Hey everyone I was checking out my moms computer (with scans from malewarebytes) an it came up with the win32 malgen trojan and win64/Sirefef.A an the AO variety. I’m not positive if there is more on her machine that avast missed but I followed the scan logs posted on the website an will attach them now. An in advance thanks for the help I can’t do much more than this.
also attach the Malwarebytes log…
Malware remover is notified…
may take several hours before he arrive…
did you use McAfee antivirus ?..as i see lots of McAfee files in there
It was not done by McAfee antivirus it was avast an I’ll have to upload the other log tomorrow (I uploaded them off from my usb).
never install multiple AV…
running multiple AV can/will create all kind of mysterious windows errors and false positive detections
read reply from quietman7
http://www.bleepingcomputer.com/forums/topic186533.html
it is also recomended to run a removal tool for the AV you uninstall to remove any leftover files that may conflict
run and reboot - http://singularlabs.com/uninstallers/security-software/
Hi,
Let me look these over and I will return shortly. 
Hi,
WARNINGUnfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.
To disable Malwarebytes
[*]Open the scanner and select the Protection tab
[*]Remove the tick from “Start Protection Module with Windows” as seen below
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM16orgreater.jpg
Once complete continue with the instructions…
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=5r0Cdvdo6LPSg-TQD1deOdDcteo?q={searchTerms}
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0EDD336F-3275-40A0-96DE-F5DE52EC372B}&mid=6c798069235f436b8085385df239b634-ffcfae1ca03b61630052af2c17a9d7c8e29f427e&lang=en&ds=AVG&pr=fr&d=2012-05-11 14:53:30&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2012/06/22 13:11:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O15 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1665870288-2495501873-2062235200-1000\..Trusted Ranges: GD ([http] in Local intranet)
O33 - MountPoints2\{4316b7d5-264c-11df-8131-001aa069e6bd}\Shell\AutoRun\command - "" = O:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\{587f9a8e-728e-11df-b92e-001aa069e6bd}\Shell - "" = AutoRun
O33 - MountPoints2\{587f9a8e-728e-11df-b92e-001aa069e6bd}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/01/11 17:49:48 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c8cca11d-621e-8780-5785-c7cd0f4923da}\@
[2008/11/06 13:30:33 | 000,027,648 | ---- | C] () -- C:\Users\labdab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/08 16:30:49 | 000,000,000 | ---D | M] -- C:\Users\labdab\AppData\Roaming\Babylon
:Files
C:\Windows\Installer\{c8cca11d-621e-8780-5785-c7cd0f4923da}
:Commands
[purity]
[createrestorepoint]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
If you have chosen to continue with cleaning your system, in your next reply please post the logs created by both OTL and ComboFix when you complete the instructions above.
Thank you jeffce 
As instructed I have the new logs ready to be read an reviewed
Good job!
I see that you have on your system both McAfee and Avast. We should remove one of them as running more than one antivirus program can cause problems and actually leave you less protected. Let me know which one you want to remove.
I want to remove McAfee
Hi,
Ok…Please remove McAfee via Control Panel >> Programs and Features. Once complete, please download and run the tool found here >> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe Once complete reboot your system.
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Next post will have the log but I keep getting the message that avast is still running even after I disabled it. Is there another way to stop that message from popping up?
Also here is the log
The actual scanning function (the shields) is disabled, but the background services are running, but you should be OK to ignore the message and continue.
Next post will have the log but I keep getting the message that avast is still running even after I disabled it. Is there another way to stop that message from popping up?If you are getting this while running ComboFix don't worry about it. :)
Okay I was worried I was doing something wrong lol
No you are doing just fine.
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
Please run a free online scan with the ESET Online Scanner
[i]Note: You will need to use Internet Explorer for this scan[/i]
[*]Tick the box next to YES, I accept the Terms of Use
[*]Click Start
[*]When asked, allow the ActiveX control to install
[*]Click Start
[*]Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
[*]Click Scan (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner[b]log.txt
[*]Copy and paste that log as a reply to this topic
Please attach the logs made by Malwarebytes and ESET online scanner.
everything is posted
Thanks! How is your system running?
It seems to be running really great now thanks :D. I ran another scan from the ESET I was gonna post it when it finished.
Sure…go ahead and post that. We will give it a look over.
Alright here is the log file also the scan picked up a Win32/Sirefef.FB.Gen trojan