System32\dmwu.exe located by firewall

Hello, I’ve been cleaning a friend’s pc lately. I found lots of adware and tried to clean it, i ran about 3-4 deep avast! Free Antivirus scans, and half a boot scan (I stopped it at 45%). In the last deep scan it found only 1 virus and I deleted it.
I’ve just installed a firewall, privatefirewall, and it found System32/dmwu.exe trying to execute. I blocked it since it had no digital signature, but avast! didn’t found any problem when scanning it. Searching over the internet, a lot of sites said this is a malware, and some said not, some say it comes with SweetPacks (which was obviously on this pc before cleaning) so I don’t know whether or not I have to delete it.

Further info: The process isn’t active right now, and I was notified by the firewall when it was trying to execute System32\ARFC\wrtc.exe, associated with incrediMail (which was obviously on this pc before cleaning).
The registry did not have lots of keys containing this…
http://postimg.org/image/y0jfm78z1/

Thank you in advance

and it found System32/[b]dmwu.exe[/b]
upload and test suspicious file(s) at one of these places www.virustotal.com / www.metascan-online.com / www.jotti.org

how to recive help instuctions https://forum.avast.com/index.php?topic=53253.0

I can’t upload the file

http://postimg.org/image/583xum3hp/

Ok I changed location (desktop) and I was able to upload

report: https://www.virustotal.com/en/file/4e32eca46980c91dd89b274f0e482860499e3a0c198f7f9bc4ccefcb8963ecfe/analysis/1410191547/

Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.Perinet 20140908
Baidu-International Adware.Win32.Perinet.AaRc 20140908
Fortinet Riskware/Perinet 20140908
Kaspersky not-a-virus:WebToolbar.Win32.Perinet.d 20140908
McAfee Artemis!76117C651FAE 20140908
McAfee-GW-Edition Artemis 20140908
Panda Trj/Chgt.E 20140908
TrendMicro-HouseCall Suspicious_GEN.F47V0827 20140908
AVG 20140908
AVware 20140908
Ad-Aware 20140908
… and so on no virus

not virus but a PUP
PUP = not virus / Possible Unwanted Program … crap programs that comes bundled with other downloads … like unwanted toolbars/search engines/adware

clear the crap with Malwarebytes and AdwCleaner

ok it seems a BHO, since it is connected with IBOUpdaterService

in virustotal … click file detail for file info

if you want to see what it does, upload here http://www.threatexpert.com/submit.aspx
alternatives http://camas.comodo.com/ / https://anubis.iseclab.org/