Avast blocking URL svchost.exe

[REDACTED]

Here you go, see attached.

[essexboy]

Are the alerts still appearing ?

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3777026070-661087563-4202175341-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3777026070-661087563-4202175341-1002 -> {350D3A74-F259-4AD7-BAC1-2CFC9E2AF85F} URL = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms}
FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\345867055\npxbdsetup.dll No File
FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\Windows\system32\NPCMBEdit.dll No File
2015-03-01 09:32 - 2015-03-01 09:32 - 0000020 _____ () C:\Users\Ronan\AppData\Roaming\004D5649544E41696E66
Task: {E45BAFAD-A369-4FBB-AECF-7319610EA8F2} - \{202A373B-6B5D-4314-8BDA-D6D28EA4C4B5} No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here you go.

Thanks,
Hed.

[essexboy]

Are the alerts still there ?

[REDACTED]

Yes, still there

[essexboy]

Could you confirm that they disappear when chrome is uninstalled from the system

[REDACTED]

No, they don't disappear. And their number have considerably increased.

At the beginning it was once every hour.
Now it is around 60 warnings per hour minimum.

Starting to be really impacting my activities ;/

[essexboy]

Could you attach a screenshot of the Avast alert please

[REDACTED]

Here you go

[essexboy]

That IP is in China are you there perchance ?  Beijing Teletron Telecom Engineering Co., Ltd.

[REDACTED]

Yes, I am living in Beijing.

[essexboy]

It appears that all the main external sites.. MBAM, Windows and a few others are being routed first through their server rather than going direct to   the proper site. 

The only way around that would be to use a proxy as I believe Avast is alerting on the fact that the routing to windows updates is being directed through another server

[REDACTED]

I have difficulties to understand how this could happen.
I moved in into a new place, and started to use a new ISP around Mid December.
However, the warnings came around mid February.

[essexboy]

I have forwarded this to Avast for them to check out

[Tondah]

Hello, i checked the IP and it appears to be one of the download proxy servers from www.datadragon.net.
Server on this IP no longer exists, but it served various .exe, .xap and .apk files in unconventional way including files like "install_flash_player.exe"
I am sorry for your trouble, it will be unblocked within a while.

Tondah