Avast keep alerting avast! Web Shield has blocked a harmful webpage or file

Avast keep alerting this in my pc. Here’s the scan log from Malwarebytes Anti-Malware. And I also have attached other logs that you have mentioned.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/03/15
Scan Time: 23:11:47
Logfile: here.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.28.04
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401981
Time Elapsed: 45 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.LVBP.ED, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, 4620, Delete-on-Reboot, [1cc89ab0b7d3d462161088e9817f649c]

Modules: 0
(No malicious items detected)

Registry Keys: 5
Trojan.Sathurbot, HKLM\SOFTWARE\CLASSES\CLSID{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}, Quarantined, [687c0149d4b6b68055fbec7de221ab55],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid-nv, Quarantined, [38acea605337e4524efc4d81af54fd03],
PUP.Optional.AppLid.A, HKU\S-1-5-21-3674173322-3375893102-2812359154-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\App Lid-nv, Quarantined, [cd1785c56d1dd2643c0f636b887b32ce],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [2aba103aed9de551c0070091aa59bc44],

Registry Values: 1
Trojan.LVBP.ED, HKU\S-1-5-21-3674173322-3375893102-2812359154-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IVsoft, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, Quarantined, [1cc89ab0b7d3d462161088e9817f649c]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.SwiftRecord.A, C:\Users\pc\AppData\Local\Temp\Swift Record, Quarantined, [32b273d7afdb4bebf2df80331ae915eb],

Files: 18
Trojan.LVBP.ED, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, Delete-on-Reboot, [1cc89ab0b7d3d462161088e9817f649c],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll, Delete-on-Reboot, [687c0149d4b6b68055fbec7de221ab55],
PUP.Optional.Somoto.A, C:\Users\pc\AppData\Local\Temp\appshat_generic.exe, Quarantined, [80649eacf595d85ebdf9f32f7c84ce32],
Trojan.Sathurbot, C:\Users\pc\AppData\Local\Temp\tmpBB37.tmp, Quarantined, [8e56ad9dd4b612244e298ae60ff151af],
PUP.Optional.BPlug, C:\Users\pc\AppData\Local\Temp\646D.tmp, Quarantined, [7470eb5f59317cba4e0e0ec9e918936d],
PUP.Optional.Bundle, C:\Users\pc\AppData\Local\Temp\smt_mystartsearch.exe, Quarantined, [7470bc8ecac03ff75b287d7c689919e7],
PUP.Optional.Somoto.A, C:\Users\pc\AppData\Local\Temp\FLVPlayerSetup.exe, Quarantined, [4d973d0df2981d1956fc8da57090c33d],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll, Delete-on-Reboot, [7f65fb4f0783a39380ae222b29dc6799],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleCrashHandler.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdate.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateBroker.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateHelper.msi, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateOnDemand.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\goopdate.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\goopdateres_en.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\npGoogleUpdate4.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\psmachine.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\psuser.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],

Physical Sectors: 0
(No malicious items detected)

(end)

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-19] (vdc) HKU\S-1-5-21-3674173322-3375893102-2812359154-1000\...\Run: [Acworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\pc\AppData\Local\IVsoft\Test.dll ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: App Lid -> {11111111-1111-1111-1111-110611571143} -> C:\Program Files (x86)\App Lid\App Lid-bho64.dll No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - {7C68E87F-4487-4AE5-BBC2-C398C530DE9A} - No File S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] 2015-03-28 12:57 - 2015-03-29 06:46 - 00000000 ____D () C:\Users\pc\AppData\Local\IVsoft 2014-09-09 16:45 - 2014-09-09 17:12 - 0135876 _____ () C:\Users\pc\AppData\Roaming\ICARE.LOG Task: {4CC9C25C-E5F7-4E3C-A2B5-847D0B3C6420} - System32\Tasks\{766F91EF-9B78-4BB3-AF94-975F5DFDC582} => pcalua.exe -a C:\Users\pc\AppData\Local\Temp\DownloadManager.exe -d C:\Users\pc\Desktop -c C:\Users\pc\AppData\Local\Temp\DownloadManager.exe /PID=4941 /SUBPID=0 /DISTID=5847 /NETWORDK=1 /CID=0 /PRODUCT_ID=5455 /RETURNING_USER_DAYS=2 /SERVER_URL=http://installer.ppdownload.com Task: {E3F78A4C-1470-492F-8D7A-932C4EC1922C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION Task: {FC3AD9AE-4237-4D99-8962-591E65F77D92} - System32\Tasks\{3A27E230-1A0D-4B13-B0B6-6741EA2CEE6B} => pcalua.exe -a C:\Users\pc\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt C:\Program Files (x86)\App Lid C:\Windows\System32\drivers\BprotectEx.sys C:\Users\pc\AppData\Roaming\mystartsearch C:\vdc.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

The notification didn’t stop. It keeps alerting. Was there anything that I miss?

Could you attach a screenshot of the popup please

Here is the pop up screenshot

Are you aware that your TCPIP is set to Indonesia ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

The pop up still appears. Is that wrong to have my TCPIP set to Indonesia? Because I live in Indonesia.

No I was just curious as windows reports your location as US

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-08] (EasyAntiCheat Ltd) EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hmm. I don’t know why… Well, here is the fixlog.

Anyway, until now the popup hasn’t showed up again. Thanks for the assistance.

Waait. When I restarted the computer, the pop up appeared again sorry

Could I have a fresh FRST scan please and also if possible a screen shot of the alert

But actually the number of alerts decreased to 4. It reached 12 before

Could you temporarily uninstall SMADAV then reboot and let me know if the alerts still appear

It still appears and the number of alerts get back to 12

Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Open process explorer and from the menu bar select View > Lower Pane
As soon as an alert occurs
Select Explorer.exe
A Lower window will open
Then on the menu bar go to File > Save as…
Then select the desktop and click save
On the desktop will then be a text file called explorer please attach that
You may need to edit the file name from explorer.exe.txt to explorer.txt to allow it to be attached

Here’s the file

Nothing visible there, does this occur on system start or on a random basis

Please RIGHT-CLICK HERE and Save As (in IE it’s “Save Target As”, in FF it’s “Save Link As”) to download Silent Runners.
[*]Save it to the desktop.
[*]Run Silent Runner’s by doubleclicking the “Silent Runners” icon on your desktop.
[*]You will receive a prompt:
Do you want to skip supplementary searches?
click NO

[*]If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
[*]You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
NOTE If you receive any warning message about scripts, please choose to allow the script to run.