yet another win32 downloder....

[Bicycle Rider]

Hi

Yeah, I got that notice that Spybot couldn't remove it because it was running. So I tried having Spybot scan upon start-up and it still didn't work, nor would running Spybot as administrator. Any other suggestions? Please use plain English, as I am no 'Zero Cool'.

[Juliet]

Instruction for producing the DDS and aswMBR logs

DDS Log

Download to your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• If a black Screen opens, just read the contents and do nothing.
• When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
• Copy/Paste the contents of 'DDS.txt' and the attach.txt into your post. Please do not use code wrap.
  
  

aswMBR Log

Important! Please do not perform any fix options offered in aswMBR

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
• Click the Scan button to start scan.
• If you are asked to update the Avast Virus database please allow it to do so.
• When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the DDS logs.

If the infection prevents you from obtaining logs please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.
Do not post other logs or use "code wrap" unless requested in that format.

---------------------------------------------------------------------------------------------

[Bicycle Rider]

OK, here are the two .txt pages (I don't know which is which, but you did say post both).
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2012 2:21:34 AM
System Uptime: 2/8/2014 5:48:04 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | F1A55-M LE R2.0
Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics | FM1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 867.289 GiB free.
D: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 11/14/2013 3:22:55 PM - Windows Update
RP68: 11/14/2013 3:27:03 PM - Windows Update
RP69: 11/18/2013 10:29:34 PM - Windows Update
RP70: 11/18/2013 10:49:33 PM - Windows Update
RP71: 11/23/2013 5:44:34 PM - Windows Update
RP72: 11/25/2013 11:44:15 AM - Windows Update
RP73: 12/4/2013 3:15:32 PM - Windows Update
RP74: 12/7/2013 9:12:59 PM - Windows Update
RP75: 12/7/2013 9:42:03 PM - Windows Update
RP76: 12/13/2013 5:26:40 PM - Windows Update
RP77: 12/13/2013 6:02:46 PM - Windows Update
RP78: 12/15/2013 2:26:20 PM - Windows Update
RP79: 12/20/2013 9:40:11 AM - Windows Update
RP80: 12/24/2013 10:06:28 AM - Windows Update
RP81: 1/1/2014 9:51:51 AM - Installed DeLorme Topo North America 10.0.
RP82: 1/1/2014 10:38:09 AM - Removed DeLorme Topo USA 8.0.
RP83: 1/7/2014 11:22:09 AM - Windows Update
RP84: 1/14/2014 3:27:55 PM - Windows Update
RP85: 1/21/2014 8:28:25 PM - Windows Update
RP86: 1/21/2014 8:37:36 PM - Windows Update
RP87: 1/27/2014 9:35:10 AM - Windows Update
RP88: 2/5/2014 9:43:18 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe ActiveShare 1.2
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Advertising Center
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
BufferChm
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D4100
D4100_Help
DeLorme Topo North America 10.0
DeviceDiscovery
DolbyFiles
Eudora
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImagXpress
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.6.5 (64-bit)
K-Lite Codec Pack 9.6.5 (Full)
Kazoo Player
KeyBar 1.8 Toolbar
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.2.2
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Photo Story 3 for Windows
Picasa 3
PL-2303 USB-to-Serial
Ralink Wireless LAN
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Search Protect by conduit
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
SF_CDA_ProductContext
SF_CDA_Software
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
WebReg
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/5/2014 9:30:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.107.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/5/2014 9:30:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2713.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/5/2014 9:30:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2713.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/5/2014 9:30:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2713.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/5/2014 12:03:53 PM, Error: Service Control Manager [7000] - The Search Protect by Conduit Updater service failed to start due to the following error: The system cannot find the file specified.
2/5/2014 10:18:59 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/5/2014 10:18:59 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/1/2014 6:30:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2713.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/1/2014 6:30:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2713.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/1/2014 6:21:24 PM, Error: NetBT [4321] - The name "CHRIS-PC :0" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
2/1/2014 6:21:23 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9ABBAC66-B5E1-4C58-BE9B-DCE4C3FFF2E4} because another computer on the network has the same name. The server could not start.
2/1/2014 6:21:23 PM, Error: NetBT [4321] - The name "CHRIS-PC :20" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.21.2
Run by chris at 17:52:02 on 2014-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7633.5821 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portal.truvista.net/zmail/?account=5xxlzs9FoNSY2pDzBjWlx8QbrA40DGB2adaepeWUp0QxeCleKkN0K2mDFuKi7kLHoKXPPXTpAicDshBQoLopit%2BuBrQiElmc34Ob6HBUgQ8k3C7UkiQROUYfNmDQm4YdFZCcGSqUlmGUTtaluhVIrWe8TKpeEUcnLnp71Y0U4Ko%3D&zmuser=bicyclerider&autologin=true
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: KeyBar 1.8 Toolbar: {9ED31F84-C8B3-4926-B950-DFF74047FF79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\chris\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYMANT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\1033\OLFSNT40.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{46746935-033A-4264-8F76-E4937AEDAD6D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9ABBAC66-B5E1-4C58-BE9B-DCE4C3FFF2E4} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-8 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-8 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-8 726160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
.
=============== Created Last 30 ================
.
2014-02-05 14:43:27 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D48E94CF-AF6D-44EB-A666-FBD9EEFC43ED}\mpengine.dll
2014-01-27 14:35:18 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-23 15:58:11 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84402274-0421-42AA-A15B-664E3C63BF0D}\gapaengine.dll
2014-01-22 01:23:45 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-22 01:23:44 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-22 01:23:44 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-22 01:23:44 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-22 01:23:44 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-22 01:23:44 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-22 01:23:44 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-22 01:23:40 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-22 01:23:39 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M ====================
.
2014-02-08 22:50:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-08 22:50:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
1998-12-09 02:53:54 99840 ----a-w- C:\Program Files (x86)\Common Files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- C:\Program Files (x86)\Common Files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- C:\Program Files (x86)\Common Files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- C:\Program Files (x86)\Common Files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- C:\Program Files (x86)\Common Files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- C:\Program Files (x86)\Common Files\IRASRIAL.DLL
.
============= FINISH: 17:52:27.18 ===============

[Juliet]

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When finished please post these logs.

[Bicycle Rider]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-08 17:58:09
-----------------------------
17:58:09.127 OS Version: Windows x64 6.1.7601 Service Pack 1
17:58:09.127 Number of processors: 4 586 0x100
17:58:09.127 ComputerName: CHRIS-PC UserName: chris
17:58:11.218 Initialize success
18:14:26.713 AVAST engine defs: 14020800
18:16:55.256 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:16:55.256 Disk 0 Vendor: ST1000DM003-9YN162 CC4H Size: 953869MB BusType: 3
18:16:55.334 Disk 0 MBR read successfully
18:16:55.334 Disk 0 MBR scan
18:16:55.350 Disk 0 Windows 7 default MBR code
18:16:55.350 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:16:55.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
18:16:55.459 Disk 0 scanning C:\Windows\system32\drivers
18:17:06.878 Service scanning
18:17:27.205 Modules scanning
18:17:27.205 Disk 0 trace - called modules:
18:17:27.221 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:17:27.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007779060]
18:17:27.221 3 CLASSPNP.SYS[fffff8800194843f] -> nt!IofCallDriver -> [0xfffffa8006febd10]
18:17:27.221 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074c3060]
18:17:28.843 AVAST engine scan C:\
19:04:47.518 Scan finished successfully
19:11:12.776 Disk 0 MBR has been saved successfully to "C:\Users\chris\Documents\MBR.dat"
19:11:12.823 The log file has been saved successfully to "C:\Users\chris\Documents\aswMBR.txt"


Thanks much. Has it been removed or is there more I have to do?

[Bicycle Rider]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by chris on Sat 02/08/2014 at 19:23:10.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\chris\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\surfcanyon.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.bhosite
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\surfcanyon.bhosite.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\surf canyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5542F331-FA98-468B-8E96-1A2651935DD4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9ed31f84-c8b3-4926-b950-dff74047ff79}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\chris\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\chris\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\chris\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\chris\appdata\locallow\surfcanyon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Failed to delete: [Folder] "C:\Program Files (x86)\surf canyon"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/08/2014 at 19:29:01.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Bicycle Rider]

This was already open on my desktop upon restart. I'm Ass-U-Me-ing this is the report you want.

# AdwCleaner v3.018 - Report created 08/02/2014 at 19:39:22
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3Y6QHJA\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files (x86)\KeyBar_1.8
Folder Deleted : C:\Users\chris\AppData\LocalLow\KeyBar_1.8

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C52904F6-D6B4-43FA-8912-3054F9716204}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF042712-1244-4523-A026-6D5809822BA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.8
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [3632 octets] - [08/02/2014 19:32:14]
AdwCleaner[S0].txt - [3392 octets] - [08/02/2014 19:39:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3452 octets] ##########

[Bicycle Rider]

Now I'm getting two pop-ups upon startup. Both say the same thing:

RUN DLL

c:\users\chris\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

Could not be found.

Or words to that effect (the file name is correct).

[Juliet]

Now I'm getting two pop-ups upon startup. Both say the same thing:

RUN DLL

c:\users\chris\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

Could not be found.

Or words to that effect (the file name is correct).

yes, thats from the infection. Probably means only partly removed at this point.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the logs from the next scanner will be long, just make multiple post as needed.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Bicycle Rider]

It gave me powercleaner again, and something called smart cleaner. Both scan, then tell me I have to buy their product to fix the problems they 'found'. I am very suspicious of 'free' programs that do this. Just how bad is this Win32 downloader (assuming it's still in my system) anyway?