OMG Guys I Need Help

[TheOneAndOnly]

Well if you use Vista Ultimate/Business windows tells you exactly what service is using which resources (e.g. how much bytes of of transfer).

So it should be pretty easy to find the evil process/file. If you use home version, i think its hard to guess and maybe its hardware related too... And windows likes to kill itself by changing settings in a way that is REALLY hard to backtrack at all sometimes. If everything fails, I'd recommend saving all files and reset the notebook to factory-defaults via restore-media that should be shipped with it.

BTW if you disable RPC completely, your PC health is massivley damage. Windows needs some RPC services to manage user-login and registration stuff so without RPC your computer will turn off 30s after it started (there was a virus turning aff RPC completely causing exactly this problem - forgot about the name tho ).

Another BTW svchost has a weird discription because nobody knows how to name it anymore... it does pretty much alot on network services and event communication. For example if an installation process is installing a driver it is listening on a specific port for the event to finish. When the OS finished driver installation it sends the specific signal to the port the installation program is waiting for - and guess who is responsible for this event-transmission? Guessed right - svchost.exe. And Userlogon/Internetcommunication, even printing communication and ALOT more is managed by svchost.exe. Thats why its has no real name and like 20 instances running

[Phantagirow]

I'm using Windows Home edition. Task manager does show how much resource each process is using. What I am in the dark on, however are the ambiguous descriptions of the processes. Because I'm a noob, lol

4GB RAM coms shouldn't be slow though. At least, I feel that it's slow, sometimes I open Mozilla and type an address like "hotmail.com" it freezes for 1-2 seconds before the words appear. And it happens when I play shitty games that are not resource hoggers.

I can see the properties of RPC and there are a lot of other services that depends on it to function. I tried accessing what files and folders RPC has recently accessed through command prompt with the command "openfiles"
but I got the reply "ERROR: Logged on user does not have administrative privilege"

I was like WTF? lol, Who else would have admin privilege on my com besides me? The user account I'm using to logon to this system *IS* an Admin account. It feels like I'm not in control of my own computer.

Yeah, I've come across some articles that mention viruses masquerading as svchost.exe running together with the other svchost.exe processes.
But because the process descriptions are all the same, and I don't know how to find the individual exe.s that are attached to svchost I can't tell what it's for.

I tried to end process on some of them before, sometimes the audio is lost, antivirus gets turned off, sometimes Windows even restarts itself, lol

[TheOneAndOnly]

Well on business and ultimate you have great administrative tools telling you how much bytes that moment or in total a process transferred and what exact path its filename has.

Too bad in basic version you dont have that tool. Anyway... to check if a virus is maquerading checking is pretty simply... go to vista button and type "svchost.exe" into the search-bar... dont press enter... search will begin already on typing. If you have more than one match at "windows/system32" a virus is pretending to be a svchost.exe on a different location. MAybe you can delete the wrong file in safe mode.

Some viruses replace the svchost.exe... you have under guarantee to format your system to get rid of that one because the virus infected a really well protected heart-file.

And that is why i say its almost impossible. Because you found out what 90% of all vista users still dont know while using their computer. You are administrator, but you dont have adminitrative rights in general You never realized the prompts? Program A wants to execute - you allow that YES or NO - or if you rightclick on a program you have an option called "run as administrator". Why you have all this if you are administrator?

Guessed right... you are admin but everything runs in normal user mode except you GIVE it admin rights by saying YES when you get prompted or explicitly say RUN AS ADMINISTRATOR. Thats why its is REALLY hard if not impossible for a virus to infect your system. You have to grant virus admin rights first - else it cant change system files and will just fail infecting files.

You tried disabling all virus/firewall programs running and REALLY permenantly disabled all shadow copy services? o.0 To be sure you disabled you can also unset the tracking option under "(rightclick)computer -> properties -> extended systemsettings -> go to computersafty tab -> unset all harddisk tracking options". In 98% of all abnormal harddisk activities its the shadows-copy that messes up everything.

I better mention that you should NEVER run more than one virus programs... cause they needa get first access to scan before the file can activate and infect. if you have two virus programs it will end up in both concurrenting for first access... that cant end well xD Thats why i say try disabling all antivirus software - maybe there was one installed already without your knowledge and you installed another one what causes trouble?

[Phantagirow]

I didn't see no "extended system settings" after Computer -> Properties -> it becomes the Control Panel's "System" folder

well, I have Windows Defender, Malwarebytes, and Avira, do they clash? The problem with the connection status only happened after I updated Vista, so I didn't suspect that antivirus programs caused it.

I've been contacting Dell Support through e-mail, the tech guy asked me restore system to before the problem started but this weird update was back in May 26th or earlier, my restore points only cover up to 16th of June, I'm so screwed, lol

The only other option is to do a full reset, which brings the Laptop back to factory conditions and I don't have enough external storage to evacuate, so this sucks.... tremendously

[platinumvanguard]

disable defender it's a completely worthless piece of garbage. As for the rest... no idea xD

[TheOneAndOnly]

Well im sorry you have no advanced settings... in my german version there is a tab called "eweiterte Einstellungen" what is translated to english "advanced settings"... might be named different in US version tho but located at same spot.

Malwarebyte shouldnt interfere with Avira if you didnt register and enable the active protection... the normal free version without registration is passive only and get ONLY active when you run it. So it cant interfere with active virus software. Better check if malwarebyte has a service running and disable it to be sure there is no active protection running that might interfere with Avira.

[Phantagirow]

really that bad?
Anyway, I barely notice Windows Defender doing anything

the recommended solution to my problem is to ignore it until Microsoft comes up with a better update, lol playing brilliant isn't it
I'll be damned if I have to reset everything because I took too much time installing these softwares and I'll probably have trouble finding the CDs to do a reinstall.

[Phantagirow]

BTW check it out, I took a screenshot of my desktop



Usually Fraps will only start when a .exe program is running, indicating that it's a game. But why does my Frap run on random sometimes even just viewing my desktop?
Does that mean there's a program running without me knowing, and that triggered Frap to start?

[platinumvanguard]

Funky desktop o.O

[Phantagirow]

This just in, check out the Connection speed it's crazy o.O

[TheOneAndOnly]

Hehe well the Bytes transferred are pretty normal... i have the same or more when i was just logged in into rappelz a few hours (or using messangers and stuff). No reason for panic if you dont have that seconds after startup and no download on hehe

And the speed is just a bug with the networkdriver i bet. Should be fixed when installing Vista SP2 or update/change the network driver... but just cosmetics... thats no error, just a small bug

[swiftstarz]

why do you have random pics of girls thats so awk. like more awk than awk turtle and awk turkey combined

[Phantagirow]

@swiffy
what dost thou meant by "awk"?

I have them because I like girls, I mean, if my desktop had pix of buffed and good looking guys with sixpacks then there might be something wrong don't you think? lol

The first girl is a friend of mine from primary school (or elementary for you Americans)
The second one is a pix of a random girl named Jessica Abra Fischer who is somewhat a target of the internet hate machine (another story altogether)

@theone
Really? that's normal you say, 457 Million bytes in less than an hour?
Hey guys, post your desktops too I'd like to see them

Yea, that 400+ GB connection speed was odd. I still can't update the network drivers till this day. Still waiting for Microsoft to come up with an update that solves this hijink. I don't want to do an evac

Also another oddity is what's up with Fraps running on my desktop when there are no programs running? lol

[TheOneAndOnly]

Well here my desktop this second:

[swiftstarz]

oh awk as in awkward. hahaha. ok i guess since you guys are males it makes sense... *roll eyes*

look theone has a normal desktop YAY XD omg its so cute how your comp is german XD

i would post a pic but...i dont even know how to get to that screen ahahaah