I think I have a virus on my computer.. or at least a hacker who created a connection and I cannot get rid of it, at least I do not know how. When I start up the computer, it says there is a ‘Duplicate name on the network’. In my task manager, System [System] runs on 98,808k .. I had 3 tabs open on internet explorer and 3 iexplore.exe[User] were running, so i closed the other 2 tabs, and 1 extra still remains. 1 runs on 83,024k and the other runs on 20,552k. I have 8 svchost.exe running, 2 are a [Local Service], 2 are [Network Service], and 4 are [System]. Also a ehrecvr.exe [System] runs on 5,002k and my dllhost.exe runs on 6,232k. I check my Temp folder often because I notice that is where lots of virus' unpack and sure enough, a DAT file named Perflib_perfdata_208 was there that I could not access because it was in use. I also know something is up because when I mess around with their source alg.exe[Local Service], it will start feeding off of mcrdsvc.exe [Local Service]. I notice the CPU jump up from program to program even then nothing is being ran. I do a lot of research in trying to figure out what could help or get rid of virus’ and a website I found said ‘Unlocker’ would help delete files that are locked. I found in my C: 2 folders that have various numbers and letters in the title and in both of those there were 2 folders, each had 6 items in each folder that were not deleteable. I took the Unlocker and deleted those 2 folders, as well as I tried on the file in the Temp folder, but it erases itself before the Unlocker deletes it. I found out that mcrdsvc.exe is your Media Center and I have never opened or used it, I opened it and changed the settings, nothing happened. As well I found out that this kind of virus could be coming through adobe, and every page i access on the internet, the yellow bar pops up for the add-on Adobe Flash Player. When i read that, I uninstalled my adobe programs, then went to the Adobe website and downloaded the only ones that I needed and the yellow bar still pops up.
He may have been accessing my computer for a while now. My event viewer shows he is accessing it daily at different times.
3:45:05-3:45:19, the User: SYSTEM accessed the ccSetMgr twice, ccEvtMgr twice and ccProxy twice and at 3:45:22 the User: N/A opens ARSVC and LightScribe Service. At 3:47 the SYSTEM opens SNDSrv twice and at 3:49 the User: N/A opens LoadPerf. Later that night at 10:24 it does multiple ntbackup and encounters a few Errors. And form 11:14 PM to 12:21 AM, he accesses ccEvtMgr, ccproxy, NSCServic, SNDServc, ccSetMgr, avg9emc, IdriverT and my Security Center. The next day at 10:35:17 the User:N/A accesses the EventSystem and gets an Error, which at 10:35:22 produced 16 warnings. For the days after he accesses the many programs i have listed as well as PerfNet(Error), DrWatson, Media Center Reciever and Scheduler, crypt32, gusvc, and HHCTRL.
Can someone tell me how to get rid of this connection?
Sorry, my mistake, they are actually Network Services, the website won't let me edit what i wrote. As well, the event log I wrote about is the Application Log, and the System Log is filled by hourly usage every day.