Runn DLL

[Gorby]

By doing scan with spybot 1.6 displays a Win32.Downloader.gen folder that could not eliminate even as administrator. When searching here on the forum I saw that had to download spybot 2.2 to solve the problem. I installed this program and he sent the files that were in quarantine folder where they remain. When you restart the PC appeared this message.

Spybot.jpg


I appreciate a help to solve the problem. Thanks.
-------------------------------------------------------
Edit
Forum FAQ for future reference. http://forums.spybot.info/showthread.php?t=288

[Juliet]

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
  

[Gorby]

Hello Juliet. Best Regards.

My Norton 360 antivirus lets not install Farbar Recovery Scan Tool. It deletes the file.

The translation of .jpg

There was a problem starting the
C \ Users \ BUSH \ AppData \ Local \ Conduit \ BackgroundContainer \ BackgrounContainer.dll
Could not find the specified module.

[Gorby]

I turned off Norton for a while and did the scan. Here is the result.FRST.txtAddition.txt

[Juliet]

I see you have peer-to-peer (P2P) file sharing software installed on your computer (Bit Torrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

• Risks of File-Sharing Technology
• P2P Software User Advisories
• More malware is traveling on P2P networks these days

Your P2P software can be removed by following the instructions below.

• Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

**


Please go to add/remove programs and uninstall
BitTorrent
Pandora Service

~~~~
You may have to disable your antivirus protection to run these tools.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
FF SelectedSearchEngine: Conduit Search
FF Plugin HKU\S-1-5-21-254876875-3501504866-2801950793-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BUCHA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {D72E0337-43D7-4EC0-ADB4-80201258D3D6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\BUCHA\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:D1B5B4F1
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


~~~

Please post
Fixlog.txt
AdwCleaner.txt

[Gorby]

I think I have done everything right. The PC restarted and will not appear that Run Dll window. Together the results you requested.

AdwCleaner[R1].txt and Fixlog.txt

[Juliet]

I think I have done everything right. The PC restarted and will not appear that Run Dll window. Together the results you requested.

Good. Let's continue.

Please run a Threat Scan with Malwarebytes' Anti-Malware.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and
from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

********************************************

After you run Malwarebytes Anti-Malware and allow it to quarantine what it finds, post that log and please tell me what your computer is doing now.

[Gorby]

Já fiz o scan com Malwerbytes e envio o resultado. Obrigado.

Scan Malwerebytes.txt

[Juliet]

ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  
  
• Ensure Remove found threats is unchecked.
• Click Change... next to Current scan targets: Operating memory, Local drives
• Place a checkmark next to any additional drives you wish to scan and click OK
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
  

How is your computer now?

[Gorby]

I've done the scan with Malwerbytes and sending the result.

Sorry but I had forgotten to translate the message. Restarted the computer and is functioning normal.