Need Help!(New) disorderstatus.ru/order.php and http://differentia.ru/diff.php

Viruses and worms
1

Well, I stumbled upon this thread https://forum.avast.com/index.php?topic=174667.15
I was wondering if you could help me as well. :-
Thanks!

2

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [VNT] => C:\Program Files\VNT\vntldr.exe [196504 2014-10-09] (APN LLC.) HKU\S-1-5-21-3082643360-682943815-2170803300-1000\...\Run: [iLivid] => "C:\Users\ACE\AppData\Local\iLivid\iLivid.exe" -autorun CHR HKU\S-1-5-21-3082643360-682943815-2170803300-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-3082643360-682943815-2170803300-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File SearchScopes: HKU\S-1-5-21-3082643360-682943815-2170803300-1000 -> {929F08C2-13FA-492A-B9CC-FDC494D125F0} URL = hxxp://www.search.ask.com/web?tpid=SGT-V7&o=APN11004&pf=V7&p2=%5EB3Q%5EYYYYYY%5EYY%5EPH&gct=sb&itbv=12.10.6.5030&apn_uid=441C33D4-C067-427F-B7DF-FF76BE2D4310&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EPH&apn_dbr=cr_35.0.1916.114&doi=2014-06-07&trgb=CR&q={searchTerms}&psv= SearchScopes: HKU\S-1-5-21-3082643360-682943815-2170803300-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={98A1E115-ECB3-48D4-B1A4-9548E344F9AD}&mid=6ea2baa0621f47d380c6d1565044060a-9113aac1fabea6f965196369ea582a058e85e5b4&lang=en&ds=cg011&coid=avgtbdiscg&cmpid=&pr=sa&d=2014-02-09 23:05:22&v=18.1.9.786&pid=safeguard&sg=0&sap=dsp&q={searchTerms} Toolbar: HKU\S-1-5-21-3082643360-682943815-2170803300-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-3082643360-682943815-2170803300-1000 -> No Name - {5347542D-5637-006A-76A7-7A786E7484D7} - No File FF Plugin: TorchVLC -> C:\Users\ACE\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-31] R2 TorchCrashHandler; C:\Users\ACE\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION 2015-08-20 02:23 - 2014-09-27 02:15 - 00000000 ____D C:\ProgramData\TorchCrashHandler 2015-08-20 02:22 - 2015-01-16 19:31 - 00000000 ____D C:\Program Files\Elex-tech 2015-08-20 02:18 - 2015-01-16 19:31 - 00000000 ____D C:\Users\ACE\AppData\Roaming\Elex-tech 2015-08-20 02:18 - 2014-06-07 13:00 - 00000000 ____D C:\ProgramData\APN 2015-08-18 21:04 - 2014-02-08 16:20 - 00000000 ____D C:\Users\ACE\AppData\Local\genienext 2015-08-18 08:12 - 2013-10-03 22:29 - 00000000 ____D C:\ProgramData\YTD Video Downloader 2013-10-03 16:28 - 2014-06-02 21:41 - 0003749 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2010-11-21 05:29 - 2010-11-21 05:29 - 88725248 ___SH () C:\ProgramData\msnqwnrlg.exe CustomCLSID: HKU\S-1-5-21-3082643360-682943815-2170803300-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\ACE\AppData\Local\Torch\Application\36.0.0.8226\delegate_execute.exe (The Chromium Authors) C:\Users\ACE\AppData\Local\VNT C:\Users\ACE\AppData\Local\Torch C:\Program Files\Mobogenie C:\Users\ACE\AppData\Local\iLivid Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

3

Hey man. I came across this again. Sorry for not replying. Your fix immediately put my system back together. Just thought you should know. A really huge thaaanks, man. :smiley: