Warnings related to wpad.dat

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Detected through AV Webshield, not sure what the source file is.

MBAM came up with a few hits, logs attached.

Warning coming from a couple of processes including:
C:\Windows\System32\GWX\GWXConfigManager.exe
C:\Program Files (x86)\Steam\Steam.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SkyDrive.exe
C:\Windows\System32\SettingSyncHost.exe

Hello,

Attach here C:\zoek-results.log

List of different processes triggering this warning is growing – let me know if you need these recorded.

Included is the ZOEK log.

EDIT: Doesn’t seem like the current log is complete. Currently running the script again for a complete log.

Okay.

How long does Zoek usually take? It’s been running for around 40 minutes now, last query being “Checking Input 21:11:00.64”

It can take a long time, wait for reboot.

Zoek didn’t finish when left overnight. Restarted and tried again this evening, results posted.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fixlog attached, warning persists.

How is the situation now?

Still getting warnings reading:

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: D:\Program Files\AVAST Software\Avast\AvastUI.exe

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Warning persists, different target processes.

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Windows\System32\SkyDrive.exe, D:\Program Files\AVAST Software\Avast\AvastUI.exe, C:\Windows\System32\svchost.exe

Basically anything attempting to transfer data through the internet.

Download
http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.

[*]Double-click the icon to start the tool.
[*]It will ask you where to extract it, then it will start.
[*]Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
[*]Click in the introduction screen “next” to continue.
[*]Click in the following screen “Update” to obtain the latest malware definitions.
[*]Once the update is complete select “Next” and click “Scan”.
[*]When the scan is finished and no malware has been found select “Exit”.
[*]If malware was detected, make sure to check all the items and click “Cleanup”. Reboot your computer.
[*]Open the MBAR folder and paste the content of the following files in your next reply:

[*]“mbar-log-{date} (xx-xx-xx).txt”
[*]“system-log.txt”

Logs.

https://sites.google.com/site/cannedfixes/eset-online-scanner/ESETOnline.png
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

[*]Accept the Terms of Use and click Start.
[*]Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

[*]Download esetsmartinstaller_enu.exe that you’ll be given link to.
[*]Double click esetsmartinstaller_enu.exe.
[*]Allow the Terms of Use and click Start.

To perform the scan:

[*]Make sure that Remove found threats is unchecked.
[*]Scan archives is checked.
[*]In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
[*]Click Start
[*]The program will begin to download it’s virus database. The speed may vary depending on your Internet connection.
[*]When completed, the program will begin to scan. This may take several hours. Please, be patient.
[*]Do not do anything on your machine as it may interrupt the scan.
[*]When the scan is done, click Finish.
[*]A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.Don’t forget to re-enable previously switched-off protection software!

ESET log attached.

How is the situation now?

I feel this may be a false positive, hold on whilst I ask Avast to check this out.

Warnings continue, although I was instructed to set ESET not to remove threats so I figure that the last step did not do anything other than produce a log.

Hello marc.rnglow,

Do you still need help?