Help Identifying and Removing Malware

[Sweetness_cw]

I am not sure if it is a virus or malware that is infecting my computer. I made the mistake of using utorrent to download a few free items and now I get pop-up galore every time I use the internet. Anytime I click on a link for any reason, I get several pop-ups that interrupt any activity I am attempting to perform. For instance, With just attempting to sign up on this website through my facebook account, It took at least ten minutes because of how many pop-ups I was getting while moving through screens, let alone when I was searching for assistance on google. I had also gotten the blue screen of death at one point and immediately downloaded AVG antivirus software to get rid of anything that might cause that again. What should I do? I'm afraid of losing the thousands of photos I have on my computer to viruses.

 

[TwinHeadedEagle]

Hello,

Follow this topic and attach requested reports --> http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

 

[Sweetness_cw]

These are the results for my scan

 

[Sweetness_cw]

Hello,

Follow this topic and attach requested reports --> http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

Thank you for your help. These are the reports you've asked me to run on my laptop.

 

[TwinHeadedEagle]

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Sweetness_cw]

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

I attempted to download the Zoek.exe tool and it keeps saying that chrome has blocked it because it is malicious. Above it says to wait while it does not download, so I wasn't sure if I was missing a step?

 

[TwinHeadedEagle]

I see you have two antivirus product on your PC. Only one is optimal. Please choose whether to uninstall AVG or McAfee.

Try other browser to download Zoek, it is perfectly legitimate, this is false detection.

 

[Sweetness_cw]

I see you have two antivirus product on your PC. Only one is optimal. Please choose whether to uninstall AVG or McAfee.

Try other browser to download Zoek, it is perfectly legitimate, this is false detection.

Thank you again for your help. I really Appreciate it. Here is the report from the zoek.exe

 

[TwinHeadedEagle]

How about Adwcleaner report?

 

[Sweetness_cw]

How about Adwcleaner report?

How about Adwcleaner report?

Sorry. these were both saved in my computer

 

[TwinHeadedEagle]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

C:\Program Files (x86)\Yahoo\SoftwareUpdate;fs
C:\PROGRA~2\MediaBuzzV1;fs
C:\Program Files (x86)\ShopperPro;fs
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
"ext@MediaBuzzV1mode4990.net"=-;r
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\extensions];r
"{7a1d730e-10ab-44f3-819f-444202719611}"=-;r
C:\Program Files (x86)\Re-markit-soft;fs
Media Buzz;ff
eaaSytOushopp;ff
Muvic;ff
blchdgebogcfgdogophbngnkokkgdblk;chr
kmmodeinhdilbhgblmomkeojdkgnkpma;chr
nllafhekklanfkimibokomlmidmcmaoi;chr
mlephdcldpgellegdlkimmdcbmkneian;chr
C:\Users\Candy\AppData\Local\Shopping Sidekick;fs
nikpibnbobmbdbheedjfogjlikpgpnhp;chr
C:\Users\Candy\AppData\Roaming\DVDVideoSoft;chr
autoclean;
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
ipconfig /flushdns;b

 

[Sweetness_cw]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

C:\Program Files (x86)\Yahoo\SoftwareUpdate;fs
C:\PROGRA~2\MediaBuzzV1;fs
C:\Program Files (x86)\ShopperPro;fs
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
"ext@MediaBuzzV1mode4990.net"=-;r
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\extensions];r
"{7a1d730e-10ab-44f3-819f-444202719611}"=-;r
C:\Program Files (x86)\Re-markit-soft;fs
Media Buzz;ff
eaaSytOushopp;ff
Muvic;ff
blchdgebogcfgdogophbngnkokkgdblk;chr
kmmodeinhdilbhgblmomkeojdkgnkpma;chr
nllafhekklanfkimibokomlmidmcmaoi;chr
mlephdcldpgellegdlkimmdcbmkneian;chr
C:\Users\Candy\AppData\Local\Shopping Sidekick;fs
nikpibnbobmbdbheedjfogjlikpgpnhp;chr
C:\Users\Candy\AppData\Roaming\DVDVideoSoft;chr
autoclean;
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
ipconfig /flushdns;b

 

[TwinHeadedEagle]

Are you sure you copied the script good, because it didn't performed good. Try again with whole script.

 

[Sweetness_cw]

Are you sure you copied the script good, because it didn't performed good. Try again with whole script.

For some reason it was only pasting half of the code, so I had to do it in sections to get the full code in. if this does not look right, i'll try it line by line. lol

 

[TwinHeadedEagle]

Still not good. Have you disabled your Antivirus before proceeding. Run Zoek again and try to paste full code.

 

[Sweetness_cw]

Still not good. Have you disabled your Antivirus before proceeding. Run Zoek again and try to paste full code.

I have been running the Zoek program with the code you wrote above for me and it has been going all night and seems to be stuck.. The last line it shows is '--- Del by CLSID 16:14:17.25' and it has been stuck there for quite some time.
Is there something I should be doing to make it continue?

 

[TwinHeadedEagle]

Have you disabled your antivirus? I already said you have more than one antivirus.

 

[Sweetness_cw]

I have. I actually uninstalled mcafee and disabled avg until reboot, and it had not been rebooted until this morning.

 

[TwinHeadedEagle]

Ok, run FRST again, check addition.txt, press Scan and attach both reports.

 

[Sweetness_cw]

Ok, run FRST again, check addition.txt, press Scan and attach both reports.

Ok I reran the report and have attached them.