http://differentia.ru/diff.php and http://disorderstatus.ru/order.php issues

system · 2015-09-17T21:39:25.000Z

Hello guys, I’ve had trouble with this issue the whole of today and was going through the forums trying to solve it, and i’ve gone through the steps listed here : https://forum.avast.com/index.php?topic=53253.0 . Please Help. Attached are the logs.

dbrisendine · 2015-09-18T02:14:13.000Z

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt


Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-396844535-4039677838-2135687824-1001 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
FF NetworkProxy: "type", 4
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [No File]
CHR Extension: (Google Drive) - C:\Users\IdrissZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-11]
CHR Extension: (Google Search) - C:\Users\IdrissZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\IdrissZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR HKLM-x32\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx <not found>
C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx
S3 MT7118VU; \SystemRoot\system32\DRIVERS\mt7118vu_x64.sys [X]
C:\Windows\system32\DRIVERS\mt7118vu_x64.sys
C:\Windows\system32\netcfg-*.txt
2012-07-26 02:06 - 2012-07-26 03:20 - 92059520 ___SH () C:\ProgramData\msovjnv.exe
C:\Users\IdrissZ\AppData\Local\Temp\cdo1046249973.dll
AlternateDataStreams: C:\ProgramData\Temp:553CA6CA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting “Run as Administrator…” and press the Fix button just once and wait.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

LAST >>>>

Chrome → The malware has changed the version of Chrome to a less secure type. The only way to fix this is to uninstall Chrome and re-install it.

64 bit: Reboot your machine and then go to [a href=“http://www.google.com/chrome/eula.html?standalone=1&platform=win64”]here[/a] and download a fresh installer for Chrome.

Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.

system · 2015-09-18T02:16:51.000Z

Me too… >:(

mikaelrask · 2015-09-18T06:23:42.000Z

gita please start a new topic and post your logs there instead of hijack other started topics it will confusse the expert how will be helping the person how started this topic

system · 2015-09-18T07:14:16.000Z

Thanks for the help, I’ve followed all the steps, and so far, i think the pop-ups have stopped. Attached is the fixlog. If there’s something else that needs to be done, please let me know.

dbrisendine · 2015-09-19T05:41:03.000Z

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.

You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

- On reboot a log will be produced; please attach that in your next reply. This report is also saved to [b]C:\AdwCleaner\AdwCleaner[C0].txt[/b]

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

system · 2015-09-19T08:41:55.000Z

Hello, attached is the log from AdwCleaner

dbrisendine · 2015-09-20T02:49:13.000Z

Is there a reason you did not remove Speedbit? Some reviews are listed here. Your choice but I would remove / uninstall it.

Other than that, how is your system running now?

system · 2015-09-21T06:13:46.000Z

Yeah, my system is running much better now, no more pop-ups or anything. Thank you for all the help

dbrisendine · 2015-09-21T21:00:52.000Z

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Announcements