4F-A395-AD905D31A0B1} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {4B4AEF35-A6ED-44F9-BAB8-1A503F485C74} - C:\WINDOWS\vbksrofa.dll O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: Trend Micro Central Control Component (sfctlcom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (tmbmserver) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (tmpfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 10152 bytes

Posts in this topic

KathyB [Resolved] csrssc.exe and other problems May 12 2008, 11:13 PM

mschroe919 Hi KathyB Welcome to the What the tech Forums My ... May 12 2008, 11:49 PM

KathyB Hope I did this right. :-) Am now working on th... May 13 2008, 05:14 AM

KathyB Is there a reason we are not using Trend Micro Hij... May 13 2008, 05:16 AM

KathyB Malwarebytes starts scanning and finds at least 71... May 13 2008, 05:39 AM

KathyB Hello Mschroe919! :-) I got a Malwarebyte ... May 13 2008, 06:24 AM

mschroe919 Hi KathyB QUOTE Is there a reason we are not using... May 13 2008, 06:49 AM

mschroe919 When you ran the Malwarebytes' Anti-Malware D... May 13 2008, 07:00 AM

KathyB Good Morning Mschroe919! :-) Thanks so much f... May 13 2008, 07:06 AM

KathyB Logfile of Trend Micro HijackThis v2.0.2 Scan save... May 13 2008, 07:12 AM

mschroe919 Hi KathyB FIRST: Make sure Internet Explorer isn... May 13 2008, 08:40 AM

KathyB I have to go to work now, I will be back after 11P... May 13 2008, 10:58 AM

KathyB Computer is acting better but is still slow. Log... May 13 2008, 11:30 PM

mschroe919 Hi KathyB Hope you didn't work too hard. NEXT... May 14 2008, 12:55 AM

KathyB Good Morning Mschroe919, After completing your la... May 14 2008, 07:01 AM

KathyB Please check this log and see if it looks OK. I j... May 14 2008, 07:27 AM

mschroe919 Hi Can you get it by typing taskmgr in the run box... May 14 2008, 08:25 AM

KathyB typing taskmgr still brings up a pop up window tha... May 14 2008, 10:37 AM

KathyB in fact I just checked again by switching to the H... May 14 2008, 10:43 AM

mschroe919 Hi Did you try going to control pannel and clicki... May 14 2008, 11:03 AM

KathyB Yes, I went to the admin account. I checked to ma... May 14 2008, 11:27 AM

mschroe919 Hi lets try this: Click Start, Run and type this... May 14 2008, 12:07 PM

KathyB I tried the first suggestion: Click Start, Run and... May 14 2008, 12:13 PM

mschroe919 Hi, Overwrite ok Y Then if that don't do try ... May 14 2008, 01:08 PM

KathyB It worked I can't thank you enough for all o... May 14 2008, 01:20 PM

mschroe919 Hi KathyB Your welcome, your thanks does me good.... May 14 2008, 02:46 PM

KathyB QUOTE (mschroe919 @ May 14 2008, 03:46 PM... May 14 2008, 05:49 PM

KathyB I forgot, I noticed Trend Internet Security is not... May 14 2008, 06:05 PM

mschroe919 Hi Trend Internet Security is a recomended one as... May 14 2008, 06:57 PM

KathyB OK, Will do that when I get home tonight after 11P... May 14 2008, 08:41 PM

mschroe919 Hi I was looking over your log and it seems to ha... May 14 2008, 08:31 PM

mschroe919 No you don't, but I am sorry for the extra tro... May 14 2008, 09:02 PM

KathyB Thanks for the help! Here are the files reque... May 14 2008, 11:23 PM

mschroe919 Hi KathyB Did find a few hidden bad ones. NEXT: 1.... May 15 2008, 07:28 AM

KathyB Okay, here's the latest and greatest info. ... May 15 2008, 02:52 PM

KathyB Disregard the last post.... I didn't read the ... May 15 2008, 02:55 PM

KathyB Never mind the never mind..... I read it correctly... May 15 2008, 04:13 PM

mschroe919 Hi KathyB, Sorry I am getting back so late. We had... May 15 2008, 10:59 PM

KathyB I'm sorry to hear about your loss of a loved o... May 16 2008, 12:57 AM

mschroe919 RE: [Resolved] csrssc.exe and other problems May 16 2008, 04:23 AM

mschroe919 Since this issue appears to be resolved ... this T... May 17 2008, 08:46 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] Computer infected/browser problems	7	Helpless Oldie	143	Today, 03:09 AM Last post by: CatByte
Infections Removal [Resolved] Something big.	5	ajones	105	Today, 02:10 AM Last post by: oldman960
Infections Removal [Resolved] Infected with something	11	pacificjade	124	Yesterday, 05:00 PM Last post by: LDTate
Infections Removal [Resolved] Pesky Virus - Need help to be sure it is removed	7	3streamMusic	166	Yesterday, 02:39 PM Last post by: LDTate