12 replies to this topic

[chimpy]

In my Task Manager I have two rundll32 running but only one has a pathway so I can see what it is running the same with csrss.exe, it has no pathway either but there is only one of them running!

Is this normal as googling suggests its not.

[AdvancedSetup]

Well the image is too small for me to see but just because the path is not shown does not mean it is malware or improper.

Update your Anti-Virus and run a scan and update MBAM and run a scan and if both of them find nothing and you have no signs of infection then probably nothing to worry about.
If you are worried then go ahead and open a post in the HJT forum and have someone assist you but it may take a few days for them to get to you.

[catscomputer]

Chimpy I have two rundll.32.exes processes too. Both are Windows host processes according to the Description Column. Both of mine have command lines as follows:

1) C:\Windows\System32\rundll32.exe
2) rundll32 NVSVC.DLL,nvsvcInitialize (I think this has something to do with nvidea)

I can't tell how many csrss.exe I have as it jumps around too much to check. I noted that the one I did see didn't have a command line by it, however when I clicked "show processes from all users" a command line appeared next to csrss.exe then.

(I tried to do a process check from the website I usually use (programchecker.com) but I cannot seem to connect with it in FF or IE, which is a bit bizarre... )

[yardbird]

I can make it bigger for him

[exile360]

I can't connect to programchecker either, it appears their site is down. The reason you couldn't see the details of csrss originally is because the Task Manager wasn't running as Admin, and it's a System level process, so you'd need to click Show processes from all users to see it.

If you want a closer look at Rundll32.exe processes and how to research them take a look at this article as it breaks it down pretty well .

[catscomputer]

exile360, on Sep 20 2009, 10:05 PM, said:

I can't connect to programchecker either, it appears their site is down. The reason you couldn't see the details of csrss originally is because the Task Manager wasn't running as Admin, and it's a System level process, so you'd need to click Show processes from all users to see it.

If you want a closer look at Rundll32.exe processes and how to research them take a look at this article as it breaks it down pretty well .

Thanks for explaining about the difference taskmanager details in normal view versus show processes from all users, and for that very useful link about rundll32.exe. I've learned something.

[chimpy]

Ah thank you all, When I clicked on "show processes from all users" the pathway comes up rundll32 NVSVC.DLL,nvsvcInitialize and one for NvMcTray.dll,NvTaskbatInit which I think are Nvidea as well,I do not seem just to have the C:\Windows\System32\rundll32.exe, the csrss.exe files path is to C:\Windows\System32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288....(it carrys on) But I think thats normal too
I still have some pathways blank from audiodg.exe, system, and system idle process when I tick the show processes from all users so I do not understand why that is still.

[exile360]

Yep, sounds normal . Autdiodg.exe is Windows Audio Device Graph Isolation and should always be running. Your csrss.exe listing is normal. System and System Idle Process should show as blank because they're not actually processes, I believe System is the reserved kernel space memory (correct me anyone if I'm wrong) and System Idle Process is the amount of idle resources, meaning the amount of resources not being used by any processes or services and therefore has no path.

[chimpy]

Thanks Exile and its a great tip from you how to see all the processes, though I think I should probably stay away from looking at stuff like that as my mind always tends to think of the worst!

[yardbird]

chimpy, on Sep 20 2009, 02:09 PM, said:

Thanks Exile and its a great tip from you how to see all the processes, though I think I should probably stay away from looking at stuff like that as my mind always tends to think of the worst!

Let me know when you want me to pull that pic off...regards

[chimpy]

@Yardbird oh its ok to keep up it do not have anything I need to hide I think, And thank you for enlarging it as I did not notice when I posted it that it was so small!

[yardbird]

chimpy, on Sep 20 2009, 02:24 PM, said:

@Yardbird oh its ok to keep up it do not have anything I need to hide I think, And thank you for enlarging it as I did not notice when I posted it that it was so small!

Download this free software http://www.irfanview.net/ and you can do anything with a pic, in any format.... no problem your welcome! hope you get the issue fixed. cheers...

[chimpy]

Thanks alot thats a neat little tool there