http://wpad.browserupdatecheck.in/wpad.dat virus

[REDACTED]

Hi Sir,

Please find attached latest FRST.txt and Addition.txt files....

[magna86]

Post temporaly removed.


@rajuvprasad
Please read your private messages and answers to my questions. If you want some privacy, Yes and No will do.

I am trying to located the source of the problems. Know, this may be the false alarms so hold on while I get some answers.

I could reset and renew your dns and tcpip settings and alearts may go away. But for now let's wait until I know more data on this one.

[REDACTED]

Hi Sir, replied you on PM.

[magna86]

Hi rajuvprasad,

Tell me, will this make our avast peacefully?




1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Hi Sir,

Right after the restart the notification has popped up

Please find attached the Fixlog.txt file...

[magna86]

Post me this log as I wanna check something. Then you can go relax for a bit and I will give my reply as soon as I get some more info on this.

Please download MTB tool by Farbar to your desktop. Check all boxes and press Go button. Log Result.txt shall be created. Post that log here.
http://www.bleepingcomputer.com/download/minitoolbox/


You may also post GMER's the ART results as it can tell me some kernel and hidden file info. Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
  
• Click [ Scan ] button and wait until the full scan is complete;
  
• Click [ Save ... ]- save the report to the Desktop (named ARK );
  > Attach here both Gmer logreports. (ARK.txt)
  
  
  
  
  

[REDACTED]

Hi Sir,

Please find attached Result.txt log file, after running MTB tool....

[REDACTED]

Hi Sir,

When I tried to run GMER, I got an alert as shown in GMER01.JPG
then I clicked OK, the tool was as shown in GMER02.JPG before I clicked on Scan button.
And at the end (before completion of scan), it popped up GMER01.JPG alert again and then another alert as shown in GMER03.JPG.
After clicking OK, it says the scan is successful.
When I clicked on Save, it did not allow me to save it as TXT file, it is allowing me to save as LOG file only. Please find attached all these files....

[magna86]

notice to self; routher?




Hi rajuvprasad,

It looks like this isn't FP, the detections are real according to avast! team. So, we'll need to find the source. We're back to the beginning again ...

GMER isn't fully compatible with Windows 8.1 kernel. I was hoping for some results but ...

Tell me how is avast! acts after running this script;




1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Reboot:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Hi Sir,

Please find attached the fixlog file...

Again after the restart, the notification arrives...

[magna86]

rajuvprasad, let's try to process the TcpIP's.





1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 139.162.16.110 8.8.4.4
Tcpip\..\Interfaces\{9AE547DC-4079-4730-B624-1C09BDFE47A3}: [DhcpNameServer] 139.162.16.110 8.8.4.4
Reboot:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Hi Sir,

Here is the log file...

Actually the restart was taking a long time (more than hour), so I had to abort the restart by long pressing the power button and had to start it again.

Let me know if I need to try this one more time...

[magna86]

Well, fix went successfully adn that is important. Have we achieved something?

Post me fresh FRST and Addition logs for re-analysist.

[REDACTED]

Hi Sir,

After the earlier restart, the notification still exists...

Here are the fresh logs...

[magna86]

Then, it is time to switch our tools and technique.

First step, we'll use Zoek and deeply diagnostic scan. Kindly note, this scan can take some time. If tools asks for internet conection, please allow.
Next one is  ZHP Diagnostic tool, one very valid alter tool to FRST and his diagnostic scope.

Yes, tell me. Gateway to this PC is your router, right? Router provide you the internet conection?






Step#1
Please download Zoek tool by Smeenk () from here and save it to your Desktop.
Unpack the archive...

• Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool. Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

CreateSRPoint;
netsh int ipv4 reset;b
netsh int ipv6 reset;b
StandardSearch;
AutoRuns;

• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

================





Step#2



Please download ZHPDiag to your desktop.

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Installing ZHPDiag

• Double-click zhpdiag.exe to start the installation.
  
• Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
  
• Click multiple times "Suivant" in the installation process.
  
• Click "Installer" when asked and "Terminer" once the installation is complete.

Running ZHPDiag

• Double-click the shortcut ZHPDiag on your desktop.
  
• The user interface will appear, now select "Configureren".
  
• If the tools default language isn't set to English, click in the bottom right corner on the icon "Sélectionner une langue" and choose "Anglais".
  
• Next, click on the icon in the bottom left "Diagnostic Options".
  
• ZHPDiag is now scanning your computer. Please wait patiently until the scan is finished.

[thumb]http://hijackthis.nl/smeenk/ZHPDiag.PNG[/thumb]

The ZHPDiag.txt logfile

• When finished, a logfile named "ZHPDiag.txt" will appear on your desktop.
  
• Please post the logfile for further review in your next comment.