so avast keeps finding win32:adaware-gen it started in a file i downloaded fom utorrent and the process name was the utorrent.exe i first moved it to chest right after i clicked ok it popped right bac up saying virus found so i then deleted once again it popped back up after i clicked ok [i tried it again a few more time with the same results] so then ignored it and manuly deleted the file so i was fine for abut 5 min then it comes up same infection but in PID3724 and its somewhere in c: its doing the same thing i click ok on anyoption and it comes righ back up also i looked in the virus chest there is nothin in there same with recycle bin i am currently running a full scan on avast pro and malwarebytes so far nothing but its weirdcause it keeps popping up with the virus found window over and over again
Hello kamikazikyle and welcome to the forum. 
You may have downloaded something from the Internet and have something in your temp. Internet files.
Clean your machine with the BOTH of the following:
-
CCleaner http://www.piriform.com/ccleaner is a freeware system optimization, privacy and cleaning tool. There is a Slim version available as well at http://www.piriform.com/ccleaner/builds. It removes unused files (cache, temporary Internet files, etc.) from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history.
-
Download TFC by OldTimer to your desktop.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
· Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
· It will close all programs when running, so make sure you have saved all your work before you begin.
· Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
· Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
If this does not fix your machine, in your next post, please post the following:
- What is your OS, 32 or 64-bit?
- What version of Avast did you install? 5.0.677 is the current version.
- What product of Avast did you install? Free, Pro, AIS?
- What other security software do you currently have or did you have in the past on this machine including antivirus (AV), firewall (FW), and other security programs? If they were in the past, how did you remove them (the vendor’s uninstaller’s tool or another way)?
i have already used ccleaner i use it daily [sorry i should have mentioned that ]
im downloading the tempfile cleaner now
i have windows 7 32 bit
i got avast pro and its version 5 and it updated this morning so what ever the current one is
i have malwarebytes spybot s&d ccleaner are my current programs i have windows firewall on
i have had multiple antiviruses including avg free [and non free version ] i have had the avast internet security and avast free i have also used the hitman pro cloud anti virus thing and most likley a few more i cant remember but i have been using avast since i upgraded from xp to vista then to 7 a fewmonths ago and all of those i uninstalled using either the ccleaner or the option in start menu
also seeing how it seemed to to not effect anything i ignored the current virusfound pop up then one more came up and it said it was in $recycle.bin but everything else was the same so i tried to delete it and moce it to chest with the same results as before so i just ignored it as well the scans are still running but neither have found anything i have yet to run a spybot scan but if avast and malwarebytes fail i was going to goto safemode and try the scans again i havent had any real problems other wise avast finding a virus and my computer just shuting itself off without anywarning a few days ago but i figured it was just overheating
but if avast and malwarebytes fail i was going to goto safemode and try the scans againdid you update Malwarebytes before you scanned ? if not run update and scan again and post the scan log here
I see a few issues:
- It appears that you have used multiple AV’s and have may have not uninstalled them using the vendor’s uninstaller tools, and this may present a conflict with current security software if remnents are left behind. As you know, you cannot run 2 resident AV’s at the same time or problems arise.
- Run the AVG uninstaller tool: AVG: http://static.avg.com/temporarily-unavailable/, then reboot.
- Check out this for other uninstaller tools: http://uninstallers.blogspot.com/
- If you did not use the Avast Uninstall Utility Tool to remove AIS and Free versions, you can find it here: http://www.avast.com/uninstall-utility, then reboot. I would do this last.
- On your version of SB&D, do you also have TeaTimer (TT)? Some users on the forum have reported problems with TT and Avast. You may want to uninstall TT to see if this helps:
- Uninstall Spybot S&D w/Teatimer: http://www.safer-networking.org/en/howto/uninstall.html . In addition, you need to go into Advanced settings to disable the resident protection (2 areas to possibly disable – Teatimer and some IE blocking), then de-immunize if the immunity has been set. That takes a minute or more sometimes. The run the program’s own uninstaller, which should be in the Add/Remove Programs.
You now mention that you have malware that you “ignored” instead of put it into quarentine. Please do the following:
- Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts – Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.
I will need to see your MBAM log as well as (preferably) a screen shot of the Avast Virus Chest in case I need to refer you to one of our malware removal experts. Thank you.
i didnt quarinteen it because when i did it popped back up withen seconds and i found no files in the quarinteen chest thing after i did so
i ran a malware bytes [updated] and it found one here is the log
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 5050
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/5/2010 10:28:06 AM
mbam-log-2010-11-05 (10-28-06).txt
Scan type: Full scan (C:|)
Objects scanned: 297181
Time elapsed: 1 hour(s), 47 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\user\Documents\Downloads\PowerISO.v4.6.WinAll.Incl.Keygen-CRD\crd.exe (TheftMarker.Crude) → Quarantined and deleted successfully.
i have no idea what theftmarker.crude is this is the first time i have ever seen anything like it and a google didnt give me much except that it might be a false postive i deleted anyway seeing how i didnt need that file and i havent had any problems since i did a boottime scan with avast and nothing came up
im going to run the uninstallers for the antiviruses i had
but do you recognize this ? PowerISO.v4.6.WinAll.Incl.Keygen-CRD
http://www.google.no/search?hl=no&q=PowerISO.v4.6.WinAll.Incl.Keygen-CRD&btnG=Søk&aq=f&aqi=&aql=&oq=&gs_rfai=
file detected CRD.EXE
http://spywarefiles.prevx.com/spywarefiles.asp?FXC=HCIG3446277
if you look in the “File name alias” you find names very similar to the above posted…
CRD.EXE
http://www.superantispyware.com/malwarefiles/CRD.EXE.html
I would wonder about the fact that it has Keygen in the name as it looks more like a crack to me than a legitimate program distribution/installation file.
Some sites that provide this with keygen are red flagged by WOT and the PowerISO program isn’t free. So if a keygen is used, it is hardly surprising if it brings a friend to the party or is detected.
i have already deleted the file downloaded it thru a private tracker but i ended up not using the file at all and forgot about it till this but since i delelted it i have been reallly slow aven a few freezes i have hijack this thing that i ran ima post the log file for that here also and see what you guys find cause i dont know what to look for
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:23 AM, on 11/8/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM..\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM..\Run: [Zune Launcher] “C:\Program Files\Zune\ZuneLauncher.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\RunOnce: [SpybotSnD] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” /autocheck
O4 - HKLM..\RunOnce: [aswAhAScr.dll] “C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe” “C:\Program Files\Alwil Software\Avast5\AhAScr.dll”
O4 - HKLM..\RunOnce: [aswsnxPlugins.dll] “C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe” “C:\Program Files\Alwil Software\Avast5\snxPlugins.dll”
O4 - HKCU..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU..\Run: [UniblueRegistryBooster] “C:\Program Files\Uniblue\RegistryBooster\launcher.exe” delay 20000
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O21 - SSODL: rundll32 - C:\Users\user\AppData\Roaming\rundll32.exe - (no file)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
–
End of file - 5461 bytes
i havent got anything on any scan i run im just really slow and it freezes up
i tried to do a safemode scan after i froze up but it did the same thing in there 3 times then i came back to normal mode and it hasen froze yet
i think i may have found out why im freezing i have like 12 different svchost.exe in the processes and they are using up alot of memory is that normal and if not how do i fix it?
HijackThis has been replaced with OTL.
Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Do not make changes to your machine after posting the OTL logs. Based on your OTL logs, we will refer you to our malware specialist, Essexboy. Thank you.
here is the log from otl
i also noticed mdm.exe in my processes so i googled it and it should be in system 32 but its not
my computer has also started turning itself off at random no warning at all
Essexboy have been notified, he enters the forum in 4-5 hours
Hi cracks will be the death of your system, they always bring friends to the party
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\avfwim.sys -- (avfwim) [2010/09/02 20:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/09/23 19:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ynya4yts.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O21 - SSODL: rundll32 - C:\Users\user\AppData\Roaming\rundll32.exe - CLSID or File not found. [2010/11/09 05:46:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\starwars kotor2 crack [2010/11/02 22:03:03 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Crack [2010/06/17 16:22:29 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
first im sorry it took so long to reply i went to my fathers for a couple days and left my laptop at home
second i believe the random shutting of has todo with something while im using alot of resources cause it happens when im gaming alot
also i disabled a core in the sconfig to try and get a game to work but when i went to renable it it only lists one core
im attaching the combo fix file and otl file
i cant seem to find the combo fix log file do you know where it would save at
There should also be an Extras Txt (part 2 of the OTL log) that you forgot to attach.
The Combo Fix file should be on your desktop.
Hi I can see no sign that combofix was run as the usual files it drops are not present - could you confirm that it did run
The file should be at c:\combofix.txt
yes it made my desktop dissapear multiple times while running and i saw the log file but i dont have any idea where it went after i closed it lol[i even ran a search via the start menu and founf no combofix.txt or log.txt that had todo with combofix] also i ran combo fix after i ran otl which is why those files wouldnt be there im goint to run it again and make sure i save it to desktop manuly i never saw a extras.txt but ill search for it
Yes to the desktop please - if it is saved elsewhere combofix can get confused ;D