Need help with http://wpad.browsersecurity.info/wpad.dat

system · July 15, 2016, 2:29pm

Avast constantly alerts of http://wpad.browsersecurity.info/wpad.dat being blocked and I need help to resolve this. Thank you.

Pondus · July 15, 2016, 2:34pm

follow instructions https://forum.avast.com/index.php?topic=53253.0

dbrisendine · July 15, 2016, 6:48pm

Monitoring and will assist you as soon as you post the logs requested. Thanks.

system · July 16, 2016, 10:03pm

Hi,

Sorry for the late reply, I have attached the logs.

dbrisendine · July 16, 2016, 10:22pm

Thanks for those logs. Along with those, I need the following search done and I will hit the problem all at once (so to speak):

Run a search with FRST.

Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.
- Type browsersecurity into the Search Box.
- Press the Search Registry button.
- It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
- Please attach the log file back here.

system · July 17, 2016, 12:24am

Here is the search log, thank you.

dbrisendine · July 17, 2016, 1:10am

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

KMSpico v9.1.3
QuickTime

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

system · July 24, 2016, 12:57am

Again sorry the late reply, I was away and did not my laptop with me. The Fixlog is attached below.

dbrisendine · July 24, 2016, 1:54am

That’s OK; real life always takes first place over PCs.

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don’t want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

LAST >>>>

Malwarebytes’ Anti-Malware
Please download the latest version of Malwarebytes’ Anti-Malware from Here. The version you have installed needs to be updated.

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select “Scan Now >>” to start the scan.

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

system · July 25, 2016, 6:44am

The logs are below. The Avast alert appears more frequently now when I scanned with JRT. Is it possible that Avast has conflict with some other non-malicious program?

JRT.txt

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Anh (Administrator) on Sun 07/24/2016 at 12:25:11.78

File System: 5

Successfully deleted: C:\Users\Anh\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Anh\AppData\Local\globalupdate (Folder)
Successfully deleted: C:\Users\Anh\AppData\Local\installer (Folder)
Successfully deleted: C:\Program Files (x86)\globalupdate (Folder)
Successfully deleted: C:\Program Files (x86)\youtube accelerator (Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{4501503A-06BE-4B7A-8881-8F995062CD0B} (Registry Key)

Scan was completed on Sun 07/24/2016 at 12:28:34.48
End of JRT log

Adware

AdwCleaner v5.201 - Logfile created 25/07/2016 at 02:17:38

Updated 30/06/2016 by ToolsLib

Database : 2016-07-24.1 [Server]

Operating system : Windows 10 Home (X64)

Username : Anh - ANH

Running from : C:\Users\Anh\Desktop\AdwCleaner.exe

Option : Clean

Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Public\Documents\Goobzo
[-] Folder Deleted : C:\Users\Anh\AppData\Local\CEF

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Goobzo
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Goobzo
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKU.DEFAULT\Software\Goobzo
[-] Key Deleted : HKU\S-1-5-21-3035388249-760381208-2990599093-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

[-] [C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : igjjkeeamkpihpncmmbgdkhdnjpcfmfb

:: “Tracing” keys deleted
:: Winsock settings cleared

C:\AdwCleaner\AdwCleaner[C1].txt - [4382 bytes] - [25/07/2016 02:17:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [4676 bytes] - [25/07/2016 02:13:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4528 bytes] ##########

Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/25/2016
Scan Time: 2:24 AM
Logfile: malwarebytes2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.25.01
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Anh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322539
Time Elapsed: 14 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

dbrisendine · July 25, 2016, 2:46pm

More frequent warnings; hhmmm …

Run a search with FRST.

Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.
Type wpad into the Search Box.
Press the Search Registry button.
It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
Please attach the log file back here.

system · July 25, 2016, 6:45pm

SearchReg.txt attached

dbrisendine · July 27, 2016, 3:11am

Let’s clean up the last part of this …

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Need help with http://wpad.browsersecurity.info/wpad.dat

AdwCleaner v5.201 - Logfile created 25/07/2016 at 02:17:38

Updated 30/06/2016 by ToolsLib

Database : 2016-07-24.1 [Server]

Operating system : Windows 10 Home (X64)

Username : Anh - ANH

Running from : C:\Users\Anh\Desktop\AdwCleaner.exe

Option : Clean

Support : https://toolslib.net/forum

Announcements