Everytime I open IE8 avast popsup saying site is blocked http://90.156.blablabla. I run it to see infection but it says it is clean. Run CCleaner delete all junk. I have check the proxy settings and delete this malicious site, but when I open internet explorer the warning appears again. Here is my hijack log. Anyone knows what is going on ? Thanks in advance
Hi Luckloki,
From the Hijackthis log (of which I am no expert) these too don’t look too good to me:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hXXp://90 .156 .158 .251/bitrix/templates/print/.../3746905fe5637b0f7dcfc5b578ebc0dc.txt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
I would leave that for now though, and I would suggest scanning with avast! and then follow the instructions from essexboy here:
http://forum.avast.com/index.php?topic=53253
I see that you have also posted in that thread, so essexboy will be looking out for your thread, and should be able to help with the OTL and MBAM logs when he is next online 
Scott
In addition to the above …
An analysis of the HJT log shows the following problems :
An active process of a firewall on your system was not detected. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
It is recommended that you to use a firewall. Download and install one or activate windows xp´s firewall.
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/[/b]
This entry should be fixed by HijackThis!
[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/[/b]
This entry should be fixed by HijackThis!
[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/[/b]
This entry should be fixed by HijackThis!
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Unnecessary (deactivated) entry that can be fixed.
http://www.spyandseek.com/Search.php?search_for=5C255C8A-E604-49b4-9D64-90988571CECB&search=SAS-Search
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Unnecessary (deactivated) entry that can be fixed. Related to Ask toolbar.
http://www.spyandseek.com/Search.php?search_for=D4027C7F-154A-4066-A1AD-4243D8127440&search=SAS-Search
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Click on Minimal Output at the top
[*]Select All Users[*]Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select “Save”
[*]Double click inside the Custom Scan box at the bottom
[*]A window will appear saying “Click Ok to load a custom scan from a file or Cancel to cancel”
[*]Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
[*]Select scan.txt and click Open. Writing will now appear under the Custom Scan box
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please attach these files, one at a time and post them in your topic