wpad.browserupdatecheck.in/wpad.dat infection

I have had popups from avast, every 10 minutes or so, that it just blocked an infection http://wpad.browserupdatecheck.in/wpad.dat. This has been going on for about 4 days now

avast also says that the infection is URL:Mal and the process is C:\windows\System32\svchost.exe

Could you also attach the search txt as well :slight_smile:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

ok

oops sorry, I didnt select additions, one sec

here, is the FRST and Addition txt

Do you now that you also have Norton and parts of McAfee still running ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1988871788-1466846848-2973272998-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKU\S-1-5-21-1988871788-1466846848-2973272998-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File 2015-07-05 21:48 - 2015-07-05 21:48 - 00125640 _____ (TweakBit) C:\Users\matt\Downloads\speedtest-optimizer.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Right click this link and select Save target as https://dl.dropboxusercontent.com/u/73555776/tcpip.reg
Save the TCPIP.reg to your desktop
Double click the file and allow to merge
Accept the warnings and reboot on completion

do I merge the file before resart? because FRST is telling me to restart now, here is the fixlog

ok so I did that, Is that all i have to do?

Have the alerts now ceased ?