Computer needs help

Devilmaycry876

Junior Member
Aug 16, 2007
8
0
0
Hi, I am new to the forums and pretty much a computer noob, but recently my computer has been acting weird recently. There have been slow downs in my video games such as Team Fortress 2 and Counterstrike that are non ping related my send and receiving ratios on my lan network are around 2million sent and 24 million received. There have been complete slow downs in my system as well as windows just shutting down by itself. Another thing that interested me was that my internet at times did not work and there seemed to be two pc's connected to my network which i am sure is not supposed to be there. So recently I bought AVG 8.0 total security to identify the problem and their rootkit scan told me i had 1 severe rootkit on my system as a hidden drive. I am not sure what to do and any suggestions would be helpful, if not i would have to completely system restore my computer which i dont really want to do. Here is my Hijackthis log any help would be appreciated. Thank you in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:35 PM, on 3/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Explorer.EXE
C:\Windows\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Isa\AppData\Local\Temp\Rar$EX02.909\StartupList.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5992 bytes
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
The safe and guaranteed thing to do is flatten your PC (repartition and reformat your hard drive) and re-install Vista and all your applications. Do you have UAC turned off?

A root kit can allow others to use your computer in any way they wish. They can install programs, read all your communications, send out SPAM, or change anything they want.
 

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
Hi, and welcome to Anandtech :)

Once your computer has a rootkit installed, it is 'owned', i.e. it is no longer your computer. The person who has installed the rootkit can do *anything* with the machine, including reading all your personal documents, and sniffing your credit card numbers when you buy something online. The rootkit is probably embedded so deeply in your system that it can easily hide itself from malware scans. If this happens to one of our servers we wipe all data from the disks and start from scratch - I strongly suggest you take backups and then do the same. Do not back up any programs though - they may be infected. Back up only documents and music etc.

When you wipe the drive you want to properly wipe it if possible - not just reinstall over the old stuff. This is best done with the format utility provided by your drive manufacturer.

When windows is installed again you should start paying careful attention to your security. The security forum here can help you but here are some basics - do you have a router? You want one. It acts as a firewall. If you have a router, is it set up properly? WPA wireless encryption should be turned on for example, and you should never use the DMZ. You should also never use an outdated browser (Internet Explorer 6 for example) to browse the web, or download software you do not trust, especially from crappy file sharing services.

Sorry to be the bearer of bad news. hope its not too much hassle to get back up and running.

 

Devilmaycry876

Junior Member
Aug 16, 2007
8
0
0
Ah...well thank you guys anyways, I'll do a system recovery today. Anyone know if vista uninstalls when you do a factory image system recovery on a dell? Also is there a list of usual places where a rootkit might come from so that i stay away from them in the future?
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Originally posted by: Devilmaycry876
Also is there a list of usual places where a rootkit might come from so that i stay away from them in the future?
Rootkits can be installed in ANY executable file. Don't install software unless you know where it came from and trust the source. Take software installation serously, since, once you click "OK", the installing program can pretty much do anything it wants to your PC.