Also i have looked in the regedit and i did find some strange things like the url mal link inside of the WPAD regedit folder it might be something to look into.
Thanks for info, this might help. Yes, detection is wPAD related.
Essexboy and I, we are still investigate it as it would seems that detection is real but we can't locate the source.
I have few shots before I start to get into loop of hunting but first, let's preform that registry and system search.
Step#1Please download
SystemLook by jpshortstuff and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exeAlter download link: http://images.malwareremoval.com/jpshortstuff/SystemLook.exe- Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.Highlight and copy the following entries: into SystemLook's main text entry window.
:filefind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*
:folderfind
*browserupdatecheck*
*wpad*
*wpad.browserupdatecheck.in*
:Regfind
browserupdatecheck
wpad
wpad.browserupdatecheck.in
Press the
Look button to start the scan. The scan will take a while (porhaps, even more than hour), so please be patient...
When finished, a Notepad window will open with the results of the scan.
A file will be created (on your Desktop) with the results of the scan, named
SystemLook.txtPlease post the contents of the SystemLook.txt file in your next reply.
----------------------------------------
Step#2Please download
RogueKiller x64bi version from the link below and save it to your Desktop:
Notice: download free version of the tool, links are belowhttp://www.adlice.com/softwares/roguekiller/Launch the program. Wait for the Prescan to finish. Hit the “Scan” button. Wait for the scan to finish.
Leave all boxes checked, hit that “Delete” button. Wait for the end of deletion.
Please post me here RogueKiller report file.