disorderstatus.ru/order.php and differentia.ru/diff.php

Viruses and worms
1

Hello!
I am in need o help and I would greatly appreciate if someone was so help me get rid of this awful malware.
As far as I know I didn’t download anything in the past week but these pop ups from the anti virus started to appear 2 days ago. I tried cleaning it with a normal anti virus and then looked into the registry files but I couldn’t find anything.
I also have adblock installed on every browser so it is not actually affecting me but I need to buy some tickets so I dont want my cred card stolen.
Anyone can help?

2

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

there you go

4

Did you use a USB drive at any time ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR Extension: (No Name) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2015-10-13] 2010-11-21 00:29 - 2010-11-21 00:29 - 91299328 ___SH () C:\ProgramData\msnufjo.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

5
6
7

Did you reboot as FRST needs to do that to remove the bad file

8

I indeed used a USB from school.
And yes it actually rebooted twice in the past minutes for getting that 2 logs.
But the computer seems to work faster and with there’s no pop up from the antivirus.

9

OK install this programme for protection… Any further problems ?

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that