wpad.browserupdatecheck.in/wpad.dat infection

[REDACTED]

I have had popups from avast, every 10 minutes or so, that it just blocked an infection http://wpad.browserupdatecheck.in/wpad.dat. This has been going on for about 4 days now

[REDACTED]

avast also says that the infection is URL:Mal and the process is C:\windows\System32\svchost.exe

[essexboy]

Could you also attach the search txt as well

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

ok

[REDACTED]

oops sorry, I didnt select additions, one sec

[REDACTED]

here, is the FRST and Addition txt

[essexboy]

Do you now that you also have Norton and parts of McAfee still running ?

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1988871788-1466846848-2973272998-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1988871788-1466846848-2973272998-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
2015-07-05 21:48 - 2015-07-05 21:48 - 00125640 _____ (TweakBit) C:\Users\matt\Downloads\speedtest-optimizer.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Right click this link and select Save target as https://dl.dropboxusercontent.com/u/73555776/tcpip.reg
Save the TCPIP.reg to your desktop
Double click the file and allow to merge
Accept the warnings and reboot on completion

[REDACTED]

do I merge the file before resart? because FRST is telling me to restart now, here is the fixlog

[REDACTED]

ok so I did that, Is that all i have to do?

[essexboy]

Have the alerts now ceased ?