OMG Guys I Need Help

[Phantagirow]

Hey guys, I need some help

Recently Vista had an update called service pack 2 (it's about 363MB, kinda humongous)
After updating my com it restarted and then I did a quick defrag.

After a while, I came back and noticed my com had an extra 20GB free space which was weird because I didn't do anything. I tried to surf the internet and every website I tried came back with a page load error.

I restarted the com and the modem and tried diagnosing the problem, windows couldn't figure out what's the problem as everything is running normally (as usual).

I got back from work and tried it again (different location same results), with the LAN cable and also wireless but to no avail. While using wireless, the network indicates the com is connected to the router but not connected to the internet. No settings were changed.

And today, I finally got online at my workplace and the connection status shows this:-
In just a short duration of 10mins

Bytes sent: 486, 701 Bytes received: 4,169, 815

I'm not even doing anything like downloading or loading website contents. Does it indicate my com has been infected?

I'm currently using Avira AntiVir Personal version9 and Malwarebytes Anti-Malware
and of course Windows Defender that came with the com

Anybody has advise for me on what I should do?

[musicman]

If you're asking if you've been intentionally hacked the answer is no. If you're asking if you've picked up a virus, the answer is highly likely no. This sounds like a case of vista having done something wrong with the update (moving it to wierd locations, etc...), having somehow allotted 0 space for web cache, or somehow fooled around with your computer's internet connection settings. The web cache one would be a very strange issue with a solution of manually allotting more (don't know how to do it in vista).

I'd say first things first call your ISP, they can usually help you, and they can almost always tell you whether it's your computer or your connection. One time we fixed our internet by manually adding a 0 to the end of our IP address.

I had a similar situation with vista (mine was a bit more severe) a while ago. I DLed an update, and my computer was suddenly non-functional. Basically, it had moved critical system files to a different folder. Yea generally not a good idea. This was right after I did an update. What happened was I got the whole "windows has encountered a critical error and must restart in one minute, save your work now" window every time the computer started up. Basically a cycle. So, just as something to try, I used the system restore function to try and go before the update so I could try DLing it again. Of course, it had deleted all restore points before the update. But, I went to one it created just after the update and it worked. My computer no longer restarted every time it started up.

So, this may sound wierd, but try the system restore function. It fixed my post-update issue. (your specific issue is different than mine but it might be a similar concept of the problem and a similar solution)

Hope that helps. It's probably a bunch of gibberish, lol. Important parts are call your ISP and try the system restore function afterwards.

[Phantagirow]

Thanks musicman,

I meant if my com got infected with virus or trojan. I was doing some research related to my work and I've been clicking on quite a lot of links ^^
I'm quite noob when it comes to computer viruses, lol and especially Vista, not getting the hang of it.

I did do a system restore back to before the vista update when I couldn't get online yesterday, after that that's when the weird massive amount of bytes sent and received started. It's still happening now, I have no idea where all that data is being put in my com.

My ISP are clueless, it's just my connection status going haywire. I have a dynamic IP btw.

[platinumvanguard]

It sure doesn't sound like a virus or trojan to me. Those usually give subtler signs as their primary use is as a data mine. However, they shouldn't break down your computer so I think music has it pretty close. If only medi were around =[

[musicman]

Ok, a few more things I'd suggest. I don't know what all you've tried but:

1. With such a large update it is possible your current equipment drivers are either configured to work with pre-SP2 vista or will not work with SP2 vista. Computer hardware companies and Microsoft coordinate (at least to some degree) to make sure that drivers are available for the equipment on the latest operating systems. Try reinstalling the drivers for your modem/network card/etc... (if they have them) and look to see if new drivers were recently released for SP2.

2. Make sure it was a Microsoft released update you installed from the Microsoft update servers. This may be just a person policy, but I never, ever install an update for a currently supported operating system from anywhere else. The Microsoft update servers are the fastest and most efficient anyway.

I have not actually used my vista computer in the past few days, so I have not installed any critical updates.

3. It could have happened when you defragged. Although I have yet to hear a case of a defrag making internet connections go haywire (or screwing up a computer at all), it is a "smart" system which relies on the computer doing exactly the right thing with all files. Did you try to get on the internet after you installed the update and before you did the defrag?

[Phantagirow]

It's because I heard somewhere that clicking on links can get a com infected. I make it a point to clear my cookies and cache everytime I finished going to websites that are suspicious. I run a scan with antivirus and malware everytime I download files.

I only do updates prompted by Microsoft Windows Update, the other free trial softwares that I'm using usually bugs me to do updates but I've never updated them.

Actually I did try to go online after the vista update and before the defrag, but it was really slow. Words on a webpage appears but the graphics would be missing.
I initially thought that the defrag was using too much of the system resources so I stopped it halfway.

Then a little later on, every website I clicked on came back with a page load error but strangely enough, my MSN was running smoothly so I asked my sis if she could get unto hotmail and yahoo because I couldn't and she replied yes she could.
That's when I started noticing something is wrong.
I did a restart and I went to check my connection status. That's when the massive bytes transfer and received started happening.

[platinumvanguard]

Clicking on links won't necessarily get your comp infected. What you should be wary of is where the redirect it. If it redirects you to a place you don't know, that could be troublesome.

[musicman]

Ok, to answer your question about viruses or adware or malware or etc..., if your computer is not currently getting worse, then you did not pick up anything of that sort. My suggestion is try finishing the defrag, or just defragging from scratch. If you haven't already.

By the way, did you look into the drivers? Cause that's your next priority if your ISP really can't help.

[Phantagirow]

I reinstalled the wireless software and the modem drivers, but it didn't make any difference.

Yesterday I tried to see the extent of how much can be received so I downloaded videos from youtube like crazy (songs, etc) and after about 240 million bytes received, my internet slowed down, lol

Funny thing about defragging is it no longer shows details about how far % defragging has been done in Vista, I tried leaving it alone for 6 hours and it still haven't finished defragging, lol
Anyway, I'll try finishing defrag and see if it solves the problem.

[musicman]

If it never finishes defragging, that could be a good clue. And a bad sign. Both at the same time. If it never finishes defragging then likely there are folders and files which are not in their proper locations or the defrag tool itself has gone haywire. Most likely it would be the former..

If you've used up a lot of storage space, then 6 hours doesn't sound too bad for a defrag. Try leaving it longer (then again that's with the XP defrag tool, I've never used the vista defrag tool. It could normally take much longer or much shorter I don't know).

[Phantagirow]

I bought this Dell laptop for 250GB space but I only got 222GB on drive C and 9.99GB on drive D

Still have 70GB space left, tried to do a defrag over the weekend for a full 24 hours but it never finished. As this is a laptop I didn't want turn it on for too long, might fry some hardware.

Went to Dell's website for tech support, was redirected to DellConnect.com and then a tech person made me download this app that allows control over my laptop. Looked around a bit trying to find out what's the problem, didn't really give any help though, at least not what I don't already know, like updating the damn drivers.

the network adapter is up to date, but windows update says it failed to update.
And I'm still getting massive data transfers. Now I have to find where that app I downloaded that allows control to my system is so I can delete that piece of shit.

[TheOneAndOnly]

If you use Vista i bet its the shadow copy service. Vista makes shadow copies of all files to be able to track different file versions and restore if wanted/nessecary. I figured out that on many ready-built computers it goes crazy and makes shadow copies permanently. So you have a slow computer that works on your harddrive without stopping.

Go to services and disable it... in 99% of all cases you wont miss it but can enjoy the massive speed increase.

BTW you dont needa defrag on vista... vista does automatically every week in the background. So if you run manually it can only go wrong

ANOTHER BTW: Vista Ultimate has 64 GB size after install without any additional programs... i bet your lost GBs are a hidden restoration partition. In addition to that manufaxturers calculate 1000 Byte = 1 MB and 1000 MB = 1 GB... WHAT IS WRONG! Computer calculate at a base of 2... so 2^10 is 1024... so 1024 Byte are 1 MB and 1024 MB are 1 GB... so 250.000.000 Bytes (what manufacturer says is 250 GB) are only 238 GB on windows.

Hope i helped.

[Phantagirow]

Yes that explains alot on where my GBs are gone, lol thanks TheOneandOnly

Yes they did do a shadow copy for restoration + Vista has too many features and whatnots running in the background, they do take up alot of space and memory.
This is a 4GB RAM laptop with 256MB NVidia graphics card and it still runs slow.

I noticed there's a "dell" folder on my D drive with a folder inside called "Image" which contains a file called "FACTORY.wim" that thing is 3.38GB omfg I don't even know what that's for

I went to "Services" under Task Manager and found some things I'm not sure if I should mess with, you guys know what these are?
(oh BTW I disabled the weekly defrag now and shadow copies was set to Manual)

1. Andrea RT Filters
2. IKEEXT service
3. Remote Procedure Call (RPC) - It starts manually and I can't disable this or do anything to it
4. Remote Registry - Can't disable this also, can only start it
5. Secondary Logon - set to permanently Automatic start, can't be disabled
6. stllssvr - it's from C:\Program Files\Common Files\SureThing Shared\stllssvr.exe, lol wtf is Sure Thing Shared?!!
7. Superfetch - description says "Maintains and improves system performance over time" and it has system dependency on "Remote Procedure Call" it is set on Automatic to start
8. Terminal Services - set to Automatically start

Does anyone know what the hell these are? lol that would be great, thanks

[musicman]

The "FACTORY.wim" probably contains all the information loaded on your computer at the factory when they loaded windows on it. Or it contains information about what is loaded on your computer. These files are usually even a different file system than other files and cannot be modified or changed in any way unless you switch file systems. This is why you even have a "D" drive. They serve no purpose except to store the "factory image" of the computer. Because such files are a different file system, have their designated drive, and store information about the factory settings of the computer, just consider that whole drive dead space and don't try to mess with it.

What I would suggest with the other things:

try disabling auto-start (if you can) and just see what happens. The nice thing about having a broken computer is it's already broken, so you don't have to worry too much about consequences. As long as you aren't permanently deleting system files, you will be able to get your comp back eventually.


It's true that stllssvr is in a folder called "sure thing shared" but sometimes that's the way it is. This doesn't sound particularly iffy but look into it if everything else still isn't working.
Terminal services also doesn't seem bad. Try disabling autostart if you can and see what happens.
Secondary logon sounds exactly like it fits right into the whole mentality of vista.
IKEEXT has to do with the update. If it says the update failed, try disabling this and retrying the update.
Andrea ST Filters has to do with sounds, that's all I know about that.


Of the things you mentioned, the ones that sound fishy or iffy to me are the following:
Remote Procedure Call.
Remote Registry.
Superfetch.

Almost everything with "remote" attached to it in windows has to do with the "remote assistance" program. It's like Microsoft Outlook. That program can pretty much be considered a virus.

Basically with "remote assistance" you are able to allow other people to help you fix your computer. The only time I've needed other people's help, the computer was too broken to use the remote assistance program. It's like saying "go download your screen drivers from this website". Woop-de-do I can't even see what I'm doing let alone DL and install something. And when I can see it, I don't need it.

Superfetch just sounds like some kind of unnecessary add-on or plug-in that was origionally supposed to help but does nothing.

The others just don't strike me as being weird.


In short, even though those 3 processes could be disabled without hurting your computer that is very unlikely the source of the problem or the solution. I'll get back to you on here if I find out more.



www.file.net/process/stllssvr.exe.html

[Phantagirow]

omg Musicman, thanks for the information. It's amazing, how do you know so much about computers anyway?? XD

As for the remote assistance, I went to Dell support website 2 days ago and one of the tech representative asked me to download and install that (from Dellconnect.com). The tech rep didn't really ask me what's wrong with my laptop, lol

Just said something along the lines "I need to see if your system have driver conflicts"
Sometimes when the tech rep moves the mouse and do stuff, I can't see it on my screen.
In the end, only updated the network driver which I was already doing, lol....
so it didn't solve the weird massive bytes transfer and intermittent inability to access internet.

I've deleted the software downloaded from Dellconnect, but in the services section I am unable to do anything to Remote Procedure Call (RPC). It starts automatically at startup.

Checked the properties and found out it's from C:\Windows\system32\svchost.exe -k rpcss

That svchost.exe also has at least 12 processes running all with the ambiguous description "Host Process for Windows Services" lol, like what kind of services? I have absolutely no idea. But seeing it is in the windows/system32 folder I'm quite hesitant to mess with it, didn't want to play up my laptop.

I've disabled all the weird services that starts automatically, some that I'm not exactly sure of I put it to manual. But everytime I restart all the services I disabled changed back to Automatic again, lol??

Anybody else in the guild using Vista S2? It would be great if we could compare and see if what's happening on my laptop is normal.