Tech Support Forum - View Single Post - Very Slow Computer

jacob2932 · 08-10-2006, 04:56 PM

I tried to delete csrss and got this message:

Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.

Then it said :

Unable to delete the file:
04 - Startup: csrss.lnk = ?

The file may be in use. Use Task Manager to shutdown the program and run HijackThis again to delete the file.

I went to shutdown csrss.exe from the task manager, and got this message:

This is a critical system process. Task Manager cannot end this process.

Heres the ComboFix Log:

Start Time= Tue 08/08/2006 5:46:27.70
Running from: C:\Documents and Settings\Administrator\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-08 05:42:36 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Macromedia"
2006-08-08 05:39:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla"
2006-08-08 05:37:24 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\ATI"
2006-08-08 05:37:14 ( .DS.. ) "C:\Documents and Settings\Administrator\Application Data\Microsoft"
2006-08-08 05:37:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Zero Knowledge"
2006-08-08 05:36:54 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AVG7"
2006-08-08 05:36:10 ( .D... ) "C:\Program Files\Web Publish"
2006-08-05 18:59:14 ( AD... ) "C:\Program Files\Windows Media Player"
2006-08-05 18:57:38 ( .D... ) "C:\Program Files\avi2divx"
2006-08-05 12:59:22 ( .D... ) "C:\Program Files\ImTOO"
2006-07-29 12:49:56 ( .D... ) "C:\Program Files\SpywareGuard"
2006-07-29 12:49:52 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-29 12:47:32 ( .D... ) "C:\Program Files\QuickTime"
2006-07-29 12:44:22 ( AD... ) "C:\Program Files\MSN Messenger"
2006-07-29 12:42:54 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-07-29 12:39:02 ( .D... ) "C:\Program Files\Microsoft AntiSpyware"
2006-07-29 12:19:42 ( AD... ) "C:\Program Files\Internet Explorer"
2006-07-29 12:11:46 ( .D... ) "C:\Program Files\Google"
2006-07-29 12:11:22 ( AD... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-28 23:12:20 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-26 18:17:16 ( AD... ) "C:\Program Files\iolo"
2006-07-26 18:00:50 ( AD... ) "C:\Program Files\Lemonade Tycoon 2"
2006-07-26 17:48:08 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-07-26 00:08:12 ( .D... ) "C:\Program Files\Sony Pictures Games"
2006-07-25 18:44:06 ( .D... ) "C:\Program Files\Viewpoint"
2006-07-25 18:36:04 ( .D... ) "C:\Program Files\Azureus"
2006-07-25 06:14:50 ( .D... ) "C:\Program Files\Messenger Plus! 3"
2006-07-24 19:55:30 ( .D... ) "C:\Program Files\Diner Dash 2"
2006-07-24 14:44:16 ( .D... ) "C:\Program Files\Cake Mania"
2006-07-23 09:31:30 ( .D... ) "C:\Program Files\Zvsrul"
2006-07-22 15:59:16 ( AD... ) "C:\Program Files\Grisoft"
2006-07-11 21

42 ( .D... ) "C:\Program Files\Corel"
2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys"
2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys"
2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys"
2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys"
2006-07-11 20:04:20 ( .D... ) "C:\Program Files\Free Download Manager"
2006-07-11 20:03:08 ( .D... ) "C:\Program Files\Paint Express"
2006-07-11 20:02:40 ( .D... ) "C:\Program Files\AKVIS"
2006-07-11 19:09:42 ( .D... ) "C:\Program Files\AutoSave"
2006-06-27 15:18:26 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-06-27 15:16:38 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-06-27 15:16:38 ( .D... ) "C:\Program Files\Infogrames Interactive"
2006-05-19 05:18:24 136976 ( A.... ) "C:\WINNT\system32\dnsapi.dll"
2006-05-19 05:18:24 89872 ( A.... ) "C:\WINNT\system32\DHCPCSVC.DLL"
2006-05-19 05:18:24 68368 ( A.... ) "C:\WINNT\system32\IPHLPAPI.DLL"
2005-02-11 12:52:04 298 ( A.... ) "C:\Program Files\INSTALL.LOG"
2003-08-05 07:08:58 21952 ( ...H. ) "C:\Program Files\folder.htt"
2003-08-05 07:08:58 271 ( ...H. ) "C:\Program Files\desktop.ini"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-05 18:59 82,432 C:\WINNT\system32\drmstor.dll
2006-08-05 18:59 301,712 C:\WINNT\system32\drmclien.dll
2006-07-29 11:27 73,728 C:\WINNT\system32\asuninst.exe
2006-07-29 11:27 11,776 C:\WINNT\system32\ZPORT4AS.dll
2006-07-23 04:39 127,208 C:\WINNT\system32\mucltui.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPAIO_PrintFolderMgr"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\hpoopm07.exe"
"Logitech Utility"="Logi_MwX.Exe"
"Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HPHmon04"="C:\\WINNT\\system32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"Synchronization Manager"="mobsync.exe /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00002002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

Contents of the 'Scheduled Tasks' folder

Completion time: Tue 08/08/2006 5:48:44.99
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

08-10-2006, 04:56 PM	#11 (permalink)
jacob2932 Registered User Join Date: Jul 2006 Posts: 32 OS: XP Home	I tried to delete csrss and got this message: Unexpected error occurred! Error #52 (Bad file name or number) in Sub GetLongPath(?.exe). Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have. This message has been copied to your clipboard. Then it said : Unable to delete the file: 04 - Startup: csrss.lnk = ? The file may be in use. Use Task Manager to shutdown the program and run HijackThis again to delete the file. I went to shutdown csrss.exe from the task manager, and got this message: This is a critical system process. Task Manager cannot end this process. Heres the ComboFix Log: Start Time= Tue 08/08/2006 5:46:27.70 Running from: C:\Documents and Settings\Administrator\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-08 05:42:36 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Macromedia" 2006-08-08 05:39:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla" 2006-08-08 05:37:24 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\ATI" 2006-08-08 05:37:14 ( .DS.. ) "C:\Documents and Settings\Administrator\Application Data\Microsoft" 2006-08-08 05:37:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Zero Knowledge" 2006-08-08 05:36:54 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AVG7" 2006-08-08 05:36:10 ( .D... ) "C:\Program Files\Web Publish" 2006-08-05 18:59:14 ( AD... ) "C:\Program Files\Windows Media Player" 2006-08-05 18:57:38 ( .D... ) "C:\Program Files\avi2divx" 2006-08-05 12:59:22 ( .D... ) "C:\Program Files\ImTOO" 2006-07-29 12:49:56 ( .D... ) "C:\Program Files\SpywareGuard" 2006-07-29 12:49:52 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-07-29 12:47:32 ( .D... ) "C:\Program Files\QuickTime" 2006-07-29 12:44:22 ( AD... ) "C:\Program Files\MSN Messenger" 2006-07-29 12:42:54 ( .D... ) "C:\Program Files\Mozilla Firefox" 2006-07-29 12:39:02 ( .D... ) "C:\Program Files\Microsoft AntiSpyware" 2006-07-29 12:19:42 ( AD... ) "C:\Program Files\Internet Explorer" 2006-07-29 12:11:46 ( .D... ) "C:\Program Files\Google" 2006-07-29 12:11:22 ( AD... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-28 23:12:20 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-26 18:17:16 ( AD... ) "C:\Program Files\iolo" 2006-07-26 18:00:50 ( AD... ) "C:\Program Files\Lemonade Tycoon 2" 2006-07-26 17:48:08 ( .D... ) "C:\Program Files\ReflexiveArcade" 2006-07-26 00:08:12 ( .D... ) "C:\Program Files\Sony Pictures Games" 2006-07-25 18:44:06 ( .D... ) "C:\Program Files\Viewpoint" 2006-07-25 18:36:04 ( .D... ) "C:\Program Files\Azureus" 2006-07-25 06:14:50 ( .D... ) "C:\Program Files\Messenger Plus! 3" 2006-07-24 19:55:30 ( .D... ) "C:\Program Files\Diner Dash 2" 2006-07-24 14:44:16 ( .D... ) "C:\Program Files\Cake Mania" 2006-07-23 09:31:30 ( .D... ) "C:\Program Files\Zvsrul" 2006-07-22 15:59:16 ( AD... ) "C:\Program Files\Grisoft" 2006-07-11 2142 ( .D... ) "C:\Program Files\Corel" 2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys" 2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys" 2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys" 2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys" 2006-07-11 20:04:20 ( .D... ) "C:\Program Files\Free Download Manager" 2006-07-11 20:03:08 ( .D... ) "C:\Program Files\Paint Express" 2006-07-11 20:02:40 ( .D... ) "C:\Program Files\AKVIS" 2006-07-11 19:09:42 ( .D... ) "C:\Program Files\AutoSave" 2006-06-27 15:18:26 ( .D... ) "C:\Program Files\GameSpy Arcade" 2006-06-27 15:16:38 ( .D.H. ) "C:\Program Files\InstallShield Installation Information" 2006-06-27 15:16:38 ( .D... ) "C:\Program Files\Infogrames Interactive" 2006-05-19 05:18:24 136976 ( A.... ) "C:\WINNT\system32\dnsapi.dll" 2006-05-19 05:18:24 89872 ( A.... ) "C:\WINNT\system32\DHCPCSVC.DLL" 2006-05-19 05:18:24 68368 ( A.... ) "C:\WINNT\system32\IPHLPAPI.DLL" 2005-02-11 12:52:04 298 ( A.... ) "C:\Program Files\INSTALL.LOG" 2003-08-05 07:08:58 21952 ( ...H. ) "C:\Program Files\folder.htt" 2003-08-05 07:08:58 271 ( ...H. ) "C:\Program Files\desktop.ini" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-05 18:59 82,432 C:\WINNT\system32\drmstor.dll 2006-08-05 18:59 301,712 C:\WINNT\system32\drmclien.dll 2006-07-29 11:27 73,728 C:\WINNT\system32\asuninst.exe 2006-07-29 11:27 11,776 C:\WINNT\system32\ZPORT4AS.dll 2006-07-23 04:39 127,208 C:\WINNT\system32\mucltui.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HPAIO_PrintFolderMgr"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\hpoopm07.exe" "Logitech Utility"="Logi_MwX.Exe" "Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "HPHmon04"="C:\\WINNT\\system32\\hphmon04.exe" "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\"" "Synchronization Manager"="mobsync.exe /logon" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00002002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "internat.exe"="internat.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Contents of the 'Scheduled Tasks' folder Completion time: Tue 08/08/2006 5:48:44.99 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt