EP_X0FF wrote:Need to burn a CD for memtest, can try vista cd on board memtest also I think, have no empty cd's so will try that one tonight.Every1is= wrote:Yesterday a minidump was created though during a GMER initial scan and windbg shows csrss.exe as "causing" the BSOD with an F4 code if I recall correctly, will check later. I remember it not displaying a stop message or module on which it exited though, which I found odd at that moment.This is just GMER bug. Sometimes it crash at initial scan :)
Did you tried memory tests?
But what I just noticed, and I have never noticed that, is that in the normal standard vista taskmanager, there were TWO csrss.exe processes running. I like just one so I killed the other ;-P And although there are many ways for a system to crash and error on that crash, guess what? The exact same screen corruption occured, the BSOD with the F-whatever error came up and a minidump was saved.
Over here http://j00ru.vexillium.org/ I was reading up on csrss.exe (but it is over my head to be honest, I just cannot connect the dots as a non programmer, but maybe in time) and now I wonder: in procesXP I only remember seeing one instance of csrss.exe running, always, if I am not mistaken. So ATM the question has become: is it ok that there are multiple instances of it running?
Edit: in procesxp there are also two instances running, so must have always overlooked that one... I/O reads and Cswitch Delta on one instance are significantly higher than on the other.
Edit2: Found onlin
Csrss.exe is one of the most important windows processes and the existence of this process could be vital. This process is used by the windows operating system to control a couple of tasks. The majority of the graphical instruction set of the Windows operating system relies upon this process. It may also be used to control the threading process in Windows(for those not familiar with threading, it is the technique which lets you split any particular application into the multiple instances).That's clear then. Still... when I run a rootkit scan, it does exactly the same as when I terminate CSRSS.exe. That is messed up.
Mostly there is a single csrss.exe process running in your system but if you find multiple instances of this process then don’t worry, as in many cases windows may run more than one instance of this process.
Also never try to terminate this process, as the consequences of terminating this process will be bitter, you will be taken to the blue screen of death.
Can't find vista cd, had in my hands the other night for rewriting the MBR, now its gone. "There be leprechauns in my house I tell you" ;)
*continues search*
