Avast keeps popping up on my PC which displays these:

Object: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\system32\msiexec.exe

and

Object: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\system32\msiexec.exe

I run the softwares listed on the other thread (needed before starting new topics) and here are the log files.
i stopped aswMBR scan as it took so much time.
Can somebody please help me fix this? Thank you so much in advance.

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchsun.info/?pid=2134&r=2014/05/17&hid=18007715594285545861&lg=EN&cc=IN&unqvl=52 HKU\S-1-5-21-483985569-2991844374-3087840349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=2134&r=2014/05/17&hid=18007715594285545861&lg=EN&cc=IN&unqvl=52 SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= SearchScopes: HKU\S-1-5-21-483985569-2991844374-3087840349-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= SearchScopes: HKU\S-1-5-21-483985569-2991844374-3087840349-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=2134&r=2014/05/17&hid=18007715594285545861&lg=EN&cc=IN&unqvl=52 SearchScopes: HKU\S-1-5-21-483985569-2991844374-3087840349-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= FF DefaultSearchEngine: Astromenda FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.searchsun.info/?pid=2134&r=2014/05/17&hid=18007715594285545861&lg=EN&cc=IN&unqvl=52&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: Astromenda FF SelectedSearchEngine,S: WebSearch FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ir_14_35_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0EyByEtDyCtAtA0DyB0FtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByDzz0FtD0E0E0CtG0B0D0C0AtGyCtC0AyDtG0A0F0D0CtGyEtCtA0FtB0C0E0AtAtCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0CyEtByEyByCtGzyzztBtDtGyEyDtB0DtGzytD0DyCtGzzzyyD0E0B0E0AtAyB0ByEtD2Q&cr=1790537196&ir= FF Keyword.URL: hxxp://websearch.searchsun.info/?pid=2134&r=2014/05/17&hid=18007715594285545861&lg=EN&cc=IN&unqvl=52&l=1&q= FF SearchPlugin: C:\Users\kandhan\AppData\Roaming\Mozilla\Firefox\Profiles\63b3dk12.default\searchplugins\Astromenda.xml [2014-08-30] FF SearchPlugin: C:\Users\kandhan\AppData\Roaming\Mozilla\Firefox\Profiles\63b3dk12.default\searchplugins\WebSearch.xml [2014-05-19] FF Extension: YoutubeAdblocker - C:\Users\kandhan\AppData\Roaming\Mozilla\Firefox\Profiles\63b3dk12.default\Extensions\mmjvgcpt-au@fob-imucx.co.uk [2014-05-19] FF Extension: savue neTa - C:\Users\kandhan\AppData\Roaming\Mozilla\Firefox\Profiles\63b3dk12.default\Extensions\s.a@spxgcwzsjp.co.uk [2014-05-19] CHR HKU\S-1-5-21-483985569-2991844374-3087840349-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\kandhan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-15] CHR HKU\S-1-5-21-483985569-2991844374-3087840349-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-483985569-2991844374-3087840349-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx 2014-12-02 15:49 - 2014-12-02 15:49 - 0022528 _____ () C:\Users\kandhan\AppData\Local\dsisetup21179782.exe 2014-12-18 20:49 - 2014-12-18 20:49 - 0022528 _____ () C:\Users\kandhan\AppData\Local\dsisetup37922282.exe 2014-04-08 20:54 - 2010-11-20 17:47 - 94796288 ___SH () C:\ProgramData\msdtsjnq.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thank you so much…!!!

It stopped pooping up.
is my system safe?

i have attached the documents you mentioned.

Any further problems