HELP WITH WIN32: ADWARE-GEN (ADW).. PLEASE!!

[xkiszx]

I cannot delete nor move it to the chest. It always says " Error: The system cannot find the file specified (2) " .. How can I delete it?? Please help.

[SafeSurf]

Hello xkiszx and welcome to the forum,

Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner Settings:  Check all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts -- Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.

Questions:
1. What is your OS
2. What version and product of Avast do you have?

Other suggestions:
1. Depending on your OS and version of Avast, try to run a boot-time scan with Avast.  Should anything come up, put it in the Virus Chest and report back with a screen shot or type exactly what the infected file is in the Chest.

2. If none of the above help, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode).  When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). 

Please let us know if you have any questions.  Thank you.

[xkiszx]

Questions:
1. What is your OS
-Windows XP
2. What version and product of Avast do you have?
-Avast Free. Ver. 5.0.864

Thanks.. I'm scanning my computer now with the malware. I'll post the details after the scan. Thanks again.

[xkiszx]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5486

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2011 5:47:10 PM
mbam-log-2011-01-09 (17-47-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 230279
Time elapsed: 1 hour(s), 47 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 92
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 63
Files Infected: 931

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.

[xkiszx]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5486

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2011 5:47:10 PM
mbam-log-2011-01-09 (17-47-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 230279
Time elapsed: 1 hour(s), 47 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 92
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 63
Files Infected: 931

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> No action taken.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.

The log exceeds the character limit.. so I just zip it.. Here it is:


LOG

[CharleyO]

***

A very infected computer but I will let SafeSurf continue to help you.


***

[SafeSurf]

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode).  When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I was unable to open your complete MBAM log, but from what I see, you have problems.

I need you to follow the above directions and attach the two (2) OTL logs in an ANSI format.  See directions above on how to attach a file to the post in the forum.

I am going to refer you to our Certified Malware expert, named Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time.  He will respond to you in this thread, so remember to check this thread daily.  I will continue to provide assistance in the meantime, then remain in the background while he works with you.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc.

***Please do not make any further changes to your machine after you have provided the logs.***

Let me know if you have any questions.  Thank you.

[Pondus]

almost everything detected is adware and some PUP (possible unwanted program)
can not see anything serious.......does not mean there can`t be, so follow SafeSurf suggestion and post the OTL log`s

but your MBAM log say "NO ACTION TAKEN"
you need to click the "REMOVE SELECTED" button after the scan to quarantine the infections.....
so if you have not done it, update mbam, scan again and click the remove selected button...

[SafeSurf]

but your MBAM log say "NO ACTION TAKEN"
you need to click the "REMOVE SELECTED" button after the scan to quarantine the infections.....
so if you have not done it, update mbam, scan again and click the remove selected button...

Pondus, I was concerned with the amount of files infected, that this may cause harm to the OP's machine; I was aware of the "no action taken" in MBAM.  Therefore I opted to have the OP perform an OTL instead to see what is going on and then have Essexboy take over from there.

@ xkiszx, Please continue with obtaining the OTL files and attach to your post as soon as possible.  Essexboy has been notified and will be waiting for them and continue to follow my above instructions.  Thank you.