1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG rootkit scan found these

Discussion in 'Virus & Other Malware Removal' started by Veryfrustratedus, Jul 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    THX now the buttons are working?! ???????????

    :-]
     
  2. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    My Machine is a Toshiba Sattelite L301-S5945 64bit Vista Home Premium

    The Threat-Win32:SuspBehav-d [Huer]
    Action taken-I moved it to the chest. Should I remove it?

    I just reinstalled the OS per dvk01. Then I got an email which was a phishing attempt from someone in Nigeria using a person from my contacts showing their email address as the source. I found the original source, Nigeria in the properties of the message. EDIT: I am wondering if since it is possible to send me an email that looks to be from somewhere it isn't, can the same hackers have routed my email client so that it will go through their machine or website on its way to mine when I startup my email client? It would explain how I got reinfected so quickly to me.
    Today I have used several newspapers, Hulu, pbs and did a search or two. I have not gone anywhere I would think was a dangerous place.
    I changed my ISP email passwords and the passwords from the sites I recall going to over the last few weeks.
    Is there a list of things I should change or do?
    Thx

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:24:44 PM, on 7/15/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Toshiba Registration\Registration.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\User1\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [951738463] C:\Program Files (x86)\Toshiba Registration\Registration.exe /r "C:\Program Files (x86)\Toshiba Registration\Registration.rpd"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 8284 bytes
     
  3. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    I'm adding in the log file of the latest Avast scan. I had not set the settings to save a log for the scan that found the threat. I am doing this because a l see a lot of "The process cannot access.." in it and that seems wrong. I am using IE to read papers and listen to the radio I don't think that should be causing so many system32 files to be blocked.

    Avast Scan 7-16-11
    C:\System Volume Information\{6e436283-ad74-11e0-9bb7-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{6e436289-ad74-11e0-9bb7-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{6e43628f-ad74-11e0-9bb7-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{6e436295-ad74-11e0-9bb7-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{6e43629b-ad74-11e0-9bb7-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{7f04955d-ad8c-11e0-849c-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{93abdc81-ada7-11e0-8531-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{9a8495d5-adb6-11e0-a070-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\System Volume Information\{a6f7cfb2-ada2-11e0-af64-001e33b79998}{3808876b-c176-4e48-b7ae-04046e6cc752} [E] Access is denied (5)
    C:\Users\User1\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EA5B9B42-AFAF-11E0-9561-001E33B79998}.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{2C3DCEEF-AFB2-11E0-9561-001E33B79998}.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EA5B9B43-AFAF-11E0-9561-001E33B79998}.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows Defender\FileTracker\{5624235F-2511-45B4-8610-ED9AC18D21D7} [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows Mail\edb.log [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows Mail\tmp.edb [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Temp\~DF106C.tmp [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Temp\~DFDD7E.tmp [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\AppData\Local\Temp\~DFFD6E.tmp [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Users\User1\ntuser.dat.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\SoftwareDistribution\Download\1f57887152913a39f9d4e570614e61bc\Windows6.0-KB944036-x64.cab|>241|>{gzip} [E] GZIP archive is corrupted. (42129)
    C:\Windows\SoftwareDistribution\Download\e8d36bbfe3ef21c587e85bdc7b755aaa\windows6.0-kb973917-v2-x64.cab|>292|> [E] ARJ archive is corrupted. (42120)
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\catroot2\edb.log [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\COMPONENTS [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\COMPONENTS.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\COMPONENTS.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\DEFAULT [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\DEFAULT.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\DEFAULT.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\COMPONENTS [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\DEFAULT [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\SAM [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\SECURITY [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\SOFTWARE [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\RegBack\SYSTEM [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SAM.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SAM.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SECURITY.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SECURITY.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SOFTWARE [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SOFTWARE.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SOFTWARE.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SYSTEM [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SYSTEM.LOG1 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\config\SYSTEM.LOG2 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\Temp\TMP0000005CBEFDA01E44E79025 [E] The process cannot access the file because it is being used by another process (32)
    C:\Windows\Temp\_avast_\Webshlock.txt [E] The process cannot access the file because it is being used by another process (32)
    Infected files: 0
    Total files: 641837
    Total folders: 31958
    Total size: 66.4 GB
    *
    * Scan stopped: Saturday, July 16, 2011 7:30:59 AM
    * Run-time was 58 minute(s), 31 second(s)
    *
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    That is all perfectly normal
    Locked files or access denied are normal & most antiviruses don't bother to report them

    why do you think that you have been reinfected, because you have received a phishing email
     
  5. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    No.
    I did and Avast scan and it showed me the Threat. I listed it at the beginning of this thread. I put it in the chest and asked if I should delete it. I am also having problems with my CPOU running at high levels above 80% and there are 12 SVCHosts running in task manager. They are running now as: system, network, system, system, local, system, network, local, network, local, system, system, local. This is after I shut down the two I mention below.
    I shut one down that was using 157,000K and another using 69,000K I'm playing freecell and have a webpage and my email client open. It had no effect on what I'm doing.
    I have come to find over the last few weeks that freecell slows down when something wrong is going on with the machine and Avast always finds a threat when it does. Freecell is slowing down.

    There is also an issue with updates. I have had the icon for an available update in the tray for days now. I have repeatedly clicked on it then deselected the item (IE9) and the icon stays in the tray. Today I went in and chose the check for updates but let me choose. I just noticed now that there are two available updates icons in the tray and that and my screen has flashed and gone blanki twice as I type this.
    I am goiung to restart as soon as I post this.
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    I don't think that there is a anything more we can do for you
    Either you have a malware that withstood a format & reinstall or something else you have on the computer keeps reinfecting you

    Or there is a different problem somewhere that isn't malware related at all

    It is normally extremely difiicult to infect a 64 bit computer so I think that you need to take the computer to a local repair shop where they can run other tests that can't be done from a forum
     
  7. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    Could you please answer these questions directly?


    What is this? Win32:SuspBehav-d [Heur] Should I delete it from the Avast chest?

    Why am I having so many large svchosts?

    Since it ispossible to make an email to me look like it came from someone I know, is it possible to reroute my email so that it goes through another machine first?
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,894
    Win32:SuspBehav-d [Heur] is a heuristic detection that might or might not be anything, leave it in the chest

    I have no idea why you have so many large svchosts but the last logs you posted showed everything as legitimate & ok
    the attached is my svchost processes on W7 64 bit & is perfectly normal
    I think it is because of the pending updates in yiour case
    I know you don't wantt IE9 so do this
    http://technet.microsoft.com/en-us/ie/gg615599#options
    Just unchecking the update in WU, means that you will continually be offered it

    No it is impossible to route your email through another machine first, UNLESS the email server is compromised or your ISP name server is compromised or something like that
    What is possible is someone to hack your router & intercept anything coming in or out of your connection ( if you have a weak or non existant encryption)
     
  9. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    720
    Thx
    I have a cable and cable modem.

    I guess the email was a last gasp to try to get me to respond. I am worried about what they might have seen of my personal stuff but I haven't purchased anything online in a long time online so there was likely no credit card info.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1006931