Avast keep alerting avast! Web Shield has blocked a harmful webpage or file

[REDACTED]

Avast keep alerting this in my pc. Here's the scan log from Malwarebytes Anti-Malware. And I also have attached other logs that you have mentioned.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/03/15
Scan Time: 23:11:47
Logfile: here.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.28.04
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401981
Time Elapsed: 45 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.LVBP.ED, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, 4620, Delete-on-Reboot, [1cc89ab0b7d3d462161088e9817f649c]

Modules: 0
(No malicious items detected)

Registry Keys: 5
Trojan.Sathurbot, HKLM\SOFTWARE\CLASSES\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}, Quarantined, [687c0149d4b6b68055fbec7de221ab55],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid-nv, Quarantined, [38acea605337e4524efc4d81af54fd03],
PUP.Optional.AppLid.A, HKU\S-1-5-21-3674173322-3375893102-2812359154-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\App Lid-nv, Quarantined, [cd1785c56d1dd2643c0f636b887b32ce],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [2aba103aed9de551c0070091aa59bc44],

Registry Values: 1
Trojan.LVBP.ED, HKU\S-1-5-21-3674173322-3375893102-2812359154-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IVsoft, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, Quarantined, [1cc89ab0b7d3d462161088e9817f649c]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.SwiftRecord.A, C:\Users\pc\AppData\Local\Temp\Swift Record, Quarantined, [32b273d7afdb4bebf2df80331ae915eb],

Files: 18
Trojan.LVBP.ED, C:\Users\pc\AppData\Local\IVsoft\tmpDC9C.exe, Delete-on-Reboot, [1cc89ab0b7d3d462161088e9817f649c],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll, Delete-on-Reboot, [687c0149d4b6b68055fbec7de221ab55],
PUP.Optional.Somoto.A, C:\Users\pc\AppData\Local\Temp\appshat_generic.exe, Quarantined, [80649eacf595d85ebdf9f32f7c84ce32],
Trojan.Sathurbot, C:\Users\pc\AppData\Local\Temp\tmpBB37.tmp, Quarantined, [8e56ad9dd4b612244e298ae60ff151af],
PUP.Optional.BPlug, C:\Users\pc\AppData\Local\Temp\646D.tmp, Quarantined, [7470eb5f59317cba4e0e0ec9e918936d],
PUP.Optional.Bundle, C:\Users\pc\AppData\Local\Temp\smt_mystartsearch.exe, Quarantined, [7470bc8ecac03ff75b287d7c689919e7],
PUP.Optional.Somoto.A, C:\Users\pc\AppData\Local\Temp\FLVPlayerSetup.exe, Quarantined, [4d973d0df2981d1956fc8da57090c33d],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll, Delete-on-Reboot, [7f65fb4f0783a39380ae222b29dc6799],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleCrashHandler.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdate.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateBroker.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateHelper.msi, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\GoogleUpdateOnDemand.exe, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\goopdate.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\goopdateres_en.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\npGoogleUpdate4.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\psmachine.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],
PUP.Optional.GlobalUpdate.A, C:\Users\pc\AppData\Local\Temp\comh.127394\psuser.dll, Quarantined, [2aba103aed9de551c0070091aa59bc44],

Physical Sectors: 0
(No malicious items detected)


(end)

[essexboy]

Could you let me know if this stops the alerts

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-19] (vdc)
HKU\S-1-5-21-3674173322-3375893102-2812359154-1000\...\Run: [Acworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\pc\AppData\Local\IVsoft\Test.dll
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: App Lid -> {11111111-1111-1111-1111-110611571143} -> C:\Program Files (x86)\App Lid\App Lid-bho64.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {7C68E87F-4487-4AE5-BBC2-C398C530DE9A} -  No File
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
2015-03-28 12:57 - 2015-03-29 06:46 - 00000000 ____D () C:\Users\pc\AppData\Local\IVsoft
2014-09-09 16:45 - 2014-09-09 17:12 - 0135876 _____ () C:\Users\pc\AppData\Roaming\ICARE.LOG
Task: {4CC9C25C-E5F7-4E3C-A2B5-847D0B3C6420} - System32\Tasks\{766F91EF-9B78-4BB3-AF94-975F5DFDC582} => pcalua.exe -a C:\Users\pc\AppData\Local\Temp\DownloadManager.exe -d C:\Users\pc\Desktop -c C:\Users\pc\AppData\Local\Temp\DownloadManager.exe  /PID=4941 /SUBPID=0 /DISTID=5847 /NETWORDK=1 /CID=0 /PRODUCT_ID=5455 /RETURNING_USER_DAYS=2  /SERVER_URL=http://installer.ppdownload.com
Task: {E3F78A4C-1470-492F-8D7A-932C4EC1922C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {FC3AD9AE-4237-4D99-8962-591E65F77D92} - System32\Tasks\{3A27E230-1A0D-4B13-B0B6-6741EA2CEE6B} => pcalua.exe -a C:\Users\pc\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=smt
C:\Program Files (x86)\App Lid
C:\Windows\System32\drivers\BprotectEx.sys
C:\Users\pc\AppData\Roaming\mystartsearch
C:\vdc.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

The notification didn't stop. It keeps alerting. Was there anything that I miss?

[essexboy]

Could you attach a screenshot of the popup please

[REDACTED]

Here is the pop up screenshot

[essexboy]

Are you aware that your TCPIP is set to Indonesia ?

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[REDACTED]

The pop up still appears. Is that wrong to have my TCPIP set to Indonesia? Because I live in Indonesia.

[essexboy]

No I was just curious as windows reports your location as US


CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-08] (EasyAntiCheat Ltd)
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Hmm. I don't know why.. Well, here is the fixlog.

[REDACTED]

Anyway, until now the popup hasn't showed up again. Thanks for the assistance.

[REDACTED]

Waait. When I restarted the computer, the pop up appeared again sorry

[essexboy]

Could I have a fresh FRST scan please and also if possible a screen shot of the alert

[REDACTED]

But actually the number of alerts decreased to 4. It reached 12 before

[essexboy]

Could you temporarily uninstall SMADAV then reboot and let me know if the alerts still appear

[REDACTED]

It still appears and the number of alerts get back to 12