I have problem with win32:malware-gen

[QNtas]

Hi, Jeffce srry for not writing so long i was haveing internet problems here it is that log. My system works normaly i think but why you laugh?
http://www.mediafire.com/?wxt19ifhbinrg0u

[jeffce]

Hi QNtas,

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
[2012.03.09 00:15:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Loc.Mail.Bron.Tok
[2012.03.09 00:15:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ok-SendMail-Bron-tok

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

----------

Next...update Malwarebytes, run a quick scan and the remove any threats found.  Once complete save the log created for your next post.
----------

In your next reply please post the logs made by OTL and Malwarebytes.  :)

[QNtas]

hi, somthing is wrong then i am trying to attach files so upload them
http://www.mediafire.com/?4zsmqdmagfpp2rg
http://www.mediafire.com/?bgh3yrzviydbabq
http://www.mediafire.com/?sziwu7o7ri8wftq

[jeffce]

Uploading them is just fine.  Many people seem to be having problems attaching files today so it isn't just you. 

I will return as quick as I can. 

[jeffce]

It seems we have some entries that don't want to remove.   

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------

[QNtas]

here it is, and it started happening again. avast blocking the same virus and i located (c:/users/liberties/liberties.exe and c:/users/public/public.exe) something like that srry for not good english
http://www.mediafire.com/?7etfx5u9hwbrn4f

[QNtas]

och srry (c:/users/public/libraries/libraries.exe)

[jeffce]

Hi QNtas,

Thanks for letting me know. 
----------

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

ClearJavaCache::

DirLook::
c:/users/liberties
c:/users/public

Folder::
c:\users\Admin\AppData\Local\Loc.Mail.Bron.Tok
c:\users\Admin\AppData\Local\Ok-SendMail-Bron-tok


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

[QNtas]

here it is
http://www.mediafire.com/?gbp1rr1x3rv2kx7

[jeffce]

Nice!!  Now open Malwarebytes, update it and run a Quick Scan then post the log into your next reply. 

[QNtas]

here you go
http://www.mediafire.com/?7et74fcx0cap5pa

[jeffce]

I should have had you do this before but please run a new scan with ESET and post the log that is created. 

[QNtas]

Hi jeffce, ESET found big amount of viruses ;/ http://www.mediafire.com/?kyrono154g2o5pr

[jeffce]

Hi,

Let's see about getting rid of those.    When OTL runs this fix it may take quite some time to remove because there is a lot. 
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:Files
C:\Users\Admin\Documents\Documents.exe
C:\Users\Admin\Documents\CAPCOM\DEVILMAYCRY4\DEVILMAYCRY4.exe
C:\Users\Admin\Documents\FIFA 12\FIFA 12.exe
C:\Users\Admin\Documents\FIFA 12\instance0\instance0.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Age of Empires 3.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\AI\AI.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\campaign\campaign.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\RM\RM.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Savegame\Savegame.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Trigger\Trigger.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Users\Users.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Rise Of Legends.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Mantas.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\AutoSaves\AutoSaves.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\Game Setup Files.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\CTW\CTW.exe
C:\Users\Admin\Documents\My Games\Skyrim\Skyrim.exe
C:\Users\Admin\Documents\My Games\Skyrim\Saves\Saves.exe
C:\Users\Admin\Documents\NFS Most Wanted\Mantas\Mantas.exe
C:\Users\Admin\Documents\OneNote Notebooks\Personal\Personal.exe
C:\Users\Admin\Documents\Outlook Files\Outlook Files.exe
C:\Users\Admin\Downloads\SoftonicDownloader_for_teamspeak.exe
C:\Users\Admin\Pictures\about.Brontok.A.html
C:\Users\Public\Public.exe
C:\Users\Public\trz3CE5.tmp
C:\Users\Public\Documents\Documents.exe
C:\Users\Public\Documents\trz46A6.tmp
C:\Users\Public\Documents\trz4753.tmp
C:\Users\Public\Downloads\Downloads.exe
C:\Users\Public\Downloads\trz4773.tmp
C:\Users\Public\Libraries\Libraries.exe
del C:\Users\Public\Libraries\trz*.tmp /f /q /c
del C:\Users\Public\Pictures\trz*.tmp /f /q /c
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
del "C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\trz*.tmp" /f /q /c
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
del "C:\Users\Public\Pictures\Sample Pictures\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Recorded TV.exe
del "C:\Users\Public\Recorded TV\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
del "C:\Users\Public\Recorded TV\Sample Media\trz*.tmp" /f /q /c
C:\Users\Public\Videos\Sample Videos\Sample Videos.exe
C:\Windows\AutoKMS.exe
del C:\Windows\ShellNew\trz*.tmp /f /q /c
C:\Windows\SoftwareDistribution\DataStore\Logs\trzB77C.tmp
C:\Windows\SoftwareDistribution\DataStore\Logs\trzC716.tmp
del C:\Windows\temp\_avast_\unp*.tmp /f /q /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

[QNtas]

HI, i think it looks better