wpad.home/wpad.dat infection. HELP!!

I’m following the ‘malware assist’ admin thread and i’m going to include the needed files to remove this annoying malware.

Please Help! :cry:

*MBAM log is included in this post

Please follow these instructions: http://forum.avast.com/index.php?topic=53253.0

*OTL logs are attached in this post

The malware has seem to disappear.
I’ll post back if i get any problems.

Monitoring …

@calvintcq

Posted OTL log looks clean. The following steps for running tool known as “Zoek” by Smeenk shall preform additional checks …
Zoek shall also clean up varius junk, temp and cache allowing your system for better breathing.
MCShield is here for checking on any kind of malware based on USB memory devices.

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your [b]AntiVirus[/b] program. ([i]If necessary[/i])
 If you are unsure how to do this please read [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b][i]this[/i][/b][/url] or [url=http://www.bleepingcomputer.com/forums/topic114351.html][i][b]this[/b][/i][/url] Instruction.

[*]Double click on [b]zoek.exe[/b] to run the tool .
[i]Please wait while the tool does not start...[/i]

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
EmptyFoldersCheck;
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{427b47dc-952b-11e2-bb00-5855caf19220}];R
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a97eff-63d7-11e3-b5ee-5855caf19220}];R
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d819801d-20eb-11e3-b638-5855caf19220}];R
AutoClean;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here [b]zoek-results.log[/b]
[i][b]Note:[/b] It will also create a log in the [b]C:\ [/b]directory named "[b]zoek-results.log[/b]"[/i]

============================
Next …

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that MCShield has created.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

see attached files

Ok, Zoek has clean up the lots of garbage and junk files including temp & cache files from your system. System should run better now. This shoudl be it.

Regarding to this …

… OTL is clean as I sad. wpad.dat detection has been FP. Update your AntiVirus and detection should be gone.

Good workman always cleans up after himself.
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

all done. the virus is gone.

Thanks so much for your help!!! ;D