I don't know if my computer is infected or what, but you've always helped me before!
Certain programs can run: Firefox, MS Word, Sony Reader. Others cannot: WinMail, anything from Startup menu, Explorer.
I have tried the System Restore, Last Known Good Config, and Startup repair - do not help.
I have been using Avast as my resident protection.
I have Windows Vista and it came with Windows Live One Care free 1-year subscription which I didn't renew, I don't know if that could have anything to do with this.
Following your instructions I have run:
TFC
ERUNT
Malwarebytes Anti-Malware: (see log below)
Super Anti Spyware: System always shuts down in the middle of the scan
Avast: It recommended a "Boot scan" which I did. It found a file called afageteko.dll that was infected with Win32:HiLot, and I moved that to the chest. It completed a full scan, see log below.
GMER: System shuts down during scan.
OTL: Log attached as file because when I try to cut and paste Firefox freezes.[attachment=43506:OTLlog.Txt]
I have heard that my model of HP Computer has other, hardware related problems, so maybe this isn't malware and I need to approach fixing it a different way, if so please let me know.
Many Thanks in Advance,
Erica
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928
7/16/2010 8:56:08 PM
mbam-log-2010-07-16 (20-56-08).txt
Scan type: Quick Scan
Objects scanned: 104500
Time elapsed: 4 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
...end of malwarebytes' log....
Avast Warning log:
12/28/2009 9:28:45 PM 1262064525 SYSTEM 2004 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/30/2009 6:12:45 AM 1262182365 SYSTEM 1976 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Windows\Temp\TMP00000045E377FEA28CF0783D" file.
2/2/2010 3:45:13 PM 1265154313 SYSTEM 1932 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://google.analyt...AVORP1KAV3.html (C:\Windows\TEMP\_avast4_\unp127919257.tmp) returning error, 00000005.
6/19/2010 4:36:26 PM 1276990586 SYSTEM 1916 Sign of "JS:Pdfka-AHT [Trj]" has been found in "http://uoptyr.com/vty/mjqqtn/pgtcz.pdf\{gzip}" file.
6/20/2010 10:44:19 AM 1277055859 SYSTEM 1908 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Family Notebook\AppData\Local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 10:44:39 AM 1277055879 SYSTEM 1908 Sign of "Win32:Malware-gen" has been found in "C:\Users\Family Notebook\AppData\Local\itilo2.dll" file.
6/20/2010 4:39:54 PM 1277077194 SYSTEM 1908 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Family Notebook\AppData\Local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 4:40:38 PM 1277077238 SYSTEM 1908 Sign of "Win32:Malware-gen" has been found in "C:\Users\Family Notebook\AppData\Local\itilo2.dll" file.
6/20/2010 4:49:43 PM 1277077783 Family Notebook 4448 Sign of "Win32:Trojan-gen" has been found in "c:\users\family notebook\appdata\local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 7:01:47 PM 1277085707 Family Notebook 4448 Sign of "Win32:Malware-gen" has been found in "c:\users\family notebook\appdata\local\itilo2.dll" file.
7/10/2010 9:53:39 AM 1278780819 SYSTEM 1916 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/10/2010 5:17:16 PM 1278807436 SYSTEM 1892 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/10/2010 5:22:56 PM 1278807776 SYSTEM 1892 Sign of "Win32:Hilot [Trj]" has been found in "C:\$RECYCLE.BIN\S-1-5-21-163173156-1999937883-758274351-1000\$RGLE8BW.dll" file.
7/16/2010 9:22:33 PM 1279340554 SYSTEM 1960 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/16/2010 9:39:55 PM 1279341595 Family Notebook 1956 Sign of "Win32:Hilot [Trj]" has been found in "c:\users\family notebook\appdata\local\afageteko.dll" file.
Avast Boot Log:
CmdLine - quick
aswBoot.exe /A:"*" /L:"English" /KBD:3
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\Program Files\Alwil Software\Avast4\DATA
PROG=C:\Program Files\Alwil Software\Avast4
BUILD=1368
Windows Vista Home Premium Service Pack 2
SystemRoot=C:\Windows
TEMP=C:\Windows\TEMP
TMP=C:\Windows\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
cmnbInit
SetFolders
SetFolders end
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"English" /KBD:3
CmdLine end
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,45,00,6E,00,67,00,6C,00,69,00,
73,00,68,00,22,00,20,00,2F,00,4B,00,42,00,44,00,
3A,00,33,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
FreeMemory: 2299265024
g_dwKbdNum: 3
avworkInitialize
s_dwKbdClassCnt: 3
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
0, 99, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 99, 3, 0, 0
FreeMemory: 2191163392
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *RAW:C:\ [Fs: 002700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:D:\ [Fs: 002700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
CKbBuffer::Get
0, 7, 0, 0, 0
GetKey end (6/36)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 6
0, 7, 1, 0, 0
0, 95, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 95, 3, 0, 0
0, 95, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 95, 3, 0, 0
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 3, 0, 0
avfilesScanRealMulti finished
avworkClose
Checking deleted files:
MarkFileRemoval
MarkFileRemoval end
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog
...there may be more Avast logs, I'm not sure what's what....
OTL Log