Another http://wpad.browserupdatecheck.in/wpad.dat

I am experiencing similar problems to what others are. I have been getting popup warnings from avast for several days now.

URL: http//wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files\AVAST Software\Avast\avastui.exe

URL: http//wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

The avastui.exe one has just started today. Normally it is only svchost.exe but it has been chrome as well once or twice, however I think I may have dealt with that. The avastui.exe warning has only started appearing after I thought I had dealt with the problem.
I had ran a full system scan with avast, malwarebytes and HitmanPro. HitmanPro dealt with many problems the other two did not, which led me to believe it had been dealt with. Several minutes after restarting my computer the warnings came back.
All problems seemed to occur after I had accidentally procured an extension called Swift Records on chrome due to a lack of judgement on my part, although I thought I had removed it thoroughly.

Required logs are attached except for the very last one which is running right now and appears to be stuck, although I may just be impatient. All logs are attached.

ps: The avastui.exe warning does not seem to be occurring any longer.

hey and welcome to the aavst forum first thanks for attaching the needed logs. A malware expert will help you later today when one is online.

second can you also attach the log from hitman pro here, the expert can have intrest in it and see what it found.

last does avast gives you a popup of that infectiion if so can you please attach a picthure of that.

thanks.

Thank you for the quick response. Attached are the HitmanPro logs and a picture of the popup, when it is for svchost.exe the popup is identical except for the process.

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Copy browserupdatecheck;wpad;wpad.browserupdatecheck.in;browserupdatecheck.in into the Search: field in FRST then click the Search Registry button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

I am currently doing that and will add the logs when it is finished, I just thought I should add that right before this my computer had a ‘CRITICAL_SYSTEM_CORRUPTION’ which I am assuming is not good and may be related to my problem.

EDIT: The log is now added.

I have a sneaking feeling I accidentally searched the files instead of the registry so I redid it, here is what may be a duplicate.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

https://sites.google.com/site/cannedfixes/registry-fix/reg_file_icon.jpg
Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

Please download the attached registry fix file and save it to your desktop:

http://download.bleepingcomputer.com/win-services/8/Tcpip.reg
Now we need to import the file into the registry.

[*]Locate the Tcpip.reg file on your desktop.
[*]Right-click the
https://sites.google.com/site/cannedfixes/registry-fix/reg_file_icon.jpg
icon of your file and select Merge.
[*]You’ll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won’t be generated.

The fix finished without a problem. I am now about to do the registry fix. Attached are the logs. Thank you for all the help.

EDIT: Registry fix has been done. I turned off avast gaming mode and no popups yet, thanks for all the help.

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

That seems to have worked. I have attached the Delfix log just in case you need to look at it for anything, thank you again for the help.