Hello everyone,
I would like to ask for help on how to stop this 2 popping messages from avast, detecting a malware from msiexec.exe
1st.
URL: hxxp://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
2nd.
URL: hxxp://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
Attached are the logs and texts for your review,
Thank you.
Please make the links not working.
We do not want people to (accidentally) visit (potential) malicious websites.
Change http to e.g. hxxp in the links.
As for help, have patience.
One of the malware removers will guide you soon.
Almost all are in Europe and at this time it is still dark (night).
ohh sorry for that, I already changed it, thank you for looking to my case. I will wait for it.
Let me know if this stops the alerts
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [819760 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" HKLM\...\Run: [VizorHtmlDialog.exe] => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\common.lproj\preinstall_01_welcome_trial.html" (the data entry has 17 more characters). HKU\S-1-5-21-2795867003-351684639-3769258455-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mslov.exe <===== ATTENTION HKU\S-1-5-21-2795867003-351684639-3769258455-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\mslov.exe <===== ATTENTION Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => not found FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => not found FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension => not found R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [248640 2012-07-25] (Trend Micro Inc.) S1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [X] S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [X] 2015-11-07 15:31 - 2015-06-15 13:16 - 97322880 ___SH C:\ProgramData\mslov.exe C:\WINDOWS\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Fix completed, it does not appear now, I will get you informed if it comes back again, Thank you.
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix
Select the options as shown
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
https://dl.dropboxusercontent.com/u/73555776/javara.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme 
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 
Thank you for looking to my case and helping me remove the malware. Great job and it’s very kind of you (as well as the admins and other experts) in providing aid to people like us.
I will do the rest, and see if my unit would not have any problems after these processes.
Thanks and thumbs up!!!