Duplicate csrss.exe - assistance?
Closed
TiffLO
Posts
2
Registration date
Tuesday October 16, 2012
Status
Member
Last seen
October 16, 2012
-
Oct 16, 2012 at 03:50 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 17, 2012 at 05:44 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 17, 2012 at 05:44 AM
Related:
- Duplicate csrss.exe - assistance?
- How to duplicate a google doc - Guide
- How to avoid duplicate records in sql select query - Guide
- Why does itunes duplicate songs - Guide
- Odir outlook duplicate items remover - Download - Email
- Dell support assistance - Download - Cleaning and optimization
3 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Oct 16, 2012 at 03:56 PM
Oct 16, 2012 at 03:56 PM
Hello Tiffany,
If you wish more wonderful I require a system log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the url and post it here.
Best regards
Ambucias
Kioskea Moderator and Security Contributor
If you wish more wonderful I require a system log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon allows to change the language.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the screwdriver icon and ensure all of the items are checked.
6. Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the url and post it here.
Best regards
Ambucias
Kioskea Moderator and Security Contributor
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Oct 17, 2012 at 05:19 AM
Oct 17, 2012 at 05:19 AM
Hi Tiff,
Please stand-by, this may take time as I have hundreds of lines to look at.
Catch you later
Please stand-by, this may take time as I have hundreds of lines to look at.
Catch you later
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,168
Oct 17, 2012 at 05:44 AM
Oct 17, 2012 at 05:44 AM
Tiffany,
Sorry to see you have McAfee, you have all of my compassion, it gave you a fake alert.
However, no wonder your machine is getting slow, there is multiple adware munching on your RAM, ie Adware.Zugo, IMBooster, freeze.com, rewards arcade, freecorder, ask & record, blekkosearch.mystart. etc.
ZHP Diag created on you desktop ZHP Fix, please launch it and click on the big H
Copy and paste the following lines in the window:
O42 - Logiciel: Freecorder Toolbar - (.Unknown owner.) [HKLM][64Bits] -- freecordertoolbar => Toolbar.Conduit
[HKCU\Software\Ask&Record] => Toolbar.Agent
[HKCU\Software\Freecorder] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\Freecorder] => Toolbar.Conduit
O43 - CFD: 8/27/2011 - 12:52:50 PM - [8.961] ----D C:\Program Files (x86)\Freecorder => Toolbar.Conduit
O43 - CFD: 1/6/2012 - 12:40:28 PM - [0.152] ----D C:\Users\Tiffany\AppData\Local\APN => Toolbar.eBay
O43 - CFD: 8/27/2011 - 12:52:50 PM - [8.961] ----D C:\Program Files (x86)\Freecorder => Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis => Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] => Toolbar.Agent
[HKCU\Software\Ask&Record] => Toolbar.Agent
C:\Program Files (x86)\Freecorder => Toolbar.Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder => Toolbar.Conduit
O2 - BHO: (no name) [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} Orphean Key
O2 - BHO: (no name) [64Bits] - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} Orphean Key => Orphean Key not necessary
O2 - BHO: (no name) [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Orphean Key => Orphean Key not necessary
O2 - BHO: (no name) [64Bits] - {E71596B0-A83B-453D-82C1-4BE99947C65F} Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Users\Tiffany\Desktop\Verizon V CAST Media Manager.lnk . (...) -- C:\Program Files (x86)\Verizon V CAST Media Manager\verizon.exe (.not file.) => Fichier absent
[HKLM\Software\Wow6432Node\Amazon]
O43 - CFD: 10/2/2011 - 2:41:28 PM - [5.227] ----D C:\Program Files (x86)\Amazon
O43 - CFD: 10/2/2011 - 2:41:48 PM - [0.268] ----D C:\ProgramData\Amazon
O43 - CFD: 9/6/2011 - 12:19:30 AM - [0.010] ----D C:\Users\Tiffany\AppData\Roaming\Amazon
O43 - CFD: 11/12/2011 - 11:19:04 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{025528FB-4189-45E1-861F-6C6774CBC15F} => Empty Folder not necessary
O43 - CFD: 11/3/2011 - 9:31:00 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{3F976352-3777-43CA-ADD8-D2D43E95FD14} => Empty Folder not necessary
O43 - CFD: 12/16/2011 - 11:29:52 AM - [0] ----D C:\Users\Tiffany\AppData\Local\{5A0277E8-9F42-4C8D-BB88-C659189955FC} => Empty Folder not necessary
O43 - CFD: 11/3/2011 - 9:30:38 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{737FC652-6DB3-479D-9115-78F445D8DF05} => Empty Folder not necessary
O43 - CFD: 9/4/2011 - 4:26:40 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{78911662-AF8B-433D-AB42-CAF4EB927FC9} => Empty Folder not necessary
O43 - CFD: 9/22/2012 - 11:08:57 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{8B5DD237-9720-4598-9966-D73E794B4A4A} => Empty Folder not necessary
O43 - CFD: 9/5/2011 - 1:32:11 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{A3CB7231-BA5B-4093-96A8-AB9BAF742753} => Empty Folder not necessary
O43 - CFD: 10/2/2011 - 2:41:28 PM - [5.227] ----D C:\Program Files (x86)\Amazon
O51 - MPSK:{c3bb2625-e290-11e0-8ffd-ac72893a957a}\AutoRun\command. (...) -- F:\TLBootstrap_WPP.exe (.not file.) O51 - MPSK:{d8eaf8e3-d6b1-11e0-9e33-ac72893a957a}\AutoRun\command. (...) -- E:\TL-Bootstrap.exe (.not file.)
O87 - FAEL: "{EEB38903-F32A-48EB-A7FD-2172F0FF8EC7}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\dell stage\musicstage\musicstageengine.exe (.not file.) => Fichier absent
O87 - FAEL: "{3E5928DE-0376-45E8-A082-0EE87E854EE3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe (.not file.) => Fichier absent
O87 - FAEL: "{39D9434A-8AE6-4221-BEB3-19C51632E0BC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe (.not file.) => Fichier absent
O87 - FAEL: "{B0E96720-78C7-4252-99B8-AA11A5E76106}" |In - Private - P6 - TRUE | .(...) -- D:\Common\EpsonNet Setup\ENEasyApp.exe (.not file.) => Fichier absent
O87 - FAEL: "{8A4C6B20-6986-4B84-83DD-887759421817}" |In - Private - P17 - TRUE | .(...) -- D:\Common\EpsonNet Setup\ENEasyApp.exe (.not file.) => Fichier absent
[HKCU\Software\Zugo] => Infection Diverse (Adware.Zugo)
[HKLM\Software\Wow6432Node\Freeze.com]
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Blekko) - https://blekkosearch.mystart.com/ [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] => Infection BT [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] [HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] [HKLM\Software\Wow6432Node\freeze.com]
Now click on GO and close ZHP Fix
Last but not least:
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace. (I baked apple pie and roasted a 18 pound turkey!)
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Let me know how your machine is performing.
Sorry to see you have McAfee, you have all of my compassion, it gave you a fake alert.
However, no wonder your machine is getting slow, there is multiple adware munching on your RAM, ie Adware.Zugo, IMBooster, freeze.com, rewards arcade, freecorder, ask & record, blekkosearch.mystart. etc.
ZHP Diag created on you desktop ZHP Fix, please launch it and click on the big H
Copy and paste the following lines in the window:
O42 - Logiciel: Freecorder Toolbar - (.Unknown owner.) [HKLM][64Bits] -- freecordertoolbar => Toolbar.Conduit
[HKCU\Software\Ask&Record] => Toolbar.Agent
[HKCU\Software\Freecorder] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\Freecorder] => Toolbar.Conduit
O43 - CFD: 8/27/2011 - 12:52:50 PM - [8.961] ----D C:\Program Files (x86)\Freecorder => Toolbar.Conduit
O43 - CFD: 1/6/2012 - 12:40:28 PM - [0.152] ----D C:\Users\Tiffany\AppData\Local\APN => Toolbar.eBay
O43 - CFD: 8/27/2011 - 12:52:50 PM - [8.961] ----D C:\Program Files (x86)\Freecorder => Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis => Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] => Toolbar.Agent
[HKCU\Software\Ask&Record] => Toolbar.Agent
C:\Program Files (x86)\Freecorder => Toolbar.Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder => Toolbar.Conduit
O2 - BHO: (no name) [64Bits] - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} Orphean Key
O2 - BHO: (no name) [64Bits] - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} Orphean Key => Orphean Key not necessary
O2 - BHO: (no name) [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Orphean Key => Orphean Key not necessary
O2 - BHO: (no name) [64Bits] - {E71596B0-A83B-453D-82C1-4BE99947C65F} Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Users\Tiffany\Desktop\Verizon V CAST Media Manager.lnk . (...) -- C:\Program Files (x86)\Verizon V CAST Media Manager\verizon.exe (.not file.) => Fichier absent
[HKLM\Software\Wow6432Node\Amazon]
O43 - CFD: 10/2/2011 - 2:41:28 PM - [5.227] ----D C:\Program Files (x86)\Amazon
O43 - CFD: 10/2/2011 - 2:41:48 PM - [0.268] ----D C:\ProgramData\Amazon
O43 - CFD: 9/6/2011 - 12:19:30 AM - [0.010] ----D C:\Users\Tiffany\AppData\Roaming\Amazon
O43 - CFD: 11/12/2011 - 11:19:04 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{025528FB-4189-45E1-861F-6C6774CBC15F} => Empty Folder not necessary
O43 - CFD: 11/3/2011 - 9:31:00 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{3F976352-3777-43CA-ADD8-D2D43E95FD14} => Empty Folder not necessary
O43 - CFD: 12/16/2011 - 11:29:52 AM - [0] ----D C:\Users\Tiffany\AppData\Local\{5A0277E8-9F42-4C8D-BB88-C659189955FC} => Empty Folder not necessary
O43 - CFD: 11/3/2011 - 9:30:38 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{737FC652-6DB3-479D-9115-78F445D8DF05} => Empty Folder not necessary
O43 - CFD: 9/4/2011 - 4:26:40 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{78911662-AF8B-433D-AB42-CAF4EB927FC9} => Empty Folder not necessary
O43 - CFD: 9/22/2012 - 11:08:57 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{8B5DD237-9720-4598-9966-D73E794B4A4A} => Empty Folder not necessary
O43 - CFD: 9/5/2011 - 1:32:11 PM - [0] ----D C:\Users\Tiffany\AppData\Local\{A3CB7231-BA5B-4093-96A8-AB9BAF742753} => Empty Folder not necessary
O43 - CFD: 10/2/2011 - 2:41:28 PM - [5.227] ----D C:\Program Files (x86)\Amazon
O51 - MPSK:{c3bb2625-e290-11e0-8ffd-ac72893a957a}\AutoRun\command. (...) -- F:\TLBootstrap_WPP.exe (.not file.) O51 - MPSK:{d8eaf8e3-d6b1-11e0-9e33-ac72893a957a}\AutoRun\command. (...) -- E:\TL-Bootstrap.exe (.not file.)
O87 - FAEL: "{EEB38903-F32A-48EB-A7FD-2172F0FF8EC7}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\dell stage\musicstage\musicstageengine.exe (.not file.) => Fichier absent
O87 - FAEL: "{3E5928DE-0376-45E8-A082-0EE87E854EE3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe (.not file.) => Fichier absent
O87 - FAEL: "{39D9434A-8AE6-4221-BEB3-19C51632E0BC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe (.not file.) => Fichier absent
O87 - FAEL: "{B0E96720-78C7-4252-99B8-AA11A5E76106}" |In - Private - P6 - TRUE | .(...) -- D:\Common\EpsonNet Setup\ENEasyApp.exe (.not file.) => Fichier absent
O87 - FAEL: "{8A4C6B20-6986-4B84-83DD-887759421817}" |In - Private - P17 - TRUE | .(...) -- D:\Common\EpsonNet Setup\ENEasyApp.exe (.not file.) => Fichier absent
[HKCU\Software\Zugo] => Infection Diverse (Adware.Zugo)
[HKLM\Software\Wow6432Node\Freeze.com]
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Blekko) - https://blekkosearch.mystart.com/ [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] => Infection BT [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] [HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] [HKLM\Software\Wow6432Node\freeze.com]
Now click on GO and close ZHP Fix
Last but not least:
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace. (I baked apple pie and roasted a 18 pound turkey!)
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Let me know how your machine is performing.
Oct 16, 2012 at 07:22 PM
Let the awesomeness begin.
https://authentification.site/bvG6H/ZHPDiagTLO-Oct-16.txt
[code]http://speedy.sh/bvG6H/ZHPDiagTLO-Oct-16.txt/code
(not sure which you need).
I had just disabled a few minutes ago some ridiculous files that launch at startup that I can't seem to uninstall (like the stupid verizon vcast one).
Does this work?
Thanks again!!
-Tiffany