Weird Stuff happening, not much hair left in my head to tear off at this point!

[de.das.dude]

This started after the local cable operator leased out the network to a different ISP. this ISP is worse than the previous one.


First, my computer seems extremely sluggish when connected to the net now.
even the desktop hangs. i may have found the culprit:-



sometimes if i end the process, it will end, but come back again. sometimes, trying to end it will trash the system. mouse and kb will work, along with the start button, but nothing else works. Even Alt+Ctrl+Del shows an error.

The appearance changed automatically and its gotten stuck at that. Some elements in the windows like buttons etc, are all square and classic, like in win98. They dont go back to normal, even after restarting, or fiddling with their settings. even applications like CCleaner, IE and opera and and all that i can think of seems to be affected. Even this tab too!

the title bar at the top of the window isnt supposed to be there (and other things)!

Sometimes after the system has locked up, if i press the reset button, it doesnt work either. Other times, if i long press the power button, the monitor goes off, but the CPU keeps running.


Note: this all started after i changed my network settings to match the new ISP, and logged in.

before this everything was allright. but during the changeover of the ISP, my comp did get sluggish if the ethernet cable was connected. however it didnt cause any other problems. comp went to normal as soon as i unplugged cable.


i tested my HDD, RAM, they are both ok. No viruses, checked with eset, updated.

what is going on


Oh and i am getting 8mbps download and 2mbps up during speedtest.net to the neighboring country and while download few things like opera, chrome, but other than these i am getting only 50kbps speed!

[ruff0r]

Quote:

Originally Posted by de.das.dude

Note: this all started after i changed my network settings to match the new ISP, and logged in.

You can identify what's using the memory by running the Win7 Resource Monitor:

- Ctl-Shift-Esc to start Task Manager
- Click the "Performance" Tab
- Click the "Resource Monitor..." button at the lower right

In the resource monitor, click the "memory" tab and then click on the "Working Set" column heading to sort by the amount of physical memory being used by the various processes.

Second attempt:
Disable the Superfetch service.

[McSteel]

This smells like a virus. I see you have something from ESET installed (icon in the systray), and it probably wants to update (yellow alert). I suggest you do update it, and run an in-depth scan. You might find an uninvited guest resident...

[FordGT90Concept]

Use Process Explorer to see what services are hosted on that svchost.exe.

Edit: if it doesn't list processes under svchost that's taking all the memory, open svchost, go to the "Services" tab to find the services running on the host. The "Threads" tab may also be of some use for when the CPU load spikes.

[de.das.dude]

Quote:

Originally Posted by McSteel

This smells like a virus. I see you have something from ESET installed (icon in the systray), and it probably wants to update (yellow alert). I suggest you do update it, and run an in-depth scan. You might find an uninvited guest resident...

its updated. yellow cuz its gonna expire in a week.

[de.das.dude]

Quote:

Originally Posted by FordGT90Concept

Use Process Explorer to see what services are hosted on that svchost.exe.

Edit: if it doesn't list processes under svchost that's taking all the memory, open svchost, go to the "Services" tab to find the services running on the host. The "Threads" tab may also be of some use for when the CPU load spikes.

i did try to go to the services, and it listed Winmgnt and another one. i will confirm the other one. BTW, neither looked suspicious.


did a speedtest right now


and i am getting 50KBps downloads :\

[de.das.dude]

wtf. well, this isnt normal is it?

[natr0n]

Wise-Game-Booster

try this will close off uneeded services and anything overtaking resources.

add this to ccleaner directory

cleans up extra sh!t

[Black Panther]

Do you still get that high usage if you boot in safe mode?

[Radical_Edward]

Run a malwarebyte's and a TDSSkiller scan. From then info you've given you have an infection.

[de.das.dude]

Quote:

Originally Posted by natr0n

Wise-Game-Booster

try this will close off uneeded services and anything overtaking resources.

add this to ccleaner directory

cleans up extra sh!t

i just copy pasted it into the program files directory

[FordGT90Concept]

Windows Search and SuperFetch both can take huge amounts of memory. Try stopping those services and see if it settles down.

...also ironic that you're having network problems and WLAN AutoConfig and Windows Driver Foundation are running on that process...

[natr0n]

Quote:

Originally Posted by de.das.dude

i just copy pasted it into the program files directory

It should be saved as Winapp2.ini

[de.das.dude]

Quote:

Originally Posted by natr0n

It should be saved as Winapp2.ini

"save linked content as"

[de.das.dude]

Quote:

Originally Posted by FordGT90Concept

Windows Search and SuperFetch both can take huge amounts of memory. Try stopping those services and see if it settles down.

...also ironic that you're having network problems and WLAN AutoConfig and Windows Driver Foundation are running on that process...

i was suspecting driver conflict too, but this combination of lan card and wifi dongle has been with me for quite some time now. plus that doesnt explain all the other crazy shit thats happening.

[de.das.dude]

Quote:

Originally Posted by Radical_Edward

Run a malwarebyte's and a TDSSkiller scan. From then info you've given you have an infection.

doind that now. never had to use malwarebytes before. or the other one.

malwarebytes detected two thingys.

[FordGT90Concept]

I would go down the list of those services and stop them in services.msc until you find the culprit. None of those processes should be consuming over 1 GiB of RAM so if you stop one and that memory is freed up, you found one of your problems.


Edit: Also, stop all anti-virus software and firewalls. They can cause a trainwreck. If you're concerned about being exposed to the filthy internet, unplug the internet connection first (you should probably do that anyway to isolate your local problems).

[de.das.dude]

woot. deleted two of the malwares and the appearance change has been fixed. now eveything looks normal. but that service is still here.

Ford can you give me more details about this services.msc?


also, i think the login page of this ISP is infected. because whenever i try to open that page that weird stuff starts happening.

[de.das.dude]

Sweet JC! look at all these services associated with that svchost this time!


EDIT: zing found another malware!

Kudos to Rad Edward for suggesting this.

[de.das.dude]

oh no it went back to the previous form.

the fight continues

[Radical_Edward]

Also run TDSSKiller. There might be something Malwarebyte's is missing. You said that you got this off your ISP's site, do they by chance use Java?

[natr0n]

Backup data and fresh install is what I do in situations like this.

[de.das.dude]

Quote:

Originally Posted by Radical_Edward

Also run TDSSKiller. There might be something Malwarebyte's is missing. You said that you got this off your ISP's site, do they by chance use Java?

YES!!!!!!!!

and there is this pop up with the jsp extention(java) that keeps wanting to come up. but opera is blocking it.

i knew this couldnt be a coincidence.

[de.das.dude]

Quote:

Originally Posted by natr0n

Backup data and fresh install is what I do in situations like this.

i really dont know how to do that. never backed up. i usually fresh install. but i really need to backup this time! thanks beforehand

[FordGT90Concept]

Quote:

Originally Posted by de.das.dude

Ford can you give me more details about this services.msc?

It's the same as going to Control Panel -> Administrative Tools -> Services.

Quote:

Originally Posted by de.das.dude

and there is this pop up with the jsp extention(java) that keeps wanting to come up. but opera is blocking it.

i knew this couldnt be a coincidence.

That happens everytime I update Java. I block it everytime.