thanks for any help

Not sure what my husband did to the computer but having many many pop ups and rerouting within the internet browsers. when i ran my avast scan I got a few win 32 malware-gen and a few win 32 Somoto-j.

It is a windows 7 and I have two hard drives currently installled on the computer one is 1000 gigs and the other 500. although for whatever reason i do see three drives in the my computer section. not sure if this information is needd

Your husband wasnt carefull with downloading or installing some software and installed you a few
potentially unwanted programs, nothing really major. A malware expert will help you soon.

Can you take a screenshot of your computer section?

Thank you very much.

Just a Note:

I am not an expert. Just a helper.

I’m looking through your OTL log with my minimal understanding of it.

[2013/04/02 10:01:36 | 000,000,000 | —D | M] – C:\Users[Name Removed]\AppData\Roaming[b]uTorrent[/b]

I do not recommend those programs. They’re are dangerous and can hurt your computer. Trojans are also known to spread and share personal information through the P2P (Peer to (2) Peer) networks.

While many of these programs are-in-and of themselves legal, most things acquired by their use are not. It is also in your best interest to know that many P2P software packages come bundled with spyware/malware/viruses and that their use greatly increases the chances of your computer becoming infected. I strongly suggest that you uninstall these programs and refrain from using them at all costs.

Modified post from Here: http://www.geekstogo.com/forum/topic/247485-cant-seem-to-run-peer-to-peer-programs-like-utorrents/

This also takes affect for downloading cracking/jailbreaking programs.


[2013/03/26 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\[Name Removed]\AppData\Roaming\redsn0w

It is also illegal for the use of unlocking Phones/iPods/iPad’s etc.

Also there are many P2P attacks through these software.

My Grandpa had one a internet streaming program some years ago which was blocked by Norton back there. :smiley:

Hi rperkins0911,

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.


Next …

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

  • ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.[/size]
    -If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
  • ComboFix will scan your computer in stages, total of 50 stages.
    Do not mouse-click around while ComboFix is running.
    Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
    [/i]

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

it wasnt anything that was downloaded from utorrent that was used to download microsoft office which I do have a legal valid product key for, my children just scratched the cd to the point of it not reading properly. He said that he was trying to put something on his phone and I dont think that he understood that its not the same type of files that are used on a computer.

That’s fine. Steven and I are just warning that the use of these programs are dangerous and could potential damage your computer.

thank you very much i will definately remove the program so my husband doesnt try to use that for anything after i have this dealt with thank you very much!

Hi rperkins0911,

They did what they know the best, both CF and AdwC. I think we do not need any additional checks.

Tell me how is the browsers behaver now?

browser is behaiving much better for the most part. I do have a pop up that is still opening everytime that I use googlel chrome.

Then let’s run one more extra AntiRootkit Scan and then re-check of everything …

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*]Under Additional options check the boxes next to:
- Verify Driver Digital Signature;
- Detect TDLFS file system
- Use KSN to scan objects
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

============================

Please download [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b][u]Farbar Recovery Scan Tool[/u][/b][/url] (

http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

[b]Note[/b]: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version. 

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thank you for looking further into this. Over the last 24 hours i have noticed that there are many sites that I am getting a message saying cannot connect to the network that normally I am able to acess.

Hi,

FRST has been update to aim latest malware. Please re-run FRST and what for tool to be updated.

Check box for creating Addition.txt log too and press Scan button.

Repost here bouth FRST logs.

thank you. I thought that it updated but did recieve a message that said it was now updated.

This should fix the problem.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
SearchScopes: HKCU - {BB61CC64-ECC9-4183-B757-206FA00BEF37} URL = http://websearch.shopathome.com?user_id={0C0A8370-1960-427B-93B5-1389C772BCF6}&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
CMD: ipconfig /flushdns
CMD: DEL %TEMP%\*.* /F /S /Q
End


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

here is the fixlog, thank you again

Is there any improvement?

If not, post me the fresh FRST logs

im still getting a popup