cannot remove Win32.downloader malware

[halibrewer]

thank you tashi for your response. I have tried running spybot as administrator and at startup several times. I have followed your instructions.
here is the dds have
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by H at 9:02:12 on 2014-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.1871 [GMT 0:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = localhost:8118
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.symantec.com
uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
uURLSearchHooks: {81d24ea1-3106-46a5-a324-fa96b8178519} - <orphaned>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: AF-HSS Toolbar: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\H\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5}\74357475C414E4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{62A4F96F-62B9-4067-9009-0BF19CAD32FB} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\citrix\icacli~1\rshook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-27 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-27 207904]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-13 55024]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-21 316248]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-12-28 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-12-28 1147480]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-27 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-1-27 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-27 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-27 421704]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-25 521944]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-30 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-12-21 282648]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-12-21 397784]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-27 78648]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-5 133944]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-27 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-27 113704]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-10-13 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s --> C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s [?]
R2 lxcy_device;lxcy_device;C:\Windows\System32\lxcycoms.exe -service --> C:\Windows\System32\lxcycoms.exe -service [?]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-12-28 275696]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-21 1444120]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-28 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-8-3 243232]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-27 80184]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-3 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-3 1108000]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
S1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-12-28 162392]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-12-28 264280]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-12-28 590936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-6-13 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-2-22 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-3 245280]
S3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-6-13 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-31 22:36:31 0 ----a-w- C:\Windows\SysWow64\sho2754.tmp
2014-01-29 18:00:14 0 ----a-w- C:\Windows\SysWow64\sho9680.tmp
2014-01-27 16:30:29 -------- d-----w- C:\Users\H\New folder
2014-01-27 15:18:27 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-01-27 15:17:54 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-01-27 15:10:12 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-01-27 15:10:12 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-27 15:10:11 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-27 15:10:11 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-27 15:10:11 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-27 15:10:11 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-27 15:10:02 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-27 12:34:38 -------- d--h--w- C:\Users\H\AppData\Roaming\AVAST Software
2014-01-27 12:28:33 -------- d-----w- C:\Program Files\AVAST Software
2014-01-27 12:27:39 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-25 18:06:09 -------- d-----w- C:\Program Files\iPod
2014-01-25 18:06:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 18:06:08 -------- d-----w- C:\Program Files\iTunes
2014-01-25 18:06:08 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-25 18:03:08 -------- d-----w- C:\Program Files\Bonjour
2014-01-25 18:03:08 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-01-25 16:40:16 -------- d-----w- C:\ProgramData\Logs
2014-01-20 09:58:21 -------- d--h--w- C:\Users\H\AppData\Local\LogMeIn Rescue Applet
2014-01-20 09:56:28 -------- d-----w- C:\Users\H\AppData\Local\Conduit
2014-01-19 12:16:44 0 ----a-w- C:\Windows\SysWow64\sho42FE.tmp
2014-01-17 22:43:58 0 ----a-w- C:\Windows\SysWow64\sho9097.tmp
2014-01-17 18:50:57 -------- d--h--w- C:\Users\H\AppData\Local\Oxford University Press
2014-01-17 18:50:57 -------- d-----w- C:\Users\H\AppData\Roaming\Oxford University Press
2014-01-17 18:08:57 -------- d-----w- C:\Program Files (x86)\Oxford University Press
2014-01-16 01:50:40 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:56:20 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 08:56:20 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 08:56:20 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 08:56:20 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 08:56:20 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 08:56:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 08:56:20 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 08:55:58 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 08:55:48 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-08 00:30:56 0 ----a-w- C:\Windows\SysWow64\shoAEC8.tmp
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-05 17:41:13 0 ----a-w- C:\Windows\SysWow64\shoE7DE.tmp
2014-01-04 16:50:33 -------- d-----w- C:\Users\H\AppData\Local\Amazon Cloud Player
.
==================== Find3M ====================
.
2014-02-02 19:47:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-02 19:47:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-03 22:30:09 0 ----a-w- C:\Windows\SysWow64\sho5A20.tmp
2013-12-28 19:51:08 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-24 02:14:04 0 ----a-w- C:\Windows\SysWow64\sho6F57.tmp
2013-12-21 22:56:32 316248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-12-12 10:01:10 0 ----a-w- C:\Windows\SysWow64\shoAE89.tmp
2013-12-03 22:30:00 0 ----a-w- C:\Windows\SysWow64\sho51F.tmp
2013-12-01 09:37:00 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-01 09:37:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 14:44:44 19392 ----a-w- C:\Windows\System32\roboot64.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:58:41 0 ----a-w- C:\Windows\SysWow64\shoA43B.tmp
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 9:05:21.68 ===============

here is the aswmbr
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-03 09:13:01
-----------------------------
09:13:01.741 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.741 Number of processors: 4 586 0x2505
09:13:01.742 ComputerName: HALIMAB-PC UserName: H
09:13:03.447 Initialize success
09:13:06.621 AVAST engine defs: 14020201
09:13:11.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:13:11.409 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:13:11.544 Disk 0 MBR read successfully
09:13:11.549 Disk 0 MBR scan
09:13:11.556 Disk 0 Windows 7 default MBR code
09:13:11.561 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
09:13:11.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
09:13:11.591 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
09:13:11.609 Disk 0 scanning C:\Windows\system32\drivers
09:13:26.022 Service scanning
09:13:53.399 Modules scanning
09:13:53.414 Disk 0 trace - called modules:
09:13:53.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:13:53.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007007060]
09:13:53.929 3 CLASSPNP.SYS[fffff8800161c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faa050]
09:13:54.865 AVAST engine scan C:\Windows
09:13:57.455 AVAST engine scan C:\Windows\system32
09:16:52.978 AVAST engine scan C:\Windows\system32\drivers
09:17:11.495 AVAST engine scan C:\Users\H
09:18:28.952 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat"
09:18:28.968 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt"

[Juliet]

Hi and welcome

I can see a lot of things going on here.

Avast and Norton Internet Security. One might be a paid for subscription that has expired?
Need to get this down to just 1 antivirus on your computer or we will not be able to run all the necessary scans. Let me know if you need any uninstall tools.

~~~~~~~~~~~~~~~~~~~~~~~~~

P2P software/programs are a major contributor to infections. I see you have uTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.




We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.

1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
2. If prompted with a legal dialog, accept the warning.
3. Click and then on "Advanced Mode"
   
4. You may be presented with a warning dialog. If so, press
5. Click on
6. Click on
7. Uncheck this checkbox:
   
8. Close/Exit Spybot Search and Destroy

~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At times this scanner will appear to be stalled, on a heavily infected computer it can take quite a while to finish, please be patient. To check that the tool is still running, open task manager and look for JRT.exe.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

[halibrewer]

I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.

Shall I continue to step involving the Junkware removal tool?

# Username : H - HALIMAB-PC
# Running from : C:\Users\H\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\AF-HSS
Folder Deleted : C:\Users\H\AppData\Local\Conduit
Folder Deleted : C:\Users\H\AppData\Local\PackageAware
Folder Deleted : C:\Users\H\AppData\Local\torch
Folder Deleted : C:\Users\H\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\H\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\H\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\H\AppData\LocalLow\AF-HSS
Folder Deleted : C:\Users\H\AppData\Roaming\file scout
Folder Deleted : C:\Users\H\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\FCTB
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Conduit
Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\ConduitCommon
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\searchplugins\safesearch.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\safesearch.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\user.js
File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E61616DF-C0BE-4249-BAA7-7E45F35DB468}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\AF-HSS
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\AF-HSS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "ea5fbbb30000000000001c659d5ff28d");
Line Deleted : user_pref("extensions.delta.instlDay", "15855");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.59:33:13");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119943&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391416351804");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxps%3A//www.google.co.uk/");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV0b29saWQmcD0%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15957 octets] - [03/02/2014 17:38:52]
AdwCleaner[R1].txt - [16018 octets] - [03/02/2014 17:41:27]
AdwCleaner[S0].txt - [15745 octets] - [03/02/2014 17:42:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15806 octets] ##########

[Juliet]

I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.

Shall I continue to step involving the Junkware removal tool?

Yes please, as suspected this machine is heavily infected

http://www.bleepingcomputer.com/down...-removal-tool/ <--Norton removal tool

[halibrewer]

here is the JRT file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by H on 03/02/2014 at 18:23:45.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2413547309-3373987886-2876452647-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho13A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1441.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1637.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1693.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho17AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho19B9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1BBB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2754.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho28A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2CBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2CE9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3A8A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4089.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho421A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho42FE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho44C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4885.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho492C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4A38.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4AC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4D97.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4F5C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho501.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho50BE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho51F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5634.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho56D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5811.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5A20.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho637D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6580.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho65AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho65F9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6A65.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6EBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6F57.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6FF6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7105.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho782C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7AB3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7C1F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho81A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8664.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho87C3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8B4C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8DEC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9097.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho964B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9680.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho96B2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho97C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho99A4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA0F0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA43B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA54C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAB1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE89.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE93.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAEC8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB00.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB078.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB0D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB2B3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB5ED.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB83.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB891.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA11.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA7A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1E8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC40F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC4EB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC566.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCCEF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCDE5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD750.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDA82.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDC56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDDAF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDE75.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE4D9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE5DC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE738.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE7DE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAB0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAC4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAFC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC55.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoED59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEFDC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF181.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF53E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFB5B.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\H\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{10BC6893-BA3B-447B-825B-032B1BB23DF2}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{396F670F-8621-4F73-8EE4-21DB51254B8A}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{63CA1F15-0125-4A4C-8F1F-07417D11E304}
Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{83D27F20-138E-4E30-B736-B201D9DB157D}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\fctb
Successfully deleted the following from C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\prefs.js

user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391449741251");
user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "www.google.com");
user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV
user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
user_pref("keyword.URL", "hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=");
Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\qywyl651.default\minidumps [18 files]
Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/02/2014 at 18:38:02.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[halibrewer]

Have run the Norton removal tool now, too. but on restart, I got the warning message 2x "There was a problem starting C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

[Juliet]

That should had made a difference?


let's see if we can find some left overs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Tweaking.com Registry Backup


Tweaking.com Registry Backup

• Download the tool found here to your Desktop so it is easy to find.
• Double click on the file you just downloaded
  to install it to your system.
  
• Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
  **Note** The tool should automatically open to the Backup Registry tab.
  
  
  
• Press Backup Now
• When the back up is complete, the tool will tell you that Successful */* Files Backed Up
• You have now successfully backed up your Registry.

Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.