Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a spyware that I can't seem to get rid of


  • This topic is locked This topic is locked
11 replies to this topic

#1 panda234

panda234

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 September 2016 - 03:54 PM

I have some kind of spyware that has infected my chrome browser. I tried Firefox and the same thing happens. I am getting weird ads, especially on CNN. Here is an example posted on my Gyazo site:

 

https://gyazo.com/2ad38a6d5fc8857ea9fdbdc21a44662e

 

They make browser "jerky" and of course is probably doing something in the background. I've tried Ad Aware, Adware Removal by TSA, ADWcleaner, AVG, Malwarebytes, Panda, Norton and Macafee. Most clean it up for a minute or two but then it comes back. I've tried the programs in regular and safe modes. I'm running Win 7 on a 64GB SSD and have a 2TB HD and a 256GB SSD in addition to the OS drive. 

 

Any help appreciated. 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:59 PM

Posted 24 September 2016 - 04:06 PM

Hello! My name is The Codesee, nice to meet you   :)

 

Quote

I've tried Ad Aware, Adware Removal by TSA, ADWcleaner, AVG, Malwarebytes, Panda, Norton and Macafee.

 

It's never a good idea to have multiple anti-virus programs installed at once as they can conflict with each other. Are all the programs in bold in the quote above currently installed on your PC?

 

Please follow the steps below:

 

:step1: Please download MiniToolBox to your desktop
 

1. Double click MiniToolBox

2. Select the items below and press go

3. Post the log in your next reply

  • List Installed Programs
  • List Restore Points
  • List last 10 Event Viewer log
  • Flush DNS
:step2: Please download Security Check to your desktop
 

1. Double click SecurityCheck and follow the on-screen instructions.

2. A log should open called checkup.txt.

3. Post the log in your next reply

 

:step3: Please download TFC (Temp File Cleaner) to your desktop

 

1. Close all open applications

2. Double click TFC

3. Click the start button and the program will run

4. When done, press OK to restart your computer

 

Logs I expect in your next reply:

  1. MiniToolBox Log
  2. Security Check Log

Edited by The_Codesee, 24 September 2016 - 04:08 PM.


#3 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 September 2016 - 05:17 PM

Hi, Bill here. Thx for the quick reply.

 

No, I ran the programs above one at a time. 

 

Just now I received a popup. I was able to exit chrome no problem. Here is the link. 

 

https://gyazo.com/5c0308b760d31e29da0f03a0f7815ac4

 

Below are the log files as requested. 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Billg (administrator) on 24-09-2016 at 19:01:33
Running from "C:\Users\Billg\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/24/2016 05:19:43 PM) (Source: MsiInstaller) (User: BILL2700)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
 
Error: (09/24/2016 05:19:43 PM) (Source: MsiInstaller) (User: BILL2700)
Description: Product: iTunes -- There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor.
 
Error: (09/24/2016 04:33:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2016 02:46:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2016 01:55:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2016 01:43:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2016 01:36:30 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program BDUARemovalTool.exe because of this error.
 
Program: BDUARemovalTool.exe
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (09/24/2016 01:36:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: BDUARemovalTool.exe, version: 0.0.0.0, time stamp: 0x56cda1c2
Faulting module name: bdnc.dll, version: 2.2.2.578, time stamp: 0x53ac070d
Exception code: 0xc000001d
Fault offset: 0x00000000000b1c32
Faulting process id: 0x9c8
Faulting application start time: 0xBDUARemovalTool.exe0
Faulting application path: BDUARemovalTool.exe1
Faulting module path: BDUARemovalTool.exe2
Report Id: BDUARemovalTool.exe3
 
Error: (09/24/2016 01:31:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2016 01:29:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: BDUARemovalTool.exe, version: 0.0.0.0, time stamp: 0x56cda1c2
Faulting module name: htmlayout.dll, version: 3.3.3.7, time stamp: 0x4e0555fa
Exception code: 0xc0000005
Fault offset: 0x00000000000fc13c
Faulting process id: 0x788
Faulting application start time: 0xBDUARemovalTool.exe0
Faulting application path: BDUARemovalTool.exe1
Faulting module path: BDUARemovalTool.exe2
Report Id: BDUARemovalTool.exe3
 
 
System errors:
=============
Error: (09/24/2016 04:33:27 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (09/24/2016 04:32:33 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20 = The system cannot find the device specified.
 
 
Error: (09/24/2016 02:45:38 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20 = The system cannot find the device specified.
 
 
Error: (09/24/2016 01:53:26 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20 = The system cannot find the device specified.
 
 
Error: (09/24/2016 01:52:16 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/24/2016 01:52:15 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/24/2016 01:52:15 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/24/2016 01:52:14 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/24/2016 01:52:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (09/24/2016 01:52:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
 
Microsoft Office Sessions:
=========================
Error: (04/27/2015 03:01:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-05-29 15:55:14.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 15:48:29.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 15:34:49.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-28 18:42:47.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-27 15:14:16.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-27 15:07:36.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-27 15:00:44.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-26 20:56:44.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-26 20:18:50.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-26 15:16:16.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
727 Captain (Freighter) Expansion Model [FSX/SE/P3D] 2.70 FSX (HKLM-x32\...\p723_fsx) (Version: 2.70 - © 1999-2016 Captain Sim)
737 Captain (737-200) Base Pack [FSX/SE] 1.70 FSX (HKLM-x32\...\p732_fsx) (Version: 1.70 - © 1999-2016 Captain Sim)
737 Captain (737-200C/F) Expansion Model [FSX/SE/P3D] 1.70 FSX (HKLM-x32\...\e733_fsx) (Version: 1.70 - © 1999-2016 Captain Sim)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Accu-Feel (HKLM-x32\...\Accu-Feel) (Version:  - )
Accu-Feel Air, Land, and Sea (HKLM-x32\...\Accu-Feel Air, Land, and Sea) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (HKLM\...\{05B0CF4A-564C-4549-913E-AE3EDA16971A}) (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}) (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.30 - Aerosoft)
aerosoft's - Mega Airport London Heathrow X (HKLM-x32\...\{2F4AF40B-433A-494E-BB41-816D113F32BA}) (Version: 1.10 - aerosoft)
aerosoft's - Mega Airport Paris CDG X (HKLM-x32\...\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}) (Version: 1.00 - aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
aerosoft's - VFR London X (HKLM-x32\...\{C1002665-A1DD-4764-AEDC-0769E09FAA4D}) (Version: 1.20 - aerosoft)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.6.8 - AivlaSoft )
AivlaSoft SimpleCam (HKLM-x32\...\AivlaSoft SimpleCam) (Version: 1.0.11 - Apprimus Informatik GmbH)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
AntimalwareEngine (HKLM\...\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}) (Version: 3.0.129.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aslain's WoT Modpack version 9.15.2.08 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.15.2.08 - Aslain)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.5 - ASUSTeK Computer Inc.)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Media Player 4.1.8.93 (HKLM-x32\...\AVS Media Player_is1) (Version:  - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
Delta Virtual Airlines ACARS 3.2 (HKLM-x32\...\DVA ACARS 3) (Version: 3.20 - Delta Virtual Airlines)
Delta Virtual Airlines ACARS Dispatch 2.0 (HKLM-x32\...\DVA ACARS Dispatch) (Version: 2.02 - Delta Virtual Airlines)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dropbox (HKCU\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
EditVoicepack X (HKLM-x32\...\{493687F8-8D57-47C4-87B6-D46D7C5203BF}) (Version: 4.0.7 - Bevelstone Production)
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
FlightBeam Phoenix Sky Harbor FSX (HKLM-x32\...\FlightBeam Phoenix Sky Harbor FSX_is1) (Version: 1.3.0 - FlightBeam)
FlightBeam San Francisco International FSX 2.0.1 (HKLM-x32\...\FlightBeam San Francisco International FSX 2.0.1_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FS Force 2 (HKLM-x32\...\FSForce2_is1) (Version:  - Dirks Software)
FSDreamTeam Dallas/Fort Worth International FSX/P3D 2.0.4 (HKLM-x32\...\FSDreamTeam Dallas/Fort Worth International FSX/P3D_is1) (Version:  - )
FSDreamTeam Fort Lauderdale-Hollywood FSX (HKLM-x32\...\FSDreamTeam Fort Lauderdale-Hollywood FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.)
FSDreamTeam Geneva FSX/P3D 1.4.2 (HKLM-x32\...\FSDreamTeam Geneva FSX/P3D_is1) (Version:  - )
FSDreamTeam Hawaiian Airports Volume 1 FSX/P3D 1.7.1 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 1 FSX/P3D_is1) (Version:  - )
FSDreamTeam Hawaiian Airports Volume 2 FSX/P3D 1.4.1 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX/P3D_is1) (Version:  - )
FSDreamTeam Honolulu International FSX/P3D 1.2 (HKLM-x32\...\FSDreamTeam Honolulu International FSX/P3D_is1) (Version:  - )
FSDreamTeam JFK FSX 1.2.4 (HKLM-x32\...\FSDreamTeam JFK FSX_is1) (Version:  - )
FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.4.3 - VIRTUALI Sagl)
FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.6.1 - VIRTUALI Sagl)
FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.)
FSDreamTeam Vancouver International FSX/P3D 1.0 (HKLM-x32\...\FSDreamTeam Vancouver International FSX/P3D_is1) (Version:  - FSDreamTeam)
FSDreamTeam ZurichX FSX (HKLM-x32\...\FSDreamTeam ZurichX FSX_is1) (Version: 2.5.5 - VIRTUALI s.a.s.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Ground Environment X Atlantic and Pacific Tropics (HKLM-x32\...\Ground Environment X Atlantic and Pacific Tropics) (Version:  - Flight One Software)
Ground Environment X Europe (HKLM-x32\...\Ground Environment X Europe) (Version:  - Flight One Software)
Ground Environment X North America (HKLM-x32\...\Ground Environment X North America) (Version:  - Flight One Software)
Ground Environment X North America (HKLM-x32\...\Ground Environment X North America1.096) (Version: 1.096 - Flight One Software)
Gyazo 3.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hawaii Oahu (HKLM-x32\...\MegaSceneryX_is1) (Version: 1 - PC Aviator Inc.)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
KMEM v1.1.2 for FSX (HKLM\...\{03EFC5C9-E507-4A80-A7E4-A67AAE976446}) (Version: 1.1.2 - BluePrint Simulations)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.266 - McAfee, Inc.)
McPhat DC-9 DELTA v1.0b025 (HKCU\...\McPhat DC-9 DELTA v1.0b025) (Version:  - )
Meeting Center Installer Module  (HKCU\...\UMClient) (Version: 5.16.2.72 - The Conferencing Center)
MegaSceneryEarth Detroit Ultra Res 001 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 002 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 003 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 004 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 005 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 006 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 007 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 007 2.0) (Version: 2.0 - MegaSceneryEarth)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version:  - )
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpusFSX for FSX and Prepar3D Flight Simulators (HKLM-x32\...\{5E993002-2D95-4EE5-BBD7-9E02A3B60EB1}) (Version: 3.55.1 - Opus Software Limited)
OryxSim Kelowna X: 2012 Edition (HKLM-x32\...\OryxSim Kelowna X: 2012 Edition) (Version:  - )
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\{456A8117-2915-414D-8435-AC57447C4E2D}) (Version: 8.31.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
PMDG 737 6700 NGX Expansion FSX (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 747X World Airliners COMBI v1.0b000 (HKCU\...\PMDG 747X World Airliners COMBI v1.0b000) (Version:  - )
PMDG MD11 American Airlines v1.0b000 (HKCU\...\PMDG MD11 American Airlines v1.0b000) (Version:  - )
PMDG MD11 World Airliners 1 v1.0b011 (HKCU\...\PMDG MD11 World Airliners 1 v1.0b011) (Version:  - )
PMDG MD11 World Airliners 2 v1.0b005 (HKCU\...\PMDG MD11 World Airliners 2 v1.0b005) (Version:  - )
PMDG MD11 World Airliners 3 v1.0b003 (HKCU\...\PMDG MD11 World Airliners 3 v1.0b003) (Version:  - )
PMDG MD11 World Airliners 4 v1.1b002 (HKCU\...\PMDG MD11 World Airliners 4 v1.1b002) (Version:  - )
PMDG MD11 World Airliners 5 v1.0b002 (HKCU\...\PMDG MD11 World Airliners 5 v1.0b002) (Version:  - )
PMDG_MD11_FSX (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.20.0055 - Precision Manuals Development Group)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Lachesis (HKLM-x32\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.10.0000 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
REX Essential Plus with SP3 (HKLM-x32\...\{92F61DE4-BBF0-4BAA-B542-896BCA57AE3E}) (Version: 3.4.2014.1126 - REX Game Studios, LLC.)
REX Soft Clouds SP3 - Hotfix 3 (HKLM-x32\...\{B30437E7-0682-4D37-9DBF-97631DDF848F}) (Version: 4.3.2016.0622 - REX Game Studios, LLC.) Hidden
REX Soft Clouds SP3 - Hotfix 3 (HKLM-x32\...\REX Soft Clouds SP3 - Hotfix 3 4.3.2016.0622) (Version: 4.3.2016.0622 - REX Game Studios, LLC.)
REX Soft Clouds with SP3 / Hotfix 2 (HKLM-x32\...\{759B4960-1A9A-4324-94E8-C21E23142C87}) (Version: 4.3.2016.03025 - REX Game Studios, LLC.)
SAEZ-SVMI v1.1.2 for FSX (HKLM\...\{39ECE2E2-E2A7-4E92-BF10-D060BBE257B2}) (Version: 1.1.2 - BluePrint Simulations)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
SceneryConfigEditor v1.1.7 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.OUTLOOKR_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.OUTLOOKR_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-001A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SIMADDONS CYOW 2011 (HKLM-x32\...\SIMADDONS CYOW 2011) (Version:  - )
Simaddons Halifax 2014 (HKLM-x32\...\Simaddons Halifax 2014) (Version:  - )
Simaddons SA 2015 (HKLM-x32\...\Simaddons SA 2015) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartAssembly 6 (HKLM\...\{EEA9DFEA-07F8-4086-A685-9962A74A425D}) (Version: 6.6.3.41 - Red Gate Software Ltd)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StealthPlug (HKLM-x32\...\{66DD0212-C79E-4622-81C7-2D7658F3041A}) (Version: 1.1.0.8 - IK Multimedia)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TBPB v1.1.2 for FSX (HKLM\...\{4E9986BE-0B30-4E19-BC93-B8B308F533C8}) (Version: 1.1.2 - BluePrint Simulations)
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
TJSJv1.1.2 for FSX (HKLM\...\{C9F3C36E-EA14-4AEC-A6F2-B5B7DF91D461}) (Version: 1.1.2 - BluePrint Simulations)
UK2000 Common Library FSX  (HKLM-x32\...\UK2000 Common Library FSX) (Version: 3.35 - UK2000 Scenery)
UK2000 Manchester Xtreme FSX  (HKLM-x32\...\UK2000 Manchester Xtreme FSX) (Version: 1.6 - UK2000 Scenery)
Ultimate Airliners - The DC-9 Classic (HKLM-x32\...\Ultimate Airliners - The DC-9 Classic) (Version:  - )
Ultimate Terrain X - Canada (HKCU\...\Ultimate Terrain X - Canada) (Version:  - )
Ultimate Terrain X - Europe (HKCU\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - USA (HKCU\...\Ultimate Terrain X - USA) (Version:  - )
Ultimate Traffic (HKLM-x32\...\F1UT2) (Version: 2 - Flight One Software)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
Vancouver+ v3 (FSX) (HKLM-x32\...\VanPlusv3_is1) (Version: 3.0.0.7 - FSAddon)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 3.0.0.17 - VIRTUALI Sagl)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vPilot (HKCU\...\vPilot) (Version: 1.1.5901.24775 - Ross Carlson)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
World of Tanks (HKCU\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
========================= Restore Points ==================================
 
24-09-2016 14:22:12 JRT Pre-Junkware Removal
24-09-2016 14:29:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
 
**** End of log ****
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Panda Free Antivirus                 
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.0    
 Java 7 Update 7  
 Java 8 Update 40  
 Java version 32-bit out of Date! 
  Adobe Flash Player 13.0.0.206 Flash Player out of Date!  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Adaware Ad-Aware Antivirus 11.12.945.9202 AdAwareService.exe 
 Adaware Ad-Aware Antivirus 11.12.945.9202 AdAwareTray.exe 
 Malwarebytes PSUAMain.exe   
 Malwarebytes PSANHost.exe   
 Malwarebytes PSUAService.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 45% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#4 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:59 PM

Posted 24 September 2016 - 05:54 PM

Thanks for the logs :) It's time to defeat malware!!
 
Peer to Peer (P2P) Warning
 
You currently have BitTorrent installed - this can be a huge contributor to infecting computers. Ransomware is also known to be spread through P2P file transfers. I highly recommend you remove BitTorrent.

 

Multiple Antivirus Softwares

 

According to your logs, you have two antivirus programs installed: Panda Free Antivirus and McAfee Anti-Virus and Anti-Spyware. It's not recommended to have multiple antivirus programs as they often conflict with each other. 

 

Please choose one of these antivirus programs to uninstall and refer to the correct link below:

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • Driver Sweeper

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log:

  • On the Malwarebytes Anti-Malware dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe.
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Time for some housecleaning

  1. Update Adobe Flash Player: https://get.adobe.com/flashplayer/
  2. Update Adobe Reader: https://helpx.adobe.com/acrobat/kb/install-updates-reader-acrobat.html
  3. Update JavaScript: https://java.com/en/download/
  4. Defragment your hard drive: https://support.microsoft.com/en-gb/help/17126/windows-7-improve-performance-defragmenting-hard-disk

Logs I expect in your next reply:

  • Malwarebytes Log
  • AdwCleaner Log
  • Junkware Removal Tool (JRT) Log

Please also update me on the status of the computer


Edited by The_Codesee, 24 September 2016 - 06:07 PM.


#5 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 September 2016 - 07:13 PM

I have uninstalled and removed:

 

BitTorrent

Panda Antivirus

Driver Sweeper

 

Shortly after running JRT I had two BSOD's. 

 

I have updated the programs as recommended.

 

Here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/09/2016
Scan Time: 8:29 PM
Logfile: MALB.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.24.06
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Billg
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391000
Time Elapsed: 5 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, Quarantined, [b6405d18dcbee353185e6c316e95ca36], 
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CRSBRWSHTML, Quarantined, [31c54530eeac1521f086aeef867def11], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v6.020 - Logfile created 24/09/2016 at 20:45:23
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-24.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Billg - BILL2700
# Running from : C:\Users\Billg\Desktop\adwcleaner_6.020.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Billg\Desktop\uninstaller.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\AppDataLow\Software\adawarebp
Key Found:  HKCU\Software\AppDataLow\Software\adawarebp
Key Found:  [x64] HKCU\Software\AppDataLow\Software\adawarebp
Key Found:  HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [13073 Bytes] - [22/09/2016 21:12:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [1510 Bytes] - [24/09/2016 13:27:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [11962 Bytes] - [22/09/2016 21:12:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [1545 Bytes] - [24/09/2016 13:27:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [1862 Bytes] - [24/09/2016 20:45:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1935 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Billg (Administrator) on 24/09/2016 at 20:47:43.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 21 
 
Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TR0UQIE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KNQWYXR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGJHTVWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLW5190 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIL24Y85 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOHAT0FY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LT9U7BX0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLZSNBEJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHR771VZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR0I78D5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TR0UQIE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KNQWYXR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGJHTVWY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLW5190 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIL24Y85 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOHAT0FY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LT9U7BX0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLZSNBEJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHR771VZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZR0I78D5 (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/09/2016 at 20:49:45.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#6 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:59 PM

Posted 25 September 2016 - 04:20 AM

Shortly after running JRT I had two BSOD's

 

Please upload the minidump files in your next reply so that I can take a look at them. Here's how to find them:

  1. Navigate to C:\Windows\Minidump
  2. Select the three most recent dump files
  3. Press CTRL + C on your keyboard to copy all the selected minidump files
  4. Navigate to your desktop and press CTRL + V on your keyvoard to paste the selected minidump files
  5. Ensure all the minidump files on your desktop are selected and right click and select Send To > Compressed (zip) Folder.
  6. Upload the zipped folder to a hosting site of your choice and provide me with the link. I recommend: http://www.filedropper.com/

Are you still seeing the ads?


Edited by The_Codesee, 25 September 2016 - 04:33 AM.


#7 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 25 September 2016 - 07:55 AM

Here is a dropbox link to the 3 minidump files.

 

https://www.dropbox.com/s/6ag6qdvwygtlaue/Minidump%20Files.zip?dl=0

 

No ads. I have it on CNN now which seemed to be the worst offender (not CNN's fault obviously) so fingers crossed. 



#8 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:59 PM

Posted 25 September 2016 - 08:59 AM

Hi Panda, your minidump files refer to a Registry Error (0x51) which could be caused by a driver. I recommend you start a new thread in Windows Crashes, BSOD and Hangs sub-forum. 

 

Please monitor the computer for a day and let me know whether you have experience anymore popups/ads.


Edited by The_Codesee, 25 September 2016 - 09:00 AM.


#9 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 25 September 2016 - 10:29 AM

Hi Codesee, will do. Had a popup just now but just clicked out of it no problem. Here's a link--do you think this is an issue?

 

https://gyazo.com/9bff185b424d5132024bf55565a64988

 

EDIT: I just got an audio message (I guess the popup was suppressed) saying I had a virus and to call Microsoft blah blah. So something still in there..

 

EDIT: and the ads came back... :(


Edited by panda234, 25 September 2016 - 11:13 AM.


#10 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:59 PM

Posted 25 September 2016 - 11:24 AM

Let's try resetting Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en-GB

 

If the issue continues after resetting Google Chrome, your computer is infected. The next step would be to create a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs subforum and wait for a malware professional to assist you using advanced tools.

It might be a good idea to also include a link back to this thread.

 

The Codesee :)


Edited by The_Codesee, 25 September 2016 - 11:31 AM.


#11 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 29 September 2016 - 10:46 AM

Thx Codesee. I have gone over to the other subforum. 

 

Bill



#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:59 PM

Posted 29 September 2016 - 11:33 AM

Hello Bill,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/628078/i-have-ads-showing-up-that-shouldnt-be-there/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possibleI advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.  Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users