Infected with Win32:malware.gen .... Please help !!!

Hello Everyone,
Suject: Infected with Win32:malware.gen

About 2 weeks ago I was infected by a google adware which redirected all of my searches in which an ad would appear in the the result I did full scan with MSE but nothing appeared while WOT showed that its harmful link by googling I was able to solve that problem but I left me unsatisfied with MSE & hence I switched to avast but now I am getting a malware infection warning from avast from time to time but the full scan shows nothing.
When ever I start my pc & start firefox I get a alert from avast that firefox.exe in infected by Win32:malware.gen. it also quarantine 2 files DC5DCd01 & Windowsliveupdate.exe this as been happening for some time but due to thing was shown in full scan I did not bother much until I Goggled for Win32:malware.gen. I have taken screen shots to provide my clam. On 10/aug/13 it shows that it have quarantine 2 files but the full scan on 10/8/2013 shows nothing.
I did when though the tread Logs to assist in cleaning malware And I have gone though all except OTLPENet.exe & Farbar Recovery Scan Tool since dvd drvie is not working n I can not boot from cd … Also there is no problem for me in logging in

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

Also attaching more files & scan logs I did not when ahead with removal of any scan though b/c do not know if it o.k or not …

All Log files …

More Log file from Hitmanpro. & combofix … Hope this Provide eunf help … Ask anything more required

Thanks

Rerun AdwCleaner, click “Delete” and post the new log.

Hello Asyn,
Thanks you your help there is the log you asked

Rerun AdwCleaner, click “Delete” and post the new log.

You’re welcome, now you’ve to wait a bit…

Malwarebytes log is not Attached…

As you appear to have run CF and HMP after the OTL run could you run me a fresh OTL scan please so that I can see what remains

Hello Guys,

CF and HMP where runed yesterday i had run OLT today. Here am posting the results of new OLT scan … also attaching Malwarebytes log …

Once this has run could you let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vvplhsxg.sys -- (vvplhsxg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vlcncveg.sys -- (vlcncveg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vjmdupwr.sys -- (vjmdupwr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vggewfof.sys -- (vggewfof)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vflacxul.sys -- (vflacxul)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uuyyukwu.sys -- (uuyyukwu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uomivjgn.sys -- (uomivjgn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\suzchxxe.sys -- (suzchxxe)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\seingrgs.sys -- (seingrgs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qclrqyob.sys -- (qclrqyob)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nugohzgp.sys -- (nugohzgp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nnjhgqzk.sys -- (nnjhgqzk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncrvesfk.sys -- (ncrvesfk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncbjltpk.sys -- (ncbjltpk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kigtvwhw.sys -- (kigtvwhw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jqgkttlb.sys -- (jqgkttlb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jjfyotxo.sys -- (jjfyotxo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ipanliom.sys -- (ipanliom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ialzctay.sys -- (ialzctay)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxnoxvpj.sys -- (hxnoxvpj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hwqvpurh.sys -- (hwqvpurh)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\grydpqbc.sys -- (grydpqbc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\erivyaea.sys -- (erivyaea)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\epidkuvx.sys -- (epidkuvx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\enenxtty.sys -- (enenxtty)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KINGJO~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cfcaehds.sys -- (cfcaehds)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a99adoy9)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001..\Run: [AutoShutdown] "D:\Program" File not found
[2013-08-10 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\KING JOHN\Desktop\RK_Quarantine
[2010-12-07 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\KING JOHN\AppData\Roaming\AVG10
@Alternate Data Stream - 1256 bytes -> C:\ProgramData\Microsoft:9r3Xj8dK8iEgpCbxhml0vGgXO
@Alternate Data Stream - 1242 bytes -> C:\Program Files\Common Files\System:IaCdUaCTTZaaf5AJ2DmJX0
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:PpCyaffQLYPwMYFPjlef

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks essexboy for helping … Just before i run the scan can you tell me what did you find … that was wrong …

You have what look like old malware drivers (file not found ones) Also and probably the cause of your problem were the ADS files attached to your program data folders

O.k … Before i run OTL i would like to thank everyone who helped me on this tread directly & indirectly … You guyz have been really help full Keep up the good work … I would come back if any thing else connected this tread appers …

THANKS :smiley:

Do you wish me to remove the tools prior to you going ?

Here is the Result of the OTL scan with fix … I will remove all tools when you say its over i just require 1 av and have comodo firewall i do keep Malwarebytes just as a backup … it freeware :smiley:

If there are no further problems

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK

http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg

[]Follow the prompts on the screen
[
]A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

https://dl.dropbox.com/u/73555776/disc%20clean.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

:smiley: Very nice walk thought thanks … about Trusteer http://www.wilderssecurity.com/showthread.php?t=320410 This do not seems to be very encouraging … As for java i think i can live without it …

recomended if you use removable media http://www.mcshield.net/ it is install and forget :wink: