41

rajuvprasad, let’s try to process the TcpIP’s.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 139.162.16.110 8.8.4.4
Tcpip\..\Interfaces\{9AE547DC-4079-4730-B624-1C09BDFE47A3}: [DhcpNameServer] 139.162.16.110 8.8.4.4
Reboot:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

42

Hi Sir,

Here is the log file…

Actually the restart was taking a long time (more than hour), so I had to abort the restart by long pressing the power button and had to start it again.

Let me know if I need to try this one more time…

43

Well, fix went successfully adn that is important. Have we achieved something?

Post me fresh FRST and Addition logs for re-analysist.

44

Hi Sir,

After the earlier restart, the notification still exists…

Here are the fresh logs…

45

Then, it is time to switch our tools and technique.

First step, we’ll use Zoek and deeply diagnostic scan. Kindly note, this scan can take some time. If tools asks for internet conection, please allow.
Next one is ZHP Diagnostic tool, one very valid alter tool to FRST and his diagnostic scope.

Yes, tell me. Gateway to this PC is your router, right? Router provide you the internet conection?

Step#1
Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

CreateSRPoint;
netsh int ipv4 reset;b
netsh int ipv6 reset;b
StandardSearch;
AutoRuns;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

================

Step#2

Please download ZHPDiag to your desktop.

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag

Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Installing ZHPDiag

[*] Double-click zhpdiag.exe to start the installation.
[*] Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
[*]Click multiple times “Suivant” in the installation process.
[*]Click “Installer” when asked and “Terminer” once the installation is complete.

Running ZHPDiag

[*]Double-click the shortcut ZHPDiag on your desktop.
[*]The user interface will appear, now select “Configureren”.
[*]If the tools default language isn’t set to English, click in the bottom right corner on the
http://www.imgdumper.nl/uploads7/52c0016c76e8d/52c0016c69f81-huisje.png
icon “Sélectionner une langue” and choose “Anglais”.
[*]Next, click on the
http://www.imgdumper.nl/uploads7/52c001f7f0bd3/52c001f7eec91-vergrootglas.png
icon in the bottom left “Diagnostic Options”.
[*]ZHPDiag is now scanning your computer. Please wait patiently until the scan is finished.

[thumb]http://hijackthis.nl/smeenk/ZHPDiag.PNG[/thumb]

The ZHPDiag.txt logfile

[*] When finished, a logfile named “ZHPDiag.txt” will appear on your desktop.
[*]Please post the logfile for further review in your next comment.

46

Hi Sir,

Yes, the router (wireless) provides me the internet connection.

Please find the log files…

47

Ok, while I look at these logs (and they are long) let’s try something else;

Turn off all computers, iphones, …etc. Then unplug the power cable from the router. Now unplug the power cable from the (Cable) modem.

Let it OFF for about ~ 5 minutes.

Then with the computers still off, plug back in the Cable modem power cable…when all the lights come on, then plug in the router.
When all the lights come back on, then start all computers.

Now check if your problem still exists. Post results here!

48

Hi Sir,

I have done exactly what you have mentioned, but immediately after the restart, the notification arrives…

49

Tell me, will this fix the problem?

Copy the following code completely:

Script ZHPFix
SysRestore
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = browserupdatecheck.in
[HKCU\Software\CinemaPlus-3.2cV29.05-nv-ie]  =>PUP.CrossRider
[MD5.9C64B0E9A375F180450149CBF73B397F] [WIS][7/14/2012] (.Amazon - Amazon Browser App.) -- C:\Windows\Installer\dc791.msi   [1122304]  =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32  =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS  =>PUP.AdvancedSystemProtector
EmptyTemp
EmptyFlash
FirewallRaz
Hostfix
Proxyfix
IFEOFix

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag

Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Running ZHPFix

[*]Double-click the
http://www.imgdumper.nl/uploads7/52c005670fe45/52c005670d732-ZHPFix.png
ZHPFix shortcut on your desktop.
[*]Press “Import
[*]Now select “Go”.
[*]Please wait patiently until a logfile opens.

The ZHPFix logfile

[]When finished, a logfile named “ZPHFix[r1].txt” will appear on your desktop.
[]Please post the logfile for further review in your next comment.

50

bump!

I’ve edited ZHP Fix script.

51

Hi Sir,

I have run the fix (may be before you edited it), let me know if I need to run that again…

Here is the log file…

52

No, you don’t have to. All has been executed as planed.

Do you still having alearts?

We will have to temporaly disable avast! and re-run ZHPFix in attempt to reset hosts successful. But first, tell me please some good news? :slight_smile:

========== Elements of the registry data ========== REMOVES TCPIP: SearchList = browserupdatecheck.in
53

Hi Sir,

Actually the alert is still coming.

Shall I re-run ZHPFix with the same script as earlier (updated one)?

54

No. You go rest and see ya tommorow.

55

@rajuvprasad, do this when you can and when you get time.

We’ll preform manualy random search in attempt to locate some data related for alearts you receive.

Please download SystemLook by jpshortstuff and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe
Alter download link: http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

  • Right click on SystemLook.exe, select “Run As Administrator…” to run it. If prompted by UAC, please allow it.
    If you receive an “Open file - security warning”… asking “Do you want to run this file?”, press the Run button.
    Highlight and copy the following entries: into SystemLook’s main text entry window.
:filefind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*

:folderfind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*

:Regfind
browserupdatecheck
wpad
wpad.browserupdatecheck.in

Press the Look button to start the scan. The scan will take a while (porhaps, even more than hour), so please be patient…
When finished, a Notepad window will open with the results of the scan.
A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt

Please post the contents of the SystemLook.txt file in your next reply.

56

Post SystemLook log on pastebin site as well please and post here URL link so i can take a look into that log.

It would seems that forum disturb the system look report formating and log is not usefull to me as it should be.
http://pastebin.com/

57

Hi Sir,

I haven’t seen any notifications today until now (last 4 hrs).

Here is the link for the SystemLook log file – http://pastebin.com/dfCFhJTm

Also, the scan took just 5 mins to run.

One more issue what I have is, sometimes when I click on links in content on any website, some junk pages are getting loaded…here are those links that opened…

http://games.71box.com/santas-helpers/?host=m.71box.com&locale=en&p=m.71box.com
http://www.71box.com/
http://mobilegames.candyoyo.com/horde-of-evil/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com
http://games.71box.com/connect-me-factory/?host=m.71box.com&locale=en&p=m.71box.com
http://mobilegames.candyoyo.com/rebel-thumb/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com

58

I think we found him.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
CreateRestorePoint:
Reg: reg delete HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg delete HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg add HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg: reg add HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

.

Once again we shall use FRST for additional checks, just in case. Re-run FRST/FRST64 by double-clicking:

[*]Type browserupdatecheck into the Search: field in FRST then click the Search Registry button.
[*]FRST will search your computer for registry and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

Tell me please, is the computer running fine after this fix?

59

Hi Sir,

I have run fixlist, looks like there are some errors…plz find attached the log file…

I haven’t yet run the search registry.

60

Yes … my fault. I forgot to add a valid command. Please create and use this FixList.

Start
CreateRestorePoint:
Reg: reg delete HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg delete HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg add HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
Reg: reg add HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /f
End