Then there is a device on my pc and I can not see it, as I don't know much. Here is some extra information:
- The RPC Remote Process Control is working like crazy.
- When I used Windows XP, during shut down, it mentioned that it was terminating the Internet connections. Is that normal? What was it terminating as I had no connections to the internet.
- Once, I saw my firewall block a command/file called ping. I checked it on the Internet and I found that it checks out if you are on line. Why did the command start running out of nowhere? I am not part of a Network. I do not have an internet connection.
- Most or all of the programs I use, even simple arcade games, try to perform actiong through Iscvhost.exe-irpcss and RPC (Remote process control).
- DHCP, DNS, SMB, NAStatus UI, LP Remote, I will not pretend I know what these thing are, but they have run on a daily basis. Once my firewall blocked a java script.
- I had a problem with svchost files, Local Network. One or two of its proccesses and one of the SYSTEM as well, were causing my CPU use reach 100%. This started when I tried to install a firewall program "On line Armor". I had to terminate these proccesses to finish the installation. My pc kept running without any problems despite terminating these proccesses.
- All the programs running on my desktop keep trying to access and modify my registry. Even paintbrush. Additionally, all programs try to control my firewall! Not the other way around! I can see it as a notification by the firewall. Even paintbrusth. The programs perform these actions through DNS resolver/RPC!
- Once a program was trying to connect to the Network using DNS resolver/RPC through svchost. It was referring to a recursive type of connection.
- My screen turned blue a few days after that as soon as Windows started and I had to reinstall Vista. I don't know what caused this.
- Power Bios server with the server RPC CONTROL\OLEEE8087F002824DC6A2060115E55A and svchost as a port was trying to control a network enebled connection using OLE.
- There is a Local connection but it says that the wire is disconnected. It uses Web client, my firewall driver,QoS, shares (files, printers), TCP Ipv6, TCP Ipv4, I/O and something like answering detectionplace of connection, level.
- There are incidents like: system,workgroup, 0*3e7, process 0*26c, services.exe, advapi, negotiate,
And another that says: null sid, 0x0, type 3, anonymous logon, NT Authority, 0x60920, GUID (00000000-0000-0000-0000-000000000000), 0x0, NTLMssp, NTLM. What's that?
- I ran the commant ipconfig show helpers. It was full of details like proxy server, RPC, DNS ....
- the service of Telephony is running on my PC. What equipment do I have for this to happen?
- I tried to install a firewall program some days ago and since it required an internet connection, it opened Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." It even required a password and username. At first I thought it was the program, but now I am thinking that it could be that I need the password to connect to the Web. I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?
I read a magazine article lately which explained that you can access a pc just through its network card. That a series of programs like Web client, DNS, IPV6, και 4, Ι/Ο e.t.c collaborate for this to happen. All these programs run on my pc like crazy, I get notifications from the firewall. The article said that to do this you need a hacking tool and that the rest is done by a worm. It is called "conficker/Kido". That the worm creates a cory of the svchost file and takes control of the system. It even starts procedures, like the ones of Local Network I had to terminate due to CPU reaching 100%. My ad-aware Pro antivirus had once detected Kido/conficker. I kept removing it and adding it to the quarantine but everytime a ran a new scan, it was there. I finally never saw it again.
If I have anderstood the procedure. On reverse connection the Web Client opens a port and then they can connect using their router. That they use the Outbound connections created by the firewall.
I think that something like this is what is happening here.
These are my Web adopters (if I am saying it right), in Managing devices:
How can they be there since, as far as I know, I don't have a wireless card? And does them being there proove that I have one?
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER
In Mobile Devices: There is a Windows Mobile Device (Since reinstalling Windows, it has been trying to download its drivers)
I am willing to attatch any data you will need, from my pc. I have many screenshots.
Technitians say I should perform a format but I know they will be in my system before I even start the Windows. I have already tried this option. It does not shut them off.
PLEASE, I know it’s a lot of work.
