http://disorderstatus.ru/order.php alert persists

Hoping to get help with this new detection repeatedly popping up on Avast:

Recently, every 3-5 minutes, Avast Web Shield would pop up with the following alert:

Avast Web Shield has blocked a harmful webpage or file
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

I have run numerous virus/malware applications, yet the problem still persists.
I downloaded Zoek and attached the generated report.

Can anyone please assist with the removal of this virus?

Thanks in advance!

follow instructions and attach requested logs https://forum.avast.com/index.php?topic=53253.0

http://zulu.zscaler.com/submission/show/e277a5f2b437522a18f0bbb36268c92a-1438600267
http://urlquery.net/report.php?id=1438600387348
https://www.virustotal.com/en/url/9327dba6048752b51c9d8e1d76cf2b6df7a34efdd4fae7ff51ac4c9e3abe2d8d/analysis/
http://quttera.com/detailed_report/disorderstatus.ru

Hi Pondus

Thanks for responding.
Please see attached requested logs

Thanks =)

malware experts will be online later today …

This was a present with the cracked Adobe you installed

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2369146234-665257770-333335392-1000\...\Run: [AdobeBridge] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2015-08-04 06:53 - 2015-08-04 06:53 - 00000000 ____D C:\Program Files (x86)\Easy Auto Refresh 2015-08-04 06:52 - 2015-08-04 06:54 - 00000000 ____D C:\Program Files (x86)\bestadblocker 2015-08-04 06:50 - 2015-08-04 06:50 - 00000000 ____D C:\Program Files (x86)\CutThePirIcE 2015-08-04 06:48 - 2015-08-04 07:10 - 00000390 _____ C:\Windows\Tasks\TransmitAll.job 2015-08-04 06:48 - 2015-08-04 06:48 - 00003304 _____ C:\Windows\System32\Tasks\TransmitAll 2015-08-04 06:48 - 2015-08-04 06:48 - 00000000 ____D C:\Users\Armand\Downloads\Adobe_Sounbooth_CS5_3_keygen_by_orion (2) 2015-08-04 06:48 - 2015-08-04 06:48 - 00000000 ____D C:\ProgramData\{c7e36294-d8bc-3619-c7e3-36294d8b8a53} 2015-08-04 06:45 - 2015-08-04 06:46 - 00204920 _____ C:\Users\Armand\Downloads\Adobe_Sounbooth_CS5_3_keygen_by_orion (2).zip 2015-08-04 06:44 - 2015-08-04 06:44 - 01678049 _____ C:\Users\Armand\Downloads\Adobe_Sounbooth_CS5_3_keygen (2).zip 2009-07-14 01:31 - 2009-07-14 03:14 - 90646400 ___SH () C:\ProgramData\msihrbtj.exe Task: {0C232C2B-617C-4217-8202-0AB3BA71A6C6} - System32\Tasks\TransmitAll => c:\programdata\{c7e36294-d8bc-3619-c7e3-36294d8b8a53}\adobe_sounbooth_cs5_3_keygen_by_orion.exe [2015-08-04] () <==== ATTENTION Task: C:\Windows\Tasks\TransmitAll.job => c:\programdata\{c7e36294-d8bc-3619-c7e3-36294d8b8a53}\adobe_sounbooth_cs5_3_keygen_by_orion.exe <==== ATTENTION c:\programdata\{c7e36294-d8bc-3619-c7e3-36294d8b8a53} RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Hi essexboy

Thank you for your response
Please find attached logfiles requested.

Thanks =)

Have the alerts now ceased ?