I have problem with win32:malware-gen

[jeffce]

Hi QNtas,

Yes but I need to see a couple of things first.  You had an infection with a specific worm and it went crazy in your system. 

Was there a log created after you ran this last OTL fix showing what was removed?  If so post that please. 
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={1AC2C624-E9E9-11E0-80EA-CCAF785422B8}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 29 6A E5 03 08 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={1AC2C624-E9E9-11E0-80EA-CCAF785422B8}
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
[2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

--------------

Open Malwarebytes, update it and then run a new Quick Scan and save the log for your next reply.
-------------

Run a new scan with ESET online scanner and save that log for your next reply.
------------

In your next reply I need the logs created by OTL, Malwarebytes and ESET online scanner. 

[QNtas]

no log was created

[jeffce]

Do you mean with ESET

[QNtas]

you asked that (Was there a log created after you ran this last OTL fix showing what was removed?  If so post that please. ) so there wont be created any log after i run OTL fix

[jeffce]

Oh ok....

When you get the new OTL, Malwarebytes and ESET logs post those please. 

[QNtas]

sorry that tooks so long http://www.mediafire.com/?11iki185uv7lk8u

[jeffce]

Hi,

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:Files
C:\Users\Admin\Documents\Documents.exe
C:\Users\Admin\Documents\CAPCOM\DEVILMAYCRY4\DEVILMAYCRY4.exe
C:\Users\Admin\Documents\FIFA 12\FIFA 12.exe
C:\Users\Admin\Documents\FIFA 12\instance0\instance0.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Age of Empires 3.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\AI\AI.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\campaign\campaign.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\RM\RM.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Savegame\Savegame.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Trigger\Trigger.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Users\Users.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Rise Of Legends.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Mantas.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\AutoSaves\AutoSaves.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\Game Setup Files.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\CTW\CTW.exe
C:\Users\Admin\Documents\My Games\Skyrim\Skyrim.exe
C:\Users\Admin\Documents\My Games\Skyrim\Saves\Saves.exe
C:\Users\Admin\Documents\NFS Most Wanted\Mantas\Mantas.exe
C:\Users\Admin\Documents\OneNote Notebooks\Personal\Personal.exe
C:\Users\Admin\Documents\Outlook Files\Outlook Files.exe
C:\Users\Admin\Downloads\SoftonicDownloader_for_teamspeak.exe
C:\Users\Admin\Pictures\about.Brontok.A.html
C:\Users\Public\Public.exe
C:\Users\Public\trz3CE5.tmp
C:\Users\Public\Documents\Documents.exe
C:\Users\Public\Documents\trz46A6.tmp
C:\Users\Public\Documents\trz4753.tmp
C:\Users\Public\Downloads\Downloads.exe
C:\Users\Public\Downloads\trz4773.tmp
C:\Users\Public\Libraries\Libraries.exe
del C:\Users\Public\Libraries\trz*.tmp /f /q /c
del C:\Users\Public\Pictures\trz*.tmp /f /q /c
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
del "C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\trz*.tmp" /f /q /c
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
del "C:\Users\Public\Pictures\Sample Pictures\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Recorded TV.exe
del "C:\Users\Public\Recorded TV\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
del "C:\Users\Public\Recorded TV\Sample Media\trz*.tmp" /f /q /c
C:\Users\Public\Videos\Sample Videos\Sample Videos.exe
C:\Windows\AutoKMS.exe
del C:\Windows\ShellNew\trz*.tmp /f /q /c
C:\Windows\SoftwareDistribution\DataStore\Logs\trzB77C.tmp
C:\Windows\SoftwareDistribution\DataStore\Logs\trzC716.tmp
del C:\Windows\temp\_avast_\unp*.tmp /f /q /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered.  There will be a log created when it completes that I will need in your next reply.  Reboot when it is done.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

After OTL has run the fix there should be a log automatically created.  Please post that and the OTL log that is made with your new scan. 

[QNtas]

After OTL has run the fix there no log  created.

[jeffce]

Hi QNtas,

When you are running these fixes are you being sure to press the Run Fix button and not the Run Scan button?

[QNtas]

yes, and then i run it it show me cmd console

[QNtas]

http://www.mediafire.com/?5mjia0ht7ci91b8
look

[jeffce]

Hi QNtas,

We need to something a little bit different. 

Please disable your Avast antivirus program for the time being as it seems that it is blocking our fix.

Reboot Your System in Safe Mode

• Restart the computer.
• As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
• Use the arrow keys to select the Safe mode menu item
• Press Enter.

----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:Files
C:\Users\Admin\Documents\Documents.exe
C:\Users\Admin\Documents\CAPCOM\DEVILMAYCRY4\DEVILMAYCRY4.exe
C:\Users\Admin\Documents\FIFA 12\FIFA 12.exe
C:\Users\Admin\Documents\FIFA 12\instance0\instance0.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Age of Empires 3.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\AI\AI.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\campaign\campaign.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\RM\RM.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Savegame\Savegame.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Trigger\Trigger.exe
C:\Users\Admin\Documents\My Games\Age of Empires 3\Users\Users.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Rise Of Legends.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Mantas.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\AutoSaves\AutoSaves.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\Game Setup Files.exe
C:\Users\Admin\Documents\My Games\Rise Of Legends\Mantas\Saves\Game Setup Files\CTW\CTW.exe
C:\Users\Admin\Documents\My Games\Skyrim\Skyrim.exe
C:\Users\Admin\Documents\My Games\Skyrim\Saves\Saves.exe
C:\Users\Admin\Documents\NFS Most Wanted\Mantas\Mantas.exe
C:\Users\Admin\Documents\OneNote Notebooks\Personal\Personal.exe
C:\Users\Admin\Documents\Outlook Files\Outlook Files.exe
C:\Users\Admin\Downloads\SoftonicDownloader_for_teamspeak.exe
C:\Users\Admin\Pictures\about.Brontok.A.html
C:\Users\Public\Public.exe
C:\Users\Public\trz3CE5.tmp
C:\Users\Public\Documents\Documents.exe
C:\Users\Public\Documents\trz46A6.tmp
C:\Users\Public\Documents\trz4753.tmp
C:\Users\Public\Downloads\Downloads.exe
C:\Users\Public\Downloads\trz4773.tmp
C:\Users\Public\Libraries\Libraries.exe
del C:\Users\Public\Libraries\trz*.tmp /f /q /c
del C:\Users\Public\Pictures\trz*.tmp /f /q /c
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
del "C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\trz*.tmp" /f /q /c
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
del "C:\Users\Public\Pictures\Sample Pictures\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Recorded TV.exe
del "C:\Users\Public\Recorded TV\trz*.tmp" /f /q /c
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
del "C:\Users\Public\Recorded TV\Sample Media\trz*.tmp" /f /q /c
C:\Users\Public\Videos\Sample Videos\Sample Videos.exe
C:\Windows\AutoKMS.exe
del C:\Windows\ShellNew\trz*.tmp /f /q /c
C:\Windows\SoftwareDistribution\DataStore\Logs\trzB77C.tmp
C:\Windows\SoftwareDistribution\DataStore\Logs\trzC716.tmp
del C:\Windows\temp\_avast_\unp*.tmp /f /q /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

----------

If there is a log created by OTL please post that.  After you have run a new scan with OTL please post that as well. 

[QNtas]

do i need run OTL then my computer be in safe mode?

[QNtas]

here it is. OLT fix created file

[jeffce]

Hi QNtas,

I know this may seem like a lot of work and I appreciate your patience, but your system was heavily infected. 
-----------------

Boot back into Safe Mode.

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
[28 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

Now run a new scan with Malwarebytes and ESET online scanner.

In your next reply please post the logs made by OTL, Malwarebytes and ESET online scanner.  :)