http://wpad.browserupdatecheck.in/wpad.dat

[REDACTED]

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:MAL
Process C:\Windows\System32\svchost.exe

Zoek Result attached how do I rid myself of this annoyance?

[REDACTED]

Hello


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[REDACTED]

it ran twice on me so I included both logs sorry for the confusion

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

So it signed me out of my google account, and when I logged back in it pops up saying the same thing but now instead of svchost it's process of origin is chrome.

fix log attached

[REDACTED]

it is also back on svchost.exe now....

[REDACTED]

It is Chrome problem?

[REDACTED]

when I signed back in and sync my google account to chrome so I could get my app's extensions and such back it popped up and said process was from chrome.exe and a bit later popped up and said process svchost.exe was blocked.

[REDACTED]

Export your bookmarks
https://support.google.com/chrome/answer/96816?hl=en


Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download and install Chrome
https://www.google.com/intl/en/chrome/browser/desktop/

[REDACTED]

I have not reinstalled chrome yet. Upon uninstallin chrome IE opened to ask why I uninstalled chrome. And the I got thr url pop up and it said the process it block was from Iexplore.exe..... has it just infect my everything?

[REDACTED]

so I re ran the fix file you made for me after uninstalling chrome and deleting the google folder. re installed chrome signed in and no issues so far and no pop up's. Going to restart and see if I get pop up's, and if not go to bed and report back in the afternoon for me if I'm still having issues. Thanks for your help btw I appreciate it

[REDACTED]

I need to sleep but when I rebooted I got one pop up that http://wpad.browserupdatecheck.in/wpad.dat had been blocked and the process was scvhost.exe again.

[REDACTED]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

[REDACTED]

here are the latest scan's from farbar

[REDACTED]

when the pop up for the blocked url comes up now it's just the svchost.exe process over and over again. no signs of the chrome or IE process in the pop ups when I'm on my computer now.