Big PROBLEM_ Process CSRSS.exe_ CPU Usage too High

Send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.

Hi guys, thanks for your suggestions, i will try them right now.

Please, excuse me for the next dumb questions ..., so i can keep going with the Solutions:

1-How do I paste here the Hijackthis?  just copy paste?
2-How do i paste or attach some image file? a print screen so you can see?  
3- Regarding r-k suggestion on a)  Log in as different user... I only have one user account. Will i need to create a new one right now? or if the problem is a corrupted user profile and i create a new one it will also be corrupted?

- There are 2 options here that say "Attach Code Snippet" which i have no idea what it is, and "attach File" i am guessing here is where i can attach my Printscreen image?? (Sorry this is my second week on Experts Exchange..)

I also have 2 photos of a problem that happened to me some days ago (blue screen...), perhaps that is when everything started, but i am not sure..  Just let me know how do i attach them...  

1. Yes, you can copy-and-paste for the HJT log, because it is just all text.

2. Capture the screen, paste it into some image editing program (like Paint), then save it as a jpg or bmp. Then you can use the "attach file" option to attach the image file.

3. Yes, you can create a new username (name it Test e.g.) just for testing as I suggested. You can alsways delete that new user later.

"Attach code snippet" is basically for attaching text, so that's another way to attach your HJT log.

Or save the HijackThis log to a text file and upload it using the "Attach File" option.

Hi again, i have tried everything you suggested, i still have the problem but i will answer according to your suggestions:

(a) log-in as a different user:
_ The problem persists in other Guest account or administrator account.  However if I restart my computer on SAFE MODE, the CPU Usage and Processes look normal.

(b) Disable any AV program or anything else unnecessary and see if that helps:
_I did it and does not solve the problem

(c) Run Process Explorer... if it shows CPU  time being used by "Interrupts" then there might be a hardware problem:
_I am attaching a Print Screen with Process Explorer.  However how do i know if the CPU Time is being used by interrupts??.... Is it on the first column wher it contains a line called INTERRUPTS, and under the 3rd column "CPU", variable numbers appear, changing form  0.76 to 1.52  , or 2.27, etc...

(d) Scan your system for malware.
 (d.1) RootkitRevealer
 (d.2) Run HJT
_ I did this and i am attaching 2 txt files for both.

I also runned a little program called CCLEANER v1.39.502, and under the ISSUES Tab, under REGISTRY INTEGRITY, a lot of things appeared, mostly " missing Shared DLL" and other stuff... I don't know if these is helpful but i am attaching also a Print screen for CCLEANER (i don't know how to save a Txt file from this...

IMPORTANT NOTES:
- Again, the processes that are going a little crazy with CPU Usage are:
 csrss.exe, nvsvc32.exe , spoolsv.exe , and just a little: svchost.exe

- In My computer specs i forgot to mention my video card:  Geforce 7900 GS

- I have been worknig on HEAVY (ram) 3d projects, which sometimes go above the 2 Gb PF USAGE

- To be able to work this projects without crashes i did a XP tweak, called the 3GB Switch, for those who are not familiar here is the link:
 http://usa.autodesk.com/adsk/servlet/ps/item?siteID=123112&id=9729516&linkID=9240697
or
http://msdn.microsoft.com/en-us/library/ms791558.aspx

I Have been using the 3gb switch without a problem for a year now... but i mention this just in case you think that working with Heavy Projects might have caused the problem....

Something did not work when you tried to attach the files. Can you try that again, thanks.

Please read the previous comment. Here are the attached files for everything you asked for and more..

Please take note that the Two Photos from my monitor that i attached might have no relation to the problem, i just put them "just in case..." That blue screen happened 2 weeks ago when my computer crashed while working on a 3d project..
01-Process-Explorer-Print-Screen.jpg
02-RootkitReveal-unrinoceronte-J.txt
03-hijackthis-unrinoceronte-June.log
04-CCleaner-Print-Screen.jpg
05-Photo-A-2-weeks-ago-May-28.jpg
06-Photo-B-2-weeks-ago-June-1.jpg

Your HijackThis log seems clean. Maybe it's a hardware problem. Did you check your event viewer for any related errors?

How do i check EVENT VIEWER??   sorry i am a newbie in this area...!

Ok, i found out how to use the Event Viewer,  thanks also orangutang for this. There are TONS of ERRORS!! both in "Application" and on "SYSTEM" , but more on SYSTEM.

Will it be useful if I attach here the Event Viewer List for you to check it out??   There is an option that says Expor List, and i can save as an TXT...

Any comment on my other attachments in Previous comments?  Process Explorer, RootkitRevealer, Ccleaner???

No, just tell us the most common errors in the "System" section that you think might be related to your problem.

Ok, This are the most common errors, but i dont have any idea what they mean.:

a) Source: EVENTLOG _ A driver packet received from the I/O subsystem was invalid.  The data is the packet.

b) Source: SR _ The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.

c) Source: SIDEbySIDE (THERE are over 200 consecutive Errors from this in each of the following dates: June 5, June 6 and June 10!!!)   There are mostly 3 kinds of error messages saying this:

- Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully.

But each error varies on the name of the .DLL

- Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service.

-Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy" on line 0.

also from SidebySide:

-Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free


There are also a lot of WARNINGS on a Yellow triangle...

Ok , hope this gives a hint on my problem...

The RootkitRevealer log is clean. I think we can rule out malware.

Based on what you sent so far, I am starting to suspect a problem with the video card or driver, or possibly the hard drive.

Can you do a screen capture of the Event Viewer sections that show many errors and post it here.

Thanks.

Our messages crossed. Are the above errors from the System log, or the Application log? Can you also mention the error numbers.
Can you post some of the errors from the System log, along with event ID numbers. Thanks.

Here are the EVENT Viewer Screen Captures on a Zip file. I took a lot of them, but since there are many errors by the Source Sidebyside, i did not capture them all...

And how about a problem with the RAM memory? is it possible... i am just guessing, since what i have been doing all these days is work on heavy 3D projects..

Just a tought regarding the Hardrive: i mostly save and use  files from an external Harddrive for my work, I do not save many things on the local HD... Since my laptop has a small HD (80 gigs)  And also i dont move my laptop because is a 17 inch, only on rare occations for a meeting...


EVENT-VIEWER-Screen-Captures.zip

R-K, the above errors are from the System Log.  

In the Screen captures above appers the Event ID number, is this what you are asking me for?  hope it is, if not let me know and i do it.

Yes, the screen captures should be useful. I have to run but will be checking a bit later.
Thanks for the additional info.

Thanks to you guys! i will be patiently waiting for your responses.

thanks really.

unrinoceronte

Well, during this time it seems that I have managed to solve my problem!!!

The process that was causing all the trouble was  NVSVC32.EXE , after reading what R-K said about it probably being a VIDEO Card or Driver problem, i checked on the internet what this Nvsvc32.exe process did, so I Ended the process in Task Manager, and inmediately all my problems Dissapeared!

The other processes that where going crazy on CPU usage stopped doing that.   So i decided to go into SAFE MODE and Uninstalled NVIDIA Video DRIVERS from Control Panel, Remove Programs.

Then I restarted normally and the computer detected the Geforce Video Card and installed itself again.
Since that, the problems have dissapeared.  I restarted the computer several times, and used the software i normally use (3dmax and photoshop) and is running smoothly!

Just in case,after this, i decided to UPDATE my Nvidia Video Driver, so I went to DELL webpage (my laptop is a Dell XPS M1710) and downloaded the driver from their Support page.

I installed it and everything is still Perfect.

I will keep monitoring this for a couple of days more to just in case the problem reappears somehow.

I would like to thank you all, and specially R-K for giving me a hint on what it was, and for all his usefull information. I truly learned a lot. Those programs that you suggested are wonderful and they will be very handy for the future.

Also Thanks to Orangutang for telling me about EVENT VIEWER, now i think i know how to use it, and will be definetely using it a lot in the future. Thanks for your time with the Hijackthis also. I would love to know how to be able to read and understand a Hijackthis Log, but perhaps that is a New Question...

Finally, the Event Viewer shows NO ERRORS since this driver Unistallation. All the warning and errors that normally appeared each time i restarted the computer are gone from that moment on!

There is still one issue, and is that when i restart or turn off my computer, the "Saving your settings" screen takes too long, almost 1 minute...  

- One last thing until further notice: Since this was a Video Driver problem, how can i be sure my Video Card did not suffered any damage? any idea how to check this? I am still under warranty, so it will be a good thing to do.

Thanks R-K and Orangutang for your effort helping me,, i was truly desperate because i had a deadline in one project, but because of both your help i managed to solve the problem, and finish on time.

Thanks R-K for the extra feedback, is very important because with that i understand better the problem i had. I will do what you reccomended for SP3, (i did not know it existed...)..  Also i will try the Diagnostic CD, or cal Dell just to be safe my hardware did not suffer...

Everything is still working fperfectly, but regarding what i said about no more errors on EVENT Viewer, i was wrong.. There is still one quite frequently..  I am attaching a Screen Capture, perhaps you can hgive me a hand with this a last time... Perhaps itis related to my other problem so i rather keep it here than start a new question.. If it gets big i will...

Here are the errors:

- The error is : EVENTLOG  ID:  6004  , and says " A driver packet received from the I/O subsystem was invalid.  The data is the packet."

- Also a common warning: Source: DISK, ID: 51_ and says_ " An error was detected on device \Device\Harddisk2\D during a paging operation."

- another WArning:  Source:MrxSmb, ID: 3019 _ and says: " he redirector failed to determine the connection type."

Thanks , i will appreciate a lot if you could take a lookk ath this for a last time.

unrinoceronte.

09-Event-Viewer-MORE-ERRORS-June.jpg

Please Help with this Last issue.. in previous comment...

You can check eventid.net if you have errors in your event viewer. You have to pay for a membership for some solutions, though.

hmm , thanks orangutang.    ,,,

is there other way?    microsoft itself?

There are some indications on the web that the Event ID 6004 may be caused by the AV program. Can you temporarily disable your AV program from doing realtime scanning and see if the 6004 events go away.

How many Event ID 51's are you getting for Harddisk2/D? Let's see if those go away after disabling AV, else it may point to possible bad block on that drive.