Windows Registry Recovery

studiot · Jan 17, 2007

I get an information box (blue i) at the XP login screen which states
one of the files containing the system's registry data had to be recovered by use of a log or alternate copy. The recovery was successful.

I need to click twice to get rid of it and login. everything works normally and I have run several registry cleaners and cleared system restore, but the problem persists.

Task managers says the csrss process is associated.

Anybody else seen this or any ideas please?

Eric Rogers

bigbazza · Jan 18, 2007

Check out google link

http://www.google.com/search?as_q=c...as_dt=i&as_sitesearch=&as_rights=&safe=images

Maybe your copy of csrss.exe is infected?

A search of my installed csrss.exe shows it to be 6k (6144 bytes) and installed in C:\Windows\System32 in my XP Pro (with SP2, etc).

Yours may be in the same folder, but of a different size?
It could still be the same size, but infected, unlikely but possible.

Maybe post this in the Malware forum
http://forums.majorgeeks.com/forumdisplay.php?f=35

for expert Anti Malware help.

They will probably advise you to run the procedures outlined in
http://forums.majorgeeks.com/showthread.php?t=35407

first

Anyone else, please step in. Bazza

studiot · Jan 18, 2007

Thanks bigbazza but this is not the solution. My system is Windows XP Home.

My csrss.exe is also 6144 bytes and in the system32 folder. Nevertheless I replaced it with a copy from an known good pc. There was no change to the error (information) message on startup.

Reading the event log identifies two events labelled 'application popup' in the system branch of the log. Properties yields ID 26 and file ntdll.dll, also in the system32 folder. I have also replaced this file with no success. The two events are presumably why I have to click twice to clear the message.

The system otherwise runs very sweetly and has been checked with Norton, AVG and Xoftspy and several rootkit checkers, which all declare a clean bill of health.

very puzzling

Eric

bigbazza · Jan 19, 2007

As in my original reply, I would suggest starting a new thread in the Malware section, as those guys are great.

As I also said, they will probably recommend the Malware checking link that I also listed.

Sorry the replacement trick didn't work.:cry

Bazza

===

studiot said: ↑

Thanks bigbazza but this is not the solution. My system is Windows XP Home.

My csrss.exe is also 6144 bytes and in the system32 folder. Nevertheless I replaced it with a copy from an known good pc. There was no change to the error (information) message on startup.

Reading the event log identifies two events labelled 'application popup' in the system branch of the log. Properties yields ID 26 and file ntdll.dll, also in the system32 folder. I have also replaced this file with no success. The two events are presumably why I have to click twice to clear the message.

The system otherwise runs very sweetly and has been checked with Norton, AVG and Xoftspy and several rootkit checkers, which all declare a clean bill of health.

very puzzling

Eric
Click to expand...

Log in or Sign up

Windows Registry Recovery

studiot MajorGeek

bigbazza R.I.P. 14/12/2011 - Good Onya Geek

studiot MajorGeek

bigbazza R.I.P. 14/12/2011 - Good Onya Geek