Sangrail

Many thanks for your kind and patient help! Sangrail

So: Security Check log Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

Oops - I meant not

You're right - it's the little switch in the top left. C and P was fine everywhere else, just not here. Anyhow, have you led me to the end of my cleanup adventure? )

Here's the JavaRa log: www.pastebin.com/aMQab2Vs I seem to have lost the ability to cut-and-paste onto this forum! Sangrail

Thanks! Here's yesterday's fixlog: http://www78.zippyshare.com/v/948694/file.html

Thanks again - I'll need to sort out Java tomorrow evening. Will the FRST also get rid of the three Kryptik.ARH Trojans mentioned near the bottom of the list in post #28? The FRST log is enormous - too large for Pastebin - any tips? Good night, for now. )

Finally, Security Check: Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Reader 9 Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log``````````````````````

ESET file: C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\hk64tbVuz2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\hktbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\ApnStub.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\nsmF4FC.tmp.tbFLV_.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\tbedrs.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\tbFLV_.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\FreeTorrentViewer\SearchResultsToolbar.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\nss1FA3\SpSetup.exe.xBAD a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q491BF33\h0s5c6gcj3[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q491BF33\ppbme9d68g[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQNK3YDD\tx17nhjdoz[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4163e28e-77c4c83d multiple threats C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\55e7adb1-66012493 multiple threats C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3956c009-75ef54d7 multiple threats

HitmanPro: HitmanPro 3.7.9.216www.hitmanpro.com Computer name . . . . : KRISTOF-TOSH Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Kristof-Tosh\Kristof UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-06-16 23:16:09 Scan mode . . . . . . : Normal Scan duration . . . . : 7m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 60 Objects scanned . . . : 1,596,909 Files scanned . . . . : 49,111 Remnants scanned . . : 468,728 files / 1,079,070 keysPotential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)Cookies _____________________________________________________________________ C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\0SY5CPN0.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\0VS2JFYM.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\1HCY2PLS.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\1W4QS8XY.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\20KT58LF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2I2B5DWP.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2KZEGKNE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2V7X7JUA.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\3YCJVDWG.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\5H83VVI2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\6GRMTSRL.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\70TQT9AF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\7SENHPAW.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\96P7ZK5P.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\A6Y1J8W5.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\B01V1AXD.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\B897O8NC.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\BHWUTXAY.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\CV0K230H.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\D757V3YV.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\DR9DLD32.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\F8VIRVBK.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FIBJ6KX2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FPBNWUI4.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FSQZIVXV.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\G0QQX243.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\GE5X710O.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\H8NB6OUG.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\HEMCB4KH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\IB01F4C5.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\IB35D1PH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\J3V304WR.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\JGIC41FR.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\JTQ4N0Z4.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\LR40ISS2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\LVW248UZ.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\M35QFPKB.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\NP55ZFO6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\PCTBZ6WH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\PYV5WPU6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\Q32P3WTB.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\QFOKUKNE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\QPTI3FLE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\SCFCRB0A.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\SX17707U.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\T4GVOBT6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\TJ20MTB0.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\UWS9B5XA.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\UZR9LOLF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\WUMACZRQ.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\Z1XWE7XK.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\ZHCKV0D3.txt

Thanks! TDS now - http://pastebin.com/ESWVm2gW

Should I delete all the items identified in the Roguekiller report?

RogueKiller: http://pastebin.com/wYB8rNYa

RKill: Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/16/2014 10:35:28 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/16/2014 10:37:54 PM Execution time: 0 hours(s), 2 minute(s), and 25 seconds(s)

OK - Malware again: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/06/2014 Scan Time: 21:59:49 Logfile: 16Jun2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.16.07 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristof Scan Type: Threat Scan Result: Completed Objects Scanned: 275158 Time Elapsed: 24 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa63398e-322b-4833-9af3-15837ad12138}, Quarantined, [b8fa10631566e65020231c229e64e31d], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [49691b580279ee488bb764da31d1b64a], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [832fef84631875c19dbb1b5d13ef629e], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

...and from JRT Ran by Kristof on 16/06/2014 at 17:52:31.88 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16/06/2014 at 18:03:41.33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...and the ADw report # AdwCleaner v3.212 - Report created 16/06/2014 at 17:40:01 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Kristof - KRISTOF-TOSH # Running from : C:\Users\Kristof\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\FileCure Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\Kristof\AppData\Local\Conduit Folder Deleted : C:\Users\Kristof\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\Kristof\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\Kristof\AppData\Roaming\DriverCure ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ParetoLogic ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16555 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Kristof\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4904 octets] - [16/06/2014 17:38:20] AdwCleaner[s0].txt - [4594 octets] - [16/06/2014 17:40:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4654 octets] ##########

Good afternoon! Here's the Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15/06/2014 Scan Time: 21:42:32 Logfile: 15JunLog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.15.05 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristof Scan Type: Threat Scan Result: Completed Objects Scanned: 274323 Time Elapsed: 34 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [377b83f0136842f4e97edb9cad5548b8], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [377b83f0136842f4e97edb9cad5548b8], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa63398e-322b-4833-9af3-15837ad12138}, No Action By User, [e6cc6f0424578caa89c992ab38cad729], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [6a48363d04773ff78cc54cf1c73b13ed], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Thanks, here's the log: Farbar Service Scanner Version: 10-06-2014 Ran by Kristof (administrator) on 15-06-2014 at 20:15:37 Running from "C:\Users\Kristof\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****

I have backed up using the 'fallback method', since the program could not use the volume shadow copy service - is this OK?

Thanks. Result of scan: Farbar Service Scanner Version: 10-06-2014 Ran by Kristof (administrator) on 15-06-2014 at 12:45:19 Running from "C:\Users\Kristof\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs". The ServiceDll of winmgmt: "C:\PROGRA~3\54B3A3B70419D8318008E045557603FC\0lmq237.dot". Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****

Good morning, and many thanks - Vuze is now uninstalled. Attached is the fixlog, as requested. Fixlog.txt

OK - the only one left now is Vuze, which I can't get REVO to recognise and uninstall.

When I try to uninstall Vuze, I get this message: No JVM could be found on your system. Please define EXE4J_JAVA_HOME to point to an installed 64-bit JDK or JRE download a JRE from www.java.com When I try to uninstall ASK toolbar and the Paretologic pc health advisor it says it says wait while the current program is being uninstalled. Filecure, flv and search results have uninstalled.

Hello! I would welcome your help to clean the computer as far as possible. Sangrail