Hello,
Im just getting a msg window from avast with this virus every 1 minute, can someone help me please?
heres my Zoek-Result
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Catherine on 31/07/2015 at 12:26:18.60.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Catherine\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31/07/2015 12:28:06 p.m. Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\Program Files\7-Zip deleted successfully
C:\Program Files\Nitro deleted successfully
C:\Program Files\Noguska deleted successfully
C:\Users\Catherine\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Catherine\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=“C:\Program Files\Internet Explorer\iexplore.exe”
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\Program Files\7-Zip not found
C:\Program Files\Nitro not found
C:\Program Files\Noguska not found
C:\Program Files\Acro Software deleted
C:\Program Files\d1f82af8-a9af-496f-acb8-65658bb6b2b2 deleted
C:\Program Files\CinemaP-1.8cV23.02 deleted
C:\Users\Catherine.android deleted
C:\Program Files\SoftwareUpdater deleted
C:\Program Files\MiPony deleted
C:\Program Files\globalUpdate deleted
C:\Users\Catherine\AppData\Roaming\Mipony deleted
C:\PROGRA~2\WindowsMangerProtect deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Catherine\AppData\Local\globalUpdate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony deleted
C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony deleted
C:\Windows\Tasks\3f073df9-afe6-41f3-9843-6a97c0b51220-1-6.job deleted
C:\Windows\Tasks\3f073df9-afe6-41f3-9843-6a97c0b51220-1-7.job deleted
C:\Windows\Tasks\3f073df9-afe6-41f3-9843-6a97c0b51220-10_user.job deleted
C:\Windows\Tasks\3f073df9-afe6-41f3-9843-6a97c0b51220-7.job deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Catherine\Desktop\MiPony.lnk deleted
C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers deleted
“C:\Users\Catherine\AppData\Roaming\XSKKZYX” deleted
“C:\PROGRA~2\msuuupuo.exe” not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
“wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [21/07/2015 03:09 a.m.]
==== Chromium Look ======================
Google Chrome Version: 44.0.2403.125
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21/07/2015 03:07 a.m.]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17 a.m.]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nfedoihopcjdfjihhhojdclnfdgomdho - No path found
Avast Online Security - Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
==== Chromium Startpages ======================
C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences
ast_used":{“geolocation”:1429750816.394451}},“http://videomega.tv:80,http://mastelenovelas.org:80”:{“fullscreen”:1},“http://videomega.tv:80,http://www.cuevana-movil.com:80”:{“fullscreen”:1},“http://videomega.tv:80,http://www.watchmovie.so:80”:{“fullscreen”:1},“http://www.cuevana-movil.com:80,http://www.cuevana-movil.com:80”:{“fullscreen”:1},“http://www.sharedtalk.com:80,":{“last_used”:{“media-stream-camera”:1428787232.340991,“media-stream-mic”:1428787232.340965},“media-stream-camera”:1,“media-stream-mic”:1},"https://[.]snt147.mail.live.com:443,":{“multiple-automatic-downloads”:1},"https://[.]vimeo.com:443,":{“fullscreen”:1},"https://[.]www.youtube.com:443,":{“fullscreen”:1},"https://[.]yts.re:443,*”:{“fullscreen”:1},“https://www.google.com.do:443,https://www.google.com.do:443”:{“geolocation”:1,“last_used”:{“geolocation”:1427216896.916644}}},“pref_version”:1},“default_content_settings”:{},“exit_type”:“Crashed”,“exited_cleanly”:true,“gaia_info_picture_url”:“https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg",“gaia_info_update_time”:“13082825055254904”,“icon_version”:3,“managed_user_id”:“”,“managed_users”:{},“migrated_content_settings_exceptions”:true,“migrated_default_content_settings”:true,“migrated_default_media_stream_content_settings”:true,“name”:"First user”,“password_manager_groups_for_domains”:[9,null,null,null,null,null,2],“per_host_zoom_levels”:{}},“protection”:{“macs”:{}},“reverse_autologin”:{“enabled”:false},“savefile”:{“default_directory”:“C:\Users\Catherine\Desktop\Iphone JHP 2015-05-28”,“type”:1},“selectfile”:{“last_directory”:“C:\Users\Catherine\Documents\Agustin Envio”},“session”:{“restore_on_startup_migrated”:true,“startup_urls_migration_time”:“13047092295147802”},“signin”:{“signedin_time”:“13074532048017218”},“spellcheck”:{“dictionary”:“es”},“sync”:{“app_list”:true,“app_settings”:true,“apps”:true,“autofill”:true,“autofill_wallet”:true,“bookmarks”:true,“dictionary”:true,“encryption_bootstrap_token”:“AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAz5jUkp+M6km6zc3HqDQd6gAAAAACAAAAAAAQZgAAAAEAACAAAAAk36JspOMIr0IkhxBHkODjZj03V1acFLdEDk/b388w1wAAAAAOgAAAAAIAACAAAACuLmocxGcshHpIQNK6yuCUlHaNS9Wouw6Kkh5RhCqKhEAAAAAVenNOpyUbjxqHycrU72McfLYtDdspgIFvvxqpTOz/dMhpSpo5rJUXFAT2eNYVp7DihDEsTjaQfia2S1yfRIVrQAAAAAFcTpyMTMrBaqzEBA+y11vqJ4L0XkWo6/bVtoXeBsAGZB0V95MJaU26qh8kHEp53mQuETdsx2neCD2726pH00Q=”,“extension_settings”:true,“extensions”:true,“favicon_images”:true,“favicon_tracking”:true,“first_sync_time”:“13074532048063793”,“has_setup_completed”:true,“history_delete_directives”:true,“keystore_encryption_bootstrap_token”:“AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAz5jUkp+M6km6zc3HqDQd6gAAAAACAAAAAAAQZgAAAAEAACAAAAAy1u5+hMfPCdrdOG2fezd9hkZXohb0lE8/4yK0VEl1+gAAAAAOgAAAAAIAACAAAAA/CfeedRQxnqobq1PfPVNI4NyuvyTVyHd5PztXt/1oFFAAAAB7jnvWTafE7Snyl3xQsdz7ay/vyubGXLcmVl0H5f16sqYVycwywqlqy9+pwobyVm61OewLMNtwKOWfk0ljOz6xSlNyXJonSO8WgGnoevc5IEAAAACDEsBTqTUo/Ub0WpFHMLoEvE/+em+RdYvpKF3XcocWwdxvrHOJcrA5TUspVWY31/G+S/blZqd4eedn6NZY1pOh”,“last_synced_time”:“13082833514419192”,“managed_user_settings”:true,“managed_user_shared_settings”:true,“managed_user_whitelists”:true,“managed_users”:true,“memory_warning_count”:1,“passwords”:true,“preferences”:true,“priority_preferences”:true,“search_engines”:true,“session_sync_guid”:“session_synclsN39gL879eCLzK6UyvU7Q==”,“sessions”:true,“shutdown_cleanly”:false,“suppress_start”:false,“tabs”:true,“themes”:true,“typed_urls”:true},“sync_promo”:{“show_on_first_run_allowed”:false},“translate_accepted_count”:{“de”:0,“en”:0,“es”:0,“fr”:0,“gl”:0,“id”:0,“it”:0,“ja”:1,“ko”:0,“pt”:0,“ru”:0,“tr”:0,“und”:0,“zh-TW”:0},“translate_blocked_languages”:[“en”,“es”],“translate_denied_count”:{“de”:1,“en”:1,“es”:99,“fr”:2,“id”:1,“it”:3,“ja”:0,“pt”:4,“ru”:1,“tr”:1,“und”:13},“translate_denied_count_for_language”:{“es”:1,“fr”:2,“gl”:2,“ko”:1,“zh-TW”:1},“translate_last_denied_time”:1.413723e+12,“translate_last_denied_time_for_language”:{“es”:1437768797430.87,“fr”:1437989386466.931,“gl”:1437902085319.03,“ko”:1437911097286.881,“zh-TW”:1437910972148.755},“translate_site_blacklist”:[“www.facebook.com”],“translate_too_often_denied”:true,“translate_too_often_denied_for_language”:{“gl”:true},“translate_whitelists”:{},“zerosuggest”:{“cachedresults”:“”}}
410A95CC34E556C0CA532D209F2483154C29830D6E6E1198EE",“bepbmhgboaologfdajaanbcjmnhjmhfn”:“956C442334D832BC2CA6EB18D713E9A31CEEB985276811D74F0314174346AC49”,“blpcfgokakmgnkcojhhkbfbldkacnbeo”:“9E19B097B235C50C1B6A4A192B0A0BC63320DF5227386AAC4ED43600467A1D61”,“booedmolknjekdopkepjjeckmjkdpfgl”:“2C2E16762337005FE526E3D9AE609FC3D3860F493A8ECC2886F52F9EA64FCAF0”,“coobgpohoikkiipiblmjeljniedjpjpf”:“174DA967D9D1B9848F87798AD8E7E98E0CE634CB7312B4B1DC34D517814B7268”,“dnhpdliibojhegemfjheidglijccjfmc”:“7714531EF5DAF0CBC06488158CF44BCE35B89EC1093E6B1691B4366246E8AE5F”,“eemcgdkfndhakfknompkggombfjjjeno”:“D8477300E903B4C108CC9DEAE1984C34F797723A8491CAAC2B65A465B91967B8”,“ennkphjdgehloodpbhlhldgbnhmacadg”:“2B3E6E797DA2E85212C03B029C90D03E08CD82AAAAA9C2C44142B7BEDAE81F81”,“flpcjncodpafbgdpnkljologafpionhb”:“9962DA2D1914CFBBC55A513E32ADEEC186E2DC6693BFE6B990ADD6240A69300B”,“gfdkimpbcpahaombhbimeihdjnejgicl”:“0B9FF213C3BED212ED58F0A4FB9C97D8B97F3129FE95167498D4D05F8DEA78C3”,“gomekmidlodglbbmalcneegieacbdmki”:“D36DAFCB5CD82957498D5AD84E7A939E799DE53708A5A704102F090321D14841”,“kmendfapggjehodndflmmgagdbamhnfd”:“A0B670F40B16E0B8DA25E9F32680E3672983C988F1A6C4749E36BB71B6445AA9”,“lccekmodgklaepjeofjdjpbminllajkg”:“7141AE3F197BB3B47A8C476422C96753FB2DFB8F1AA6C1771FD2E891FB414D74”,“lifbcibllhkdhoafpjfnlhfpfgnpldfl”:“6CA1FD2950DAEDDB1F68B4B6137812586D4FB022064AB060A804DA8A361A17DB”,“mfehgcgbbipciphmccgaenjidiccnmng”:“1C7F24A6EEFD46193A02F28A0D54230223DAA4737CE9145638FD9BAF90C81A24”,“mfffpogegjflfpflabcdkioaeobkgjik”:“248BC1A09CE9B682D784909F702F28CC4F423E827128AAC546827BE14295584D”,“mgndgikekgjfcpckkfioiadnlibdjbkf”:“CB63386285909A090E5F26F04EC25C82FB159EF224C8A7502838BE6F13E694FB”,“mhjfbmdgcfjbbpaeojofohoefgiehjai”:“1723322E9C352C10CBFA9483EC262A395A36AAF01A4AED0C0CC1051D45533067”,“nbpagnldghgfoolbancepceaanlmhfmd”:“F7DEB94A599FB49FEB87C8DAB4728EABB81ABFD288BCA4DA18F94C26A4495B26”,“neajdppkdcdipfabeoofebfddakdcjhd”:“5ADEC77660613CBD1EBD3FB285AD73E81E8D433CF159F4BCECD0DD9AB1C8F77C”,“nfedoihopcjdfjihhhojdclnfdgomdho”:“E17E87E2FCC91F712AAD8A8BF6C109F632396FEE1BC7A8E758A43AE8F3CDE763”,“nkeimhogjdpnpccoofpliimaahmaaome”:“8A1EC900F300990FDE0662DAFFDA069D0A50ADAC3DC31CAEB724E89DF3CB4D03”,“nmmhkkegccagdldgiimedpiccmgmieda”:“140083457CD6C89EAA47347552366E2EAFD7D3291CE691E10F3ACC3A3B12E4A3”,“pafkbggdmjlpgkdkcbjmhmfcdpncadgh”:“D8A51C8420E67CA9DB3AA070E10CE0145958094D487E3B68DCF5129E69A7AF10”,“pjkljhegncpnkpknbcohdijeoejaedia”:“90937FA5989D324791B8558F084CB9B7D7FD85BCEA7983D8B220D4B4A04153C1”}},“google”:{“services”:{“account_id”:“17A256F3BA2C75CCFF70EFFC68FD4FD6E482F9951F5F2233BAA6491C9F57D147”,“last_username”:“3AAB3B56DCCA78BDC480EDB3006400DC9F3DF27B465D7514E819F4220EEEF090”,“username”:“4F22F072F024F1F6FB68CD3B1C3BB276D9EC68EFD0EE1587146BD2F25EDF9315”}},“homepage”:“BFB341901C27E1BCD976471B62FFD5E69047F9D8C33B9FA1C7F83D2A8E9C1A73”,“homepage_is_newtabpage”:“20B771356C0E1A65C821FC75FAE3782F1002923EBB7D7D2AD39820F329F59845”,“pinned_tabs”:“929C16D1EDCD34F31E5D4ACBA79B881C90D020EA5A1C45F38E9A807E223144CE”,“prefs”:{“preference_reset_time”:“FC60C095945903BDB58373691A66C765504148FAE4958719DE8FC4C58712541D”},“profile”:{“reset_prompt_memento”:“0B9E8C11603E4EABD4646AC3DEA971D141E4D8BE52A468ED836263D246BD6EAF”},“safebrowsing”:{“incidents_sent”:“6AB6B70B7CE49E8CF9305AD6AE16413576C868C569674F9250BEBC7C047908EB”},“search_provider_overrides”:“E3AFE2EF97559D826477B8ED239EA33AB1ADA456749D9E0FD3A63FBD5CB98E4D”,“session”:{“restore_on_startup”:“0AD2383709D3E8F38E436DBD00235BEF72E13918C739A8F6040F7B5A03AB04EA”,“startup_urls”:“5DF7F483808531F164E6BFA1AE93AA189EFBCD7FA3AA21D45DDAD01C43794CB4”},“software_reporter”:{“prompt_reason”:“26BB65B6408DFC8FB2EC44E4350784A62FD79FF75994FBEFC84277E2F435F554”,“prompt_seed”:“0DA88B9597DD7FA6325EB7BA45BFE964FDC141DDEB3C0D1B49A2A2F44C8E9224”,“prompt_version”:“3DFA279C78B3329CD5962A1658E57A819F51E97EAE9D1AA579E05152E0499D6A”},“sync”:{“remaining_rollback_tries”:“521EA7DBFA1DF9DFD5075CD85F919B1C04408C398B8A6B15010C27B5464C722E”}},“super_mac”:“E545BE306C9B65722062D5F98298E2CB89786E40354E6D57A101547EAEF464C2”},“session”:{“restore_on_startup”:4,“startup_urls”:[“https://www.google.com/"]},“sync”:{"remaining_rollback_tries”:0}}
==== Chromium Fix ======================
C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pconverter.dl.tb.ask.com_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“https://www.google.com/search?trackid=sp-006&q={searchTerms}”
“Search Bar”=“https://www.google.com/?trackid=sp-006”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“https://www.google.com/search?trackid=sp-006&q={searchTerms}”
“Search Bar”=“https://www.google.com/?trackid=sp-006”
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7”
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url=“https://www.google.com/search?trackid=sp-006&q={searchTerms}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MiPony deleted successfully
==== Empty IE Cache ======================
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CIBGPR6 will be deleted at reboot
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTYOF42M will be deleted at reboot
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIN0WZKT will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=132 folders=47 26783046 bytes)
==== Empty Temp Folders ======================
C:\Users\Catherine\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\CATHER~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\PROGRA~2\msuuupuo.exe” not found
“C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CIBGPR6” not found
“C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTYOF42M” not found
“C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIN0WZKT” not found
“C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low” not deleted
==== EOF on 31/07/2015 at 12:40:57.38 ======================