1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Weird Stuff happening, not much hair left in my head to tear off at this point!

Discussion in 'General Software' started by de.das.dude, Feb 10, 2013.

  1. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    This started after the local cable operator leased out the network to a different ISP. this ISP is worse than the previous one.


    First, my computer seems extremely sluggish when connected to the net now.
    even the desktop hangs. i may have found the culprit:-
    [​IMG]
    [​IMG]

    sometimes if i end the process, it will end, but come back again. sometimes, trying to end it will trash the system. mouse and kb will work, along with the start button, but nothing else works. Even Alt+Ctrl+Del shows an error.

    The appearance changed automatically and its gotten stuck at that. Some elements in the windows like buttons etc, are all square and classic, like in win98. They dont go back to normal, even after restarting, or fiddling with their settings. even applications like CCleaner, IE and opera and and all that i can think of seems to be affected. Even this tab too!
    [​IMG]
    the title bar at the top of the window isnt supposed to be there (and other things)!

    Sometimes after the system has locked up, if i press the reset button, it doesnt work either. Other times, if i long press the power button, the monitor goes off, but the CPU keeps running.


    Note: this all started after i changed my network settings to match the new ISP, and logged in.

    before this everything was allright. but during the changeover of the ISP, my comp did get sluggish if the ethernet cable was connected. however it didnt cause any other problems. comp went to normal as soon as i unplugged cable.


    i tested my HDD, RAM, they are both ok. No viruses, checked with eset, updated.

    what is going on :banghead::banghead::banghead::banghead::banghead::cry::cry::cry::cry:


    Oh and i am getting 8mbps download and 2mbps up during speedtest.net to the neighboring country and while download few things like opera, chrome, but other than these i am getting only 50kbps speed!
  2. ruff0r

    ruff0r

    Joined:
    Dec 18, 2012
    Messages:
    222 (0.38/day)
    Thanks Received:
    51
    You can identify what's using the memory by running the Win7 Resource Monitor:

    - Ctl-Shift-Esc to start Task Manager
    - Click the "Performance" Tab
    - Click the "Resource Monitor..." button at the lower right

    In the resource monitor, click the "memory" tab and then click on the "Working Set" column heading to sort by the amount of physical memory being used by the various processes.

    Second attempt:
    Disable the Superfetch service.
  3. McSteel

    McSteel

    Joined:
    Nov 19, 2012
    Messages:
    562 (0.92/day)
    Thanks Received:
    269
    This smells like a virus. I see you have something from ESET installed (icon in the systray), and it probably wants to update (yellow alert). I suggest you do update it, and run an in-depth scan. You might find an uninvited guest resident...
  4. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,328 (6.32/day)
    Thanks Received:
    3,354
    Location:
    IA, USA
    Use Process Explorer to see what services are hosted on that svchost.exe.

    Edit: if it doesn't list processes under svchost that's taking all the memory, open svchost, go to the "Services" tab to find the services running on the host. The "Threads" tab may also be of some use for when the CPU load spikes.
    Last edited: Feb 10, 2013
    de.das.dude says thanks.
    Crunching for Team TPU
  5. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    its updated. yellow cuz its gonna expire in a week.
  6. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    i did try to go to the services, and it listed Winmgnt and another one. i will confirm the other one. BTW, neither looked suspicious.


    did a speedtest right now
    [​IMG]

    and i am getting 50KBps downloads :\
    Last edited: Feb 10, 2013
  7. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    [​IMG]

    wtf. well, this isnt normal is it?
  8. natr0n

    natr0n

    Joined:
    Jan 29, 2012
    Messages:
    1,786 (1.97/day)
    Thanks Received:
    919
    de.das.dude says thanks.
  9. Black Panther

    Black Panther Senior Moderatorâ„¢ Staff Member

    Joined:
    May 30, 2007
    Messages:
    8,561 (3.28/day)
    Thanks Received:
    1,915
    Do you still get that high usage if you boot in safe mode?
    de.das.dude says thanks.
  10. Radical_Edward

    Radical_Edward

    Joined:
    Jan 24, 2010
    Messages:
    3,587 (2.19/day)
    Thanks Received:
    1,927
    Location:
    Oregon, USA
    Run a malwarebyte's and a TDSSkiller scan. From then info you've given you have an infection.
    de.das.dude says thanks.
    Crunching for Team TPU
  11. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
  12. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,328 (6.32/day)
    Thanks Received:
    3,354
    Location:
    IA, USA
    Windows Search and SuperFetch both can take huge amounts of memory. Try stopping those services and see if it settles down.

    ...also ironic that you're having network problems and WLAN AutoConfig and Windows Driver Foundation are running on that process...
    de.das.dude says thanks.
    Crunching for Team TPU
  13. natr0n

    natr0n

    Joined:
    Jan 29, 2012
    Messages:
    1,786 (1.97/day)
    Thanks Received:
    919
    It should be saved as Winapp2.ini :)
    de.das.dude says thanks.
  14. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    "save linked content as" ;)
  15. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    i was suspecting driver conflict too, but this combination of lan card and wifi dongle has been with me for quite some time now. plus that doesnt explain all the other crazy shit thats happening.
  16. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    doind that now. never had to use malwarebytes before. or the other one.

    malwarebytes detected two thingys.
  17. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,328 (6.32/day)
    Thanks Received:
    3,354
    Location:
    IA, USA
    I would go down the list of those services and stop them in services.msc until you find the culprit. None of those processes should be consuming over 1 GiB of RAM so if you stop one and that memory is freed up, you found one of your problems.


    Edit: Also, stop all anti-virus software and firewalls. They can cause a trainwreck. If you're concerned about being exposed to the filthy internet, unplug the internet connection first (you should probably do that anyway to isolate your local problems).
    de.das.dude says thanks.
    Crunching for Team TPU
  18. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    woot. deleted two of the malwares and the appearance change has been fixed. now eveything looks normal. but that service is still here.

    Ford can you give me more details about this services.msc?


    also, i think the login page of this ISP is infected. because whenever i try to open that page that weird stuff starts happening.
  19. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    Sweet JC! look at all these services associated with that svchost this time!
    [​IMG]

    EDIT: zing found another malware!

    Kudos to Rad Edward for suggesting this.
  20. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    oh no it went back to the previous form.

    the fight continues :(
  21. Radical_Edward

    Radical_Edward

    Joined:
    Jan 24, 2010
    Messages:
    3,587 (2.19/day)
    Thanks Received:
    1,927
    Location:
    Oregon, USA
    Also run TDSSKiller. There might be something Malwarebyte's is missing. You said that you got this off your ISP's site, do they by chance use Java?
    de.das.dude says thanks.
    Crunching for Team TPU
  22. natr0n

    natr0n

    Joined:
    Jan 29, 2012
    Messages:
    1,786 (1.97/day)
    Thanks Received:
    919
    Backup data and fresh install is what I do in situations like this.
    de.das.dude says thanks.
  23. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    YES!!!!!!!!

    and there is this pop up with the jsp extention(java) that keeps wanting to come up. but opera is blocking it.

    i knew this couldnt be a coincidence.
  24. de.das.dude

    de.das.dude Pro Indian Modder

    Joined:
    Jun 13, 2010
    Messages:
    7,499 (5.00/day)
    Thanks Received:
    1,947
    i really dont know how to do that. never backed up. i usually fresh install. but i really need to backup this time! thanks beforehand
  25. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,328 (6.32/day)
    Thanks Received:
    3,354
    Location:
    IA, USA
    It's the same as going to Control Panel -> Administrative Tools -> Services.


    That happens everytime I update Java. I block it everytime.
    Crunching for Team TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page