Need help http://differentia.ru/diff.php and http://disorderstatus.ru/order.php

[REDACTED]

Please help!

Since yesterday, I kept getting notifications from avast saying Threat has been detected!

Both of them appear at the same time

Here are the reports:

Object: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\...\msiexec.exe

Object: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\...\msiexec.exe

What should I do?

[essexboy]

https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Sorry it took quite long.

Here are the logs.

[REDACTED]

Hey sorry, this is the correct MalwareBytes logs

[essexboy]

Let me know of any problems after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
2015-07-15 17:19 - 2015-06-16 04:42 - 80668544 ___SH () C:\ProgramData\mscfhqxd.exe
CustomCLSID: HKU\S-1-5-21-3215671141-2693329682-2736129479-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\User\AppData\Roaming\tricomfi\tivesen.dll No File <==== ATTENTION
C:\Users\User\AppData\Roaming\tricomfi
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

I believe that this is the fixlog that is generated, please check it.

[essexboy]

Have the alerts ceased

[REDACTED]

They have, but I'm not very sure the malwares or viruses have gone

[essexboy]

Why ? What problems are you having

[REDACTED]

Now it appears again, after I plugged in my USB, the notifications start to pop up again, what should I do?

[essexboy]

Your USB is infected

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

THEN

Run a fresh FRST scan please

[REDACTED]

Here are the logs.

[essexboy]

Could you copy and paste the MCShield log as it is corrupted when attached

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-07-15 17:19 - 2015-06-16 04:42 - 72947328 ___SH () C:\ProgramData\mscfhqxd.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

MCShield log:

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.8.23.1 / Windows 7 <<<


06-Sep-15 19:39:43 > Drive C: - scan started (no label ~466 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.8.23.1 / Windows 7 <<<


06-Sep-15 19:40:48 > Drive E: - scan started (ANDRE ~15343 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.8.23.1 / Windows 7 <<<


06-Sep-15 19:42:45 > Drive E: - scan started (ANDRE ~15343 MB, FAT32 flash drive )...



=> The drive is clean.




After I run FRST, my computer restarted, and the notification doesn't appear anymore. My USB is still plugged. So, is the virus removed? Both from my computer and my USB?

[essexboy]

Looks like MCShield is not finding it so I would recommend that you wipe the drive