Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possibly Infected (Erica)

Started by Erica Kline , Jul 17 2010 12:16 PM

  • Please log in to reply

#1
Erica Kline
Posted 17 July 2010 - 12:16 PM

Erica Kline

    Member

  • Member
  • PipPip
  • 29 posts
Hello All,

I don't know if my computer is infected or what, but you've always helped me before!

Certain programs can run: Firefox, MS Word, Sony Reader. Others cannot: WinMail, anything from Startup menu, Explorer.

I have tried the System Restore, Last Known Good Config, and Startup repair - do not help.

I have been using Avast as my resident protection.

I have Windows Vista and it came with Windows Live One Care free 1-year subscription which I didn't renew, I don't know if that could have anything to do with this.

Following your instructions I have run:

TFC

ERUNT

Malwarebytes Anti-Malware: (see log below)

Super Anti Spyware: System always shuts down in the middle of the scan

Avast: It recommended a "Boot scan" which I did. It found a file called afageteko.dll that was infected with Win32:HiLot, and I moved that to the chest. It completed a full scan, see log below.

GMER: System shuts down during scan.

OTL: Log attached as file because when I try to cut and paste Firefox freezes.[attachment=43506:OTLlog.Txt]

I have heard that my model of HP Computer has other, hardware related problems, so maybe this isn't malware and I need to approach fixing it a different way, if so please let me know.

Many Thanks in Advance,

Erica


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

7/16/2010 8:56:08 PM
mbam-log-2010-07-16 (20-56-08).txt

Scan type: Quick Scan
Objects scanned: 104500
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

...end of malwarebytes' log....


Avast Warning log:
12/28/2009 9:28:45 PM 1262064525 SYSTEM 2004 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/30/2009 6:12:45 AM 1262182365 SYSTEM 1976 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Windows\Temp\TMP00000045E377FEA28CF0783D" file.
2/2/2010 3:45:13 PM 1265154313 SYSTEM 1932 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://google.analyt...AVORP1KAV3.html (C:\Windows\TEMP\_avast4_\unp127919257.tmp) returning error, 00000005.
6/19/2010 4:36:26 PM 1276990586 SYSTEM 1916 Sign of "JS:Pdfka-AHT [Trj]" has been found in "http://uoptyr.com/vty/mjqqtn/pgtcz.pdf\{gzip}" file.
6/20/2010 10:44:19 AM 1277055859 SYSTEM 1908 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Family Notebook\AppData\Local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 10:44:39 AM 1277055879 SYSTEM 1908 Sign of "Win32:Malware-gen" has been found in "C:\Users\Family Notebook\AppData\Local\itilo2.dll" file.
6/20/2010 4:39:54 PM 1277077194 SYSTEM 1908 Sign of "Win32:Trojan-gen" has been found in "C:\Users\Family Notebook\AppData\Local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 4:40:38 PM 1277077238 SYSTEM 1908 Sign of "Win32:Malware-gen" has been found in "C:\Users\Family Notebook\AppData\Local\itilo2.dll" file.
6/20/2010 4:49:43 PM 1277077783 Family Notebook 4448 Sign of "Win32:Trojan-gen" has been found in "c:\users\family notebook\appdata\local\hbtwskyom\tbdgryntssd.exe" file.
6/20/2010 7:01:47 PM 1277085707 Family Notebook 4448 Sign of "Win32:Malware-gen" has been found in "c:\users\family notebook\appdata\local\itilo2.dll" file.
7/10/2010 9:53:39 AM 1278780819 SYSTEM 1916 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/10/2010 5:17:16 PM 1278807436 SYSTEM 1892 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/10/2010 5:22:56 PM 1278807776 SYSTEM 1892 Sign of "Win32:Hilot [Trj]" has been found in "C:\$RECYCLE.BIN\S-1-5-21-163173156-1999937883-758274351-1000\$RGLE8BW.dll" file.
7/16/2010 9:22:33 PM 1279340554 SYSTEM 1960 Sign of "Win32:Hilot [Trj]" has been found in "C:\Users\Family Notebook\AppData\Local\afageteko.dll" file.
7/16/2010 9:39:55 PM 1279341595 Family Notebook 1956 Sign of "Win32:Hilot [Trj]" has been found in "c:\users\family notebook\appdata\local\afageteko.dll" file.


Avast Boot Log:
CmdLine - quick
aswBoot.exe /A:"*" /L:"English" /KBD:3
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\Program Files\Alwil Software\Avast4\DATA
PROG=C:\Program Files\Alwil Software\Avast4
BUILD=1368
Windows Vista ™ Home Premium Service Pack 2
SystemRoot=C:\Windows
TEMP=C:\Windows\TEMP
TMP=C:\Windows\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
cmnbInit
SetFolders
SetFolders end
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"English" /KBD:3
CmdLine end
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,45,00,6E,00,67,00,6C,00,69,00,
73,00,68,00,22,00,20,00,2F,00,4B,00,42,00,44,00,
3A,00,33,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
FreeMemory: 2299265024
g_dwKbdNum: 3
avworkInitialize
s_dwKbdClassCnt: 3
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
0, 99, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 99, 3, 0, 0
FreeMemory: 2191163392
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *RAW:C:\ [Fs: 002700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:D:\ [Fs: 002700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
CKbBuffer::Get
0, 7, 0, 0, 0
GetKey end (6/36)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 6
0, 7, 1, 0, 0
0, 95, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 95, 3, 0, 0
0, 95, 2, 0, 0
GetKey end (?/ff)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 95, 3, 0, 0
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 2, 0, 0
GetKey end (?/fd)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
0, 28, 3, 0, 0
avfilesScanRealMulti finished
avworkClose
Checking deleted files:
MarkFileRemoval
MarkFileRemoval end
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog

...there may be more Avast logs, I'm not sure what's what....

OTL Log
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP