avast!Web Shield has blocked a harmful webpage or file
object: http://disorderstatus.ru/order.php
infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
Why do you have downloaded a illegal version of avast ?
Free is installed, if you run the torrented/cracked version you will get more than you bargained for
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: SearchScopes: HKU\S-1-5-21-943124047-744981796-2258831492-1000 -> 6ACB880D89314B6FB7C8AE02DFAC0E9E URL = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=10844&ppd=search,36200352042,skype,e,,c,Skype,,,www.fileparade.com&barid=1523565448092906790 BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File 2015-05-15 16:28 - 2015-05-15 16:28 - 00020343 _____ () C:\Users\b\Downloads\Avast Pro Antivirus Final & Avast! Internet Security Final (7.0.1407) Incl License.torrent 2015-04-28 19:00 - 2015-04-28 19:00 - 00000000 _____ () C:\Users\b\AppData\Local\{0134B033-4EBA-4880-9803-1DF4D2892E8D} 2015-04-28 19:00 - 2015-04-28 19:00 - 0000000 _____ () C:\Users\b\AppData\Local\{0134B033-4EBA-4880-9803-1DF4D2892E8D} 2014-09-08 10:07 - 2014-09-08 10:07 - 0000000 _____ () C:\Users\b\AppData\Local\{0AC1B148-E4FC-4703-ADFF-3EBD6615AD7A} 2010-11-21 06:24 - 2010-11-21 06:24 - 78508032 ____N (Kyriba) C:\ProgramData\msicx.exe Task: {78F0F076-AC63-428F-9F24-38118AFC454F} - System32\Tasks\{D74329F1-35E8-400B-AE9D-DAD1073EB320} => pcalua.exe -a "C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU8K69SA\l1egc02us24[1].exe" -d C:\Users\b\Desktop Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.