I made scan with Avast and it found something. See attachment. Avast asks my action, but I can not do anything because add button is greyed out? Why? And I tried those suggested actions, (move to quarantine, repair etc), but if I try to choose any of those actions the add button is always grey.

After that I made avast boot-time scan but it did not found nothing, strange.

http://files.myopera.com/stam1na/files/avast%20problem.jpg

Because they are processes in memory not files.
Do you use any other antimalware in your computer? Was it running at that time?

MBAM free, but it does not have real time protection enabled. And Windows defender, which comes with OS. Can these infections be removed? I need more advice.

Hmmm… I don’t think they’re properly infections.
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use Comodo Cleaning Essentials (CCE), or MBAM, or SUPERantispyware to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Read this instructions and provide more info with the logs generated.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.

If the infection avoids booting the computer, take a look here http://forum.avast.com/index.php?topic=79107.0

Isn’t this antivirus program? Can i install and use it with avast running? I will post OTL logs soon.
See attachments and comment!

what type of scan was this…was it a custom scan with “scan memory” ?

Yes, custom scan. I followed this guide: http://forum.avast.com/index.php?topic=53253.0
I also made scan with aswMBR, do I post it log here?

DO NOT use “scan memory” as it will give some strange scan results…

i recomend using the default quick / full scan with default settings…

you are not alone doing this today http://forum.avast.com/index.php?topic=83446.0

and if you search the forum you find many more…

What was the malware name and file name in the detections, I would be interested to know if it was Kelihos-S as the malware, the file name may well vary from that of the rundll32.exe in the link given by Pondus.

I have reported this in the hope that the actual signature will be analysed, rather than the different files that it is alerting on, albeit that these instances do appear to be detections in memory.

So save yourself some grief and don’t scan the memory, if they are in there it is too late.

OK, someone has pointed out my omission to view your image link in the first post.

I missed that, there are a few for Kelihos-S in two other topics, which I think is an FP on the signature as it is triggering on multiple files.

The mbamservice.exe one is I think is the usual unencrypted signatures detection. The detection on the avastUI.exe (the avast user interface) is an FP and most likely down to the intricacies/anomalies of the custom memory scan.

Mind you I don’t know what the Uhka: bit in front of the malware names signifies.

Mind you I don't know what the Uhka: bit in front of the malware names signifies.

Uhka: = threat

I have finnish language in Avast. “Uhka” is finnish and means threat, hazard

Thanks for the translation.

No apparent malware in the logs ;D

That’s good to hear! Made also second boot time scan and it found nothing. Still getting high CPU usage (80-100%) though after windows has started and it lasts few minutes. This can happen even if machine is idle. But it goes away. Don’t know what is causing this.

I have made the following:

1.Avast boot time scan with archive scanning; nothing found
2.OTL scan with custom scan; clean logs?
3.aswMBR scan; log below.
4.deleted temp files and restore points
5.OTL scan with default settings, as Pondus suggested. Log below.

Try setting Nokia not to autostart with the system ;D

5.OTL scan with default settings, as Pondus suggested. Log below.

avast quick / full scan with default setting
and if you are using custom scan do NOT select “scan memory”

???
“i recomend using the default quick / full scan with default settings…”
Your earlier post… Or have I misunderstood something, that might be possible :

5.OTL scan with default settings, as Pondus suggested. Log below.

Maybe I give up this hunt… Avast found nothing, Superantispyware found nothing etc, don’t know know what to do about the memory infection - maybe nothing?

High CPU usage after power up still bothers me, maybe its driver issue but I don’t know where to start troubleshooting. I don’t know if I have right chipset driver for my motherboard (ASUS M2N), ASUS does not support Windows 7 on this motherboard (http://support.asus.com/Download.aspx?SLanguage=en&m=M2N&p=1&s=24) so I have drivers from windows update.

Thanks for anyone who has tried to help.