Infected with Win32:malware.gen .... Please help !!!

[Hakimati]

Hello Everyone,
Suject: Infected with Win32:malware.gen

About 2 weeks ago I was infected by a google adware which redirected all of my searches in which an ad would appear in the the result I did full scan with MSE but nothing appeared while WOT showed that its harmful link  by googling I was able to solve that problem but I left me unsatisfied with MSE & hence I switched to avast but now I am getting a malware infection warning from avast from time to time but the full scan shows nothing.
When ever I start my pc & start firefox I get a alert from avast that firefox.exe in infected by Win32:malware.gen. it also quarantine 2 files DC5DCd01 & Windowsliveupdate.exe this as been happening for some time but due to thing was shown in full scan I did not bother much until I Goggled  for Win32:malware.gen. I have taken screen shots to provide my clam. On 10/aug/13 it shows that it have quarantine 2 files but the full scan on 10/8/2013 shows nothing.
I did when though the tread Logs to assist in cleaning malware And I have gone though all except  OTLPENet.exe  &  Farbar Recovery Scan Tool since dvd drvie is not working n I can not boot from cd … Also there is no problem for me in logging in 
 
 

[Asyn]

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

[Hakimati]

Also attaching more files & scan logs I did not when ahead with removal of any scan though b/c do not know if it o.k or not .......

[Hakimati]

All Log files ...........

[Hakimati]

More Log file from Hitmanpro. & combofix ............. Hope this Provide eunf help ........ Ask anything more  required

Thanks

[Asyn]

Rerun AdwCleaner, click "Delete" and post the new log.

[Hakimati]

Hello  Asyn,
Thanks you your help there is the log you asked

Rerun AdwCleaner, click "Delete" and post the new log.

[Asyn]

You're welcome, now you've to wait a bit...

[Pondus]

Malwarebytes log is not Attached......

[essexboy]

As you appear to have run CF and HMP after the OTL run could you run me a fresh OTL scan please so that I can see what remains

[Hakimati]

Hello Guys,

 CF and HMP  where runed yesterday i had run OLT today. Here am posting the results of  new OLT scan ...... also attaching Malwarebytes log ... 

[essexboy]

Once this has run could you let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vvplhsxg.sys -- (vvplhsxg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vlcncveg.sys -- (vlcncveg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vjmdupwr.sys -- (vjmdupwr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vggewfof.sys -- (vggewfof)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vflacxul.sys -- (vflacxul)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uuyyukwu.sys -- (uuyyukwu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uomivjgn.sys -- (uomivjgn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\suzchxxe.sys -- (suzchxxe)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\seingrgs.sys -- (seingrgs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qclrqyob.sys -- (qclrqyob)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nugohzgp.sys -- (nugohzgp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nnjhgqzk.sys -- (nnjhgqzk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncrvesfk.sys -- (ncrvesfk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncbjltpk.sys -- (ncbjltpk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kigtvwhw.sys -- (kigtvwhw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jqgkttlb.sys -- (jqgkttlb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jjfyotxo.sys -- (jjfyotxo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ipanliom.sys -- (ipanliom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ialzctay.sys -- (ialzctay)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxnoxvpj.sys -- (hxnoxvpj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hwqvpurh.sys -- (hwqvpurh)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\grydpqbc.sys -- (grydpqbc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\erivyaea.sys -- (erivyaea)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\epidkuvx.sys -- (epidkuvx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\enenxtty.sys -- (enenxtty)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KINGJO~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cfcaehds.sys -- (cfcaehds)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a99adoy9)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001..\Run: [AutoShutdown] "D:\Program" File not found
[2013-08-10 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\KING JOHN\Desktop\RK_Quarantine
[2010-12-07 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\KING JOHN\AppData\Roaming\AVG10
@Alternate Data Stream - 1256 bytes -> C:\ProgramData\Microsoft:9r3Xj8dK8iEgpCbxhml0vGgXO
@Alternate Data Stream - 1242 bytes -> C:\Program Files\Common Files\System:IaCdUaCTTZaaf5AJ2DmJX0
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:PpCyaffQLYPwMYFPjlef

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Hakimati]

Thanks essexboy for helping ....... Just before i run the scan can you tell me what did you find ....... that was wrong .........

[essexboy]

You have what look like old malware drivers (file not found ones)  Also and probably the cause of your problem were the ADS files attached to your program data folders

[Hakimati]

O.k ......... Before i run OTL i would like to thank everyone who helped me on this tread directly & indirectly ..... You guyz have been really help full Keep up the good work ............ I would come back if any thing else connected this tread appers ...........

THANKS    .......