Jump to content

Many dllhost.exe starting up


hades1223

Recommended Posts

Hello my name is Kyle. I need some help. There are many dllhost.exe files starting up and slowing down my computer. I scanned with FRST. and this is the log. i tried to solve this myself from following others with the same situation but it didn't really work. And now I am getting a pop up saying this application cannot be downloaded due to my antivirus. Thank you

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Kyle (administrator) on KYLE-PC on 24-09-2014 19:39:19
Running from C:\Users\Kyle\Desktop\New folder
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
(Akamai Technologies, Inc.) C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Akamai Technologies, Inc.) C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395384 2012-04-27] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2637784 2012-04-27] (Acronis)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [Creative Detector] => C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe [102400 2004-12-02] (Creative Technology Ltd)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [738168 2012-12-08] (BitTorrent, Inc.)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35253824 2013-08-04] (ooVoo LLC)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\Run: [GoogleChromeAutoLaunch_4D99E0C0654F17BEAD4FE562E57A92D1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\MountPoints2: {681a3ea9-fd9e-11e1-b82d-806e6f6e6963} - D:\CTRun\Start.EXE
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...\MountPoints2: {e0f702e3-fdac-11e1-904d-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3140756588-3238164181-990609201-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
ShortcutTarget: BumpTop.lnk -> C:\Program Files (x86)\BumpTop\BumpTop.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\gwxzyqt1.default
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0034\npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Kyle\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\gwxzyqt1.default\searchplugins\icq.xml

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com",
"hxxp://mysearch.avg.com?cid={B5C31E15-0616-4822-B1C4-00F475CA7700}&mid=e6dd6821603747d09030e1ccefd87a49-81a5349fd849c2653ccd981ebb720e0fe76e1bcd〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 22:28:55&v=17.0.1.4&pid=safeguard&sg=&sap=hp&cmpid=0913a",
"hxxp://mysearch.avg.com?cid={2641488C-3483-484D-852C-314258A34F7E}&mid=e6dd6821603747d09030e1ccefd87a49-81a5349fd849c2653ccd981ebb720e0fe76e1bcd〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-31 22:31:20&v=17.3.1.91&pid=safeguard&sg=&sap=hp",
"hxxp://mysearch.avg.com?cid={44BDBE44-76D6-4FE9-B768-E0AA16FF2A06}&mid=e6dd6821603747d09030e1ccefd87a49-81a5349fd849c2653ccd981ebb720e0fe76e1bcd〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-18 17:14:10&v=3.0.0.2&pid=wtu&sg=&sap=hp",
"https://mysearch.avg.com?cid={64DB36DD-AAD8-4C40-952E-12D4805200B2}&mid=e6dd6821603747d09030e1ccefd87a49-81a5349fd849c2653ccd981ebb720e0fe76e1bcd〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-30 19:42:02&v=3.2.0.14&pid=wtu&sg=&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Unblock Youku) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-06-08]
CHR Extension: (Extension) - C:\Users\Kyle\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\bkmijomkhejhjdmoclfhjkaohieabiaa [2014-01-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-15] (BitRaider, LLC)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-01-18] (SurfRight B.V.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]
S4 xuankusoso; C:\Program Files (x86)\XuanKusoso\WinService.exe -s xuankusoso [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-15] (BitRaider)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-18] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-04] (DT Soft Ltd)
S3 Gun; C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [45176 2013-01-03] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-09-15] (Acronis)
S3 ALSysIO; \??\C:\Users\Kyle\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 18:15 - 2014-09-24 19:39 - 00000000 ____D () C:\FRST
2014-09-24 18:14 - 2014-09-24 19:39 - 00000000 ____D () C:\Users\Kyle\Desktop\New folder
2014-09-19 21:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-19 21:00 - 2014-09-19 21:00 - 01373475 _____ () C:\Users\Kyle\Desktop\AdwCleaner.exe
2014-09-19 20:54 - 2014-09-19 20:54 - 00000000 ____D () C:\Users\Kyle\Desktop\ProcessExplorer
2014-09-19 20:47 - 2014-09-19 20:47 - 00096630 _____ () C:\Users\Kyle\Documents\cc_20140919_204713.reg
2014-09-19 20:40 - 2014-09-19 20:40 - 04901352 _____ (Piriform Ltd) C:\Users\Kyle\Desktop\ccsetup417.exe
2014-09-19 20:38 - 2014-09-19 20:40 - 01188194 _____ () C:\Users\Kyle\Desktop\ProcessExplorer.zip
2014-09-07 00:17 - 2014-09-07 00:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-07 00:17 - 2014-09-07 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 00:17 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 00:17 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-07 00:17 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-07 00:17 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-07 00:16 - 2014-09-07 00:17 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-05 19:45 - 2014-09-05 19:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 19:54 - 2012-10-15 01:15 - 367020032 _____ () C:\Users\Kyle\Desktop\513 - Three's a Crowd.avi
2014-09-04 19:38 - 2014-09-04 19:38 - 00497675 _____ () C:\Users\Kyle\Desktop\Upper Lower Limb Condensed Rvw.xlsx
2014-09-01 22:44 - 2014-09-01 22:52 - 00000000 ____D () C:\Users\Kyle\Desktop\Human Physiology, An Integrated Approach, 6E [PDF] ~StormRG~
2014-09-01 13:36 - 2014-09-01 13:36 - 00000000 ____D () C:\Users\Kyle\Desktop\[MP3] Kana Nishino
2014-09-01 13:21 - 2014-09-02 01:32 - 00000000 ____D () C:\Users\Kyle\Desktop\Anatomy Tables
2014-08-31 01:00 - 2014-08-31 01:00 - 00001973 _____ () C:\Users\Public\Desktop\Zoom Player MAX.lnk
2014-08-30 19:42 - 2014-08-30 23:42 - 00000000 ____D () C:\Users\Kyle\AppData\Local\AVG Web TuneUp
2014-08-30 19:41 - 2014-08-30 19:42 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-30 19:41 - 2014-08-30 19:40 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-30 19:40 - 2014-09-04 18:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-25 16:09 - 2014-08-25 16:09 - 00000177 _____ () C:\console.log
2014-08-25 02:08 - 2014-08-25 02:08 - 03581440 _____ () C:\Users\Kyle\Desktop\Session#22_Citric Acid Cycle-updatd8.15.ppt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 19:39 - 2014-09-24 18:15 - 00000000 ____D () C:\FRST
2014-09-24 19:39 - 2014-09-24 18:14 - 00000000 ____D () C:\Users\Kyle\Desktop\New folder
2014-09-24 19:39 - 2012-09-23 16:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 19:35 - 2009-07-14 00:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 19:35 - 2009-07-14 00:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 19:32 - 2012-09-16 00:57 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\uTorrent
2014-09-24 19:32 - 2012-09-13 08:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 19:25 - 2014-01-17 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-24 19:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2014-09-24 19:20 - 2012-09-13 08:24 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 19:19 - 2013-04-12 00:15 - 00134181 _____ () C:\Windows\setupact.log
2014-09-24 19:19 - 2012-09-12 21:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 19:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 19:18 - 2013-05-13 13:43 - 00312322 _____ () C:\Windows\PFRO.log
2014-09-24 19:17 - 2012-09-13 10:14 - 01860015 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 18:42 - 2014-07-20 20:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 18:11 - 2014-01-23 04:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 21:23 - 2012-09-14 02:47 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2014-09-19 21:00 - 2014-09-19 21:00 - 01373475 _____ () C:\Users\Kyle\Desktop\AdwCleaner.exe
2014-09-19 20:54 - 2014-09-19 20:54 - 00000000 ____D () C:\Users\Kyle\Desktop\ProcessExplorer
2014-09-19 20:47 - 2014-09-19 20:47 - 00096630 _____ () C:\Users\Kyle\Documents\cc_20140919_204713.reg
2014-09-19 20:41 - 2014-01-17 22:39 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-19 20:41 - 2014-01-17 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-19 20:41 - 2014-01-17 22:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-19 20:40 - 2014-09-19 20:40 - 04901352 _____ (Piriform Ltd) C:\Users\Kyle\Desktop\ccsetup417.exe
2014-09-19 20:40 - 2014-09-19 20:38 - 01188194 _____ () C:\Users\Kyle\Desktop\ProcessExplorer.zip
2014-09-14 00:04 - 2014-01-12 01:55 - 00000000 ____D () C:\Phantasy Star Online Blue Burst
2014-09-13 23:46 - 2014-03-31 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-13 22:26 - 2013-03-09 02:34 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Skype
2014-09-13 22:15 - 2012-09-13 00:44 - 00415014 _____ () C:\Windows\system32\perfh011.dat
2014-09-13 22:15 - 2012-09-13 00:44 - 00399440 _____ () C:\Windows\system32\prfh0404.dat
2014-09-13 22:15 - 2012-09-13 00:44 - 00382338 _____ () C:\Windows\system32\prfh0804.dat
2014-09-13 22:15 - 2012-09-13 00:44 - 00120508 _____ () C:\Windows\system32\perfc011.dat
2014-09-13 22:15 - 2012-09-13 00:44 - 00118368 _____ () C:\Windows\system32\prfc0804.dat
2014-09-13 22:15 - 2012-09-13 00:44 - 00113454 _____ () C:\Windows\system32\prfc0404.dat
2014-09-13 22:15 - 2009-07-14 01:13 - 02302534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 17:41 - 2012-09-17 12:14 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-09-11 21:19 - 2013-02-03 03:46 - 00000000 ____D () C:\Users\Kyle\Desktop\One piece
2014-09-11 20:56 - 2014-04-07 00:33 - 00000000 ____D () C:\Users\Kyle\Desktop\Fairy Tail
2014-09-11 20:56 - 2013-04-10 00:44 - 00000000 ____D () C:\Users\Kyle\Desktop\Anime
2014-09-11 20:56 - 2012-10-01 21:38 - 00000000 ____D () C:\Users\Kyle\Desktop\Hunter X Hunter
2014-09-11 20:55 - 2012-10-16 22:59 - 00000000 ____D () C:\Users\Kyle\Desktop\Naruto Ship
2014-09-11 18:25 - 2012-09-17 00:47 - 00000000 ____D () C:\Users\Kyle\Desktop\Torrents
2014-09-10 19:34 - 2012-09-13 08:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-08 21:42 - 2012-09-15 01:30 - 00000000 ____D () C:\Users\Kyle\AppData\Local\PMB Files
2014-09-07 00:17 - 2014-09-07 00:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-07 00:17 - 2014-09-07 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 00:17 - 2014-09-07 00:16 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-07 00:17 - 2013-05-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-05 19:50 - 2014-09-05 19:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-05 19:50 - 2013-10-30 00:45 - 02306830 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-04 19:38 - 2014-09-04 19:38 - 00497675 _____ () C:\Users\Kyle\Desktop\Upper Lower Limb Condensed Rvw.xlsx
2014-09-04 18:07 - 2014-08-30 19:40 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-02 02:01 - 2012-10-27 19:19 - 00000000 ___RD () C:\Users\Kyle\Dropbox
2014-09-02 01:32 - 2014-09-01 13:21 - 00000000 ____D () C:\Users\Kyle\Desktop\Anatomy Tables
2014-09-01 22:52 - 2014-09-01 22:44 - 00000000 ____D () C:\Users\Kyle\Desktop\Human Physiology, An Integrated Approach, 6E [PDF] ~StormRG~
2014-09-01 13:36 - 2014-09-01 13:36 - 00000000 ____D () C:\Users\Kyle\Desktop\[MP3] Kana Nishino
2014-09-01 13:36 - 2012-10-27 19:18 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Dropbox
2014-08-31 01:00 - 2014-08-31 01:00 - 00001973 _____ () C:\Users\Public\Desktop\Zoom Player MAX.lnk
2014-08-31 01:00 - 2012-09-14 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-08-31 01:00 - 2012-09-14 02:51 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2014-08-31 01:00 - 2012-09-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MadVR
2014-08-31 01:00 - 2012-09-14 02:46 - 00000000 ____D () C:\Program Files (x86)\Bass Audio Decoder
2014-08-30 23:42 - 2014-08-30 19:42 - 00000000 ____D () C:\Users\Kyle\AppData\Local\AVG Web TuneUp
2014-08-30 19:42 - 2014-08-30 19:41 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-30 19:40 - 2014-08-30 19:41 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-28 20:42 - 2014-01-10 01:52 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-08-28 20:42 - 2014-01-10 00:30 - 00000000 ____D () C:\AeriaGames
2014-08-28 20:19 - 2013-09-07 23:26 - 00000000 ____D () C:\Users\Kyle\Desktop\scan stuff
2014-08-28 20:19 - 2012-09-19 23:45 - 00000000 ____D () C:\Users\Kyle\Desktop\Mcat Stuff
2014-08-27 23:32 - 2012-10-27 19:19 - 00001013 _____ () C:\Users\Kyle\Desktop\Dropbox.lnk
2014-08-27 23:32 - 2012-10-27 19:18 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 16:37 - 2012-09-16 01:17 - 00000000 ____D () C:\ProgramData\NexonUS
2014-08-25 16:09 - 2014-08-25 16:09 - 00000177 _____ () C:\console.log
2014-08-25 15:28 - 2013-07-20 22:33 - 00000000 ____D () C:\Users\Kyle\Desktop\[soldado] Animal Crossing - The Movie (v2) + Extras
2014-08-25 02:08 - 2014-08-25 02:08 - 03581440 _____ () C:\Users\Kyle\Desktop\Session#22_Citric Acid Cycle-updatd8.15.ppt

Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\8CC4.exe
C:\Users\Kyle\AppData\Local\Temp\A54.exe
C:\Users\Kyle\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Kyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpccz4qn.dll
C:\Users\Kyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwpb7el.dll
C:\Users\Kyle\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Kyle\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Kyle\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Kyle\AppData\Local\Temp\fwupnp.dll
C:\Users\Kyle\AppData\Local\Temp\logclient.dll
C:\Users\Kyle\AppData\Local\Temp\NGMDll.dll
C:\Users\Kyle\AppData\Local\Temp\NGMResource.dll
C:\Users\Kyle\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kyle\AppData\Local\Temp\nvStInst.exe
C:\Users\Kyle\AppData\Local\Temp\peer.dll
C:\Users\Kyle\AppData\Local\Temp\PPTV_Update.exe
C:\Users\Kyle\AppData\Local\Temp\procexp64.exe
C:\Users\Kyle\AppData\Local\Temp\Quarantine.exe
C:\Users\Kyle\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\Kyle\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Kyle\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Kyle\AppData\Local\Temp\setup.exe
C:\Users\Kyle\AppData\Local\Temp\SRLDetectionLibrary7592896975454445991.dll
C:\Users\Kyle\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Kyle\AppData\Local\Temp\tipsbubble.dll
C:\Users\Kyle\AppData\Local\Temp\tipsclient.dll
C:\Users\Kyle\AppData\Local\Temp\tipsdone.dll
C:\Users\Kyle\AppData\Local\Temp\tipsflash.dll
C:\Users\Kyle\AppData\Local\Temp\TTK_6810010020140313_v141.exe
C:\Users\Kyle\AppData\Local\Temp\unicows.dll
C:\Users\Kyle\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Kyle\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Kyle\AppData\Local\Temp\xkss_50033.exe
C:\Users\Kyle\AppData\Local\Temp\zp861max.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-02 21:23

==================== End Of Log ============================

Link to post
Share on other sites

Hello hades1223, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.   :)
 
General P2P/Piracy Notice:
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
You are infected with Poweliks, a rootkit which also opens a backdoor on the compromised machine
As such, I must unfortunately issue you the following warning. Please let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------
 
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
 
Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.
 
If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 

Link to post
Share on other sites

I haave found assistance in removing the malware. i used the fixlist and now the dllhost.exe is not showing up anymore. I want to know how can i prevent this from happening again. This computer is mainly for basic tv, game, and printing needs. I do not have the time to do a format of my computer right now. i think I will be buying another hard drive and install a new OS onto that later on. I have a macbook which i access my bank accounts and sensitive material on, so can refrain from using this computer for such matters. But what should I do in the meantime to minimize damage and to stay relatively safe. Thank you.

Link to post
Share on other sites

Following instructions given to other users is extremely dangerous. Most helpers provide a warning similar to that of below when they post an FRST Script:
 
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
 
Did you not see this? 

 

I want to know how can i prevent this from happening again.

Yes, I can help you with this.

 
However, if all you've done is copy others your computer is most likely infected still. If you would like to be certain, please let me know. I can provide preventive tips/articles for you at the end. 

 

If not, I can provide the articles now. 

 

Please let me know. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.