Hi,
I recently had repeated and continuing popup messages from Avast having blocked
http://disorderstatus.ru/order.php and
http://differentia.ru/diff.php both appearing on the process: C:\Windows\SysWOW64\msiexec.exe
I ended the process using task manager and the symptoms have ceased. I doubt this has rectified my problem.
Scans with avast didn't detect any infected files.
I was fairly certain it started after using a usb pen drive. I installed MCShield which scanned the drive and deleted malware. Scan log attached.
I installed MBAM and FRST and scanned with both. Logs attached.
I was silly and the first time I ran MBAM I didn't export log information. It detected and quarantined 1 item:
Vendor: PUP.Optional.PageStarter
Type: Registry Value
Location: HKU\S-1-5-21-2141295651-759630508-1624318672-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load
Any further assistance in removing this malware would be greatly appreciated.