Solved Please Help!

[dreemwarrior]

I am losing ownership/control of my files!! I had posted for help a few days ago, with no responses. I know the post may have souned odd, in regards to what was happening, but now its real bad. Here's what I have done so far:
I managed to almost narrow down the culprit file to one of the svchost.exe files.(searchindexer.exe) PID 5240 Or that was the ID at the time anyway. I ran process explorer in hopes of killing the process to gain some control over my drives. (They were working overtime)
I stopped these processes:

STFnUP.exe ID 7088
Lanman
Seclogon
RasAuto

Also, I disabled indexing of .xml files in hopes that would ease up some of the resource nabbing as well as disabling Remote Registry.

The system file "trusted installer" was disabled as were VSS, and windows search.
I tried to take a snip to post, but permissions were gone, and right under "administrators" in users, was "account unknown" with a login ID (s-1-5-5-0-344045)
Who has full permissions. I ran SFC bat, but as soon as it finished, the window closed. And I dont know the log command.
HELP Please...

PS I did try sys restore...not happening.

Forgot to mention the biggest factor at the moment: I can't get to my desktop, because of the windows that I was snipping are froze in place along with the snip tool, and it covers the entire screen. Any way to force a kill if you dont know the PID?

 

[Brink]

Hello DreamWarrior,

It sounds like you may need to do a custom or clean install of Vista.

 

[usasma]

SearchIndexer is frequently blamed for causing problems - but IME it's not ofter the cause, but rather it's the visible symptom of another problem (usually an issue with misbehaving 3rd party software).

Tweaking a system is very dependent upon going slowly, taking one step at a time, and thoroughly testing before moving on to the next tweak. With the number of changes that you've described I'm not surprised that you're having difficulties.

Can you access the Task Manager by pressing Ctrl-Shift-Esc? If so, use that to kill processes.

Have you done a malware scan? This "feels" like a malware infection to me.
I'd seriously consider backing up your data and then following Brink's advice to wipe and reinstall (it'll take less time than going through the different setting changes that could have done this).

 

[dreemwarrior]

Thanks for the input guys. At the time of this post, I wasn't able to do much of anything. I couldnt get past the frozen snippet of my screen. I managed to finally get to the cmd, and had to force admin, and eventually did a sys restore. I'm not feeling very confident in it, though. The oldest restore point I had was the same day I started having issues. The plus side is that I now have all the logs from that time, which was lost prior to restore. If you think yall can decipher them, I'll post. I have a second internal HD that has an iso on it, but it has the same date as restore point. I'm POSITIVE I wouldnt have make a bad image, but still...If I do end up having to back up files and do a clean install, is there a way to verify the files beforehand, other than scanning with basic software? I'd still like to know WHAT prompted this. My gut says trend failed.

 

[Danthemans2]

I am not sure with this but I have used something to see what program has what file or directory open.
It's called Process Explorer
Process Explorer

 

[dreemwarrior]

I am not sure with this but I have used something to see what program has what file or directory open.
It's called Process Explorer
Process Explorer

That's exactly what I used. And when I narrowed the processes down to a svchost file(a task in the exe I should say) and paused it, all went downhill from there. I just found none of the snippings I took just prior to restore. If you'll notice searchindexer properties on the left, and look at users...theres a few out of place items in that shot if you look close.
I hope this is ok to post. The reasone being is I'm right back where I started from my original post. But if there's a way around a clean install, let me know. I'm in.

 

[dreemwarrior]

I am not sure with this but I have used something to see what program has what file or directory open.
It's called Process Explorer
Process Explorer

ooops...sorry Here it is.

 

[Danthemans2]

I know this sounds weird and looks dumb but anything is worth a try right, but create an account under the control panel name it whatever. Then (I know the pictures are on XP, I'm having an issue trying to install vista) open up the system properties window, click on settings to user profiles, or something similar to that on vista, and (look at the picture) try to delete the unknown account, then tell me what happens.

 

[dreemwarrior]

Yeahh when I go to 'manage another account', it just asks if I want to turn on guest account. There isnt another acct that I can see.Just system,users,admin and installer. I wish it were XP...or 7 at least.
Is anyone here a disk management guru? I'm thinking if I have to do this again, and I just installed another 3/4 TB, I want to get the most out of this quad core, and manage it better that I thought I was. I bought Acronis disk director suite, but I'm nervous about jumping off in there alone....in the dark But seriously, I want to start playing around in PE's(have a few) just dont know enough about what NOT to do yet. Any advice/ tutoring would be deeply appreciated

 

[dreemwarrior]

Ok,Heres where I am so far. If someone wouldn't mind taking a look at these log files and give their opinion, I'd appreciate it. I know I may be delaying the inevitable, but no one likes a quitter,right? I ran a tmp cleaner, backed up registry files with ERUNT,scanned with Trend twice,Malwarebytes, and sfc. (Which showed nothing I could see)
And I don't want to "Fix" the wrong files.

 

[jp07764]

I think you should quit while you are ahead.
Throw up the white flag and wipe the drive.
Do a clean install.
Besides the svchost file is a main process.
Read this http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/ this is from another forum.
The time you spent tring to fix it you could have been up and running already.
Sorry to sound like a downer but have been there myself.
You learn from experience.

Jimmy

 

[dreemwarrior]

I think you should quit while you are ahead.
Throw up the white flag and wipe the drive.
Do a clean install.
Besides the svchost file is a main process.
Read this What is svchost.exe And Why Is It Running? :: the How-To Geek this is from another forum.
The time you spent tring to fix it you could have been up and running already.
Sorry to sound like a downer but have been there myself.
You learn from experience.

Jimmy

I know. Just think I needed confirmation.
And thanks again for everyones input. This is a great forum with a wealth of experience.

 

[lil domii]

I am not sure with this but I have used something to see what program has what file or directory open.
It's called Process Explorer
Process Explorer

ooops...sorry Here it is.

on the svchost properties, it seems you have an account that isn't recognized? maybe try setting up another, or enabling the admin account.

Dom

 

[dreemwarrior]

Update: With good direction taken from Lil domii and everyone else here at the forum, I ( after another day of head banging on desk) opted to back up all files to flash drives, and cd,rebooted from Vista restore disk, reformatted all internal drives, reinstalled Vista OS on primary drive, installed all system drivers-antivirus-downloaded updates: in that order. Hint: If you find the need to do a clean install of Vista, and you are working with multiple drives, it would save a few HRS and curses by using a disk management/partitioning software form the start. (I didn't) Thanks for everyone's input! I think I'll stick around this forum...way too much knowledge here to pass up!

 

[lil domii]

Update: With good direction taken from Lil domii and everyone else here at the forum, I ( after another day of head banging on desk) opted to back up all files to flash drives, and cd,rebooted from Vista restore disk, reformatted all internal drives, reinstalled Vista OS on primary drive, installed all system drivers-antivirus-downloaded updates: in that order. Hint: If you find the need to do a clean install of Vista, and you are working with multiple drives, it would save a few HRS and curses by using a disk management/partitioning software form the start. (I didn't) Thanks for everyone's input! I think I'll stick around this forum...way too much knowledge here to pass up!

lol...