Adlice forum
Software feedback => RogueKiller => Topic started by: Tez on January 25, 2015, 11:31:27 PM
-
Hi All, I noticed some odd behaviour on my PC today so decided to check things out.
I ran RogueKiller and found some possibles. I was wondering if anyone would be able to take a look for me?
Thanks in advance.
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TEZCAT [Administrator]
Mode : Scan -- Date : 01/25/2015 22:17:40
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3971878117-1300230882-1851587195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3971878117-1300230882-1851587195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB ATA Device +++++
-
Hi Tez,
Welcome to Adlice.com Forum.
Your report is clean.
Could you describe exactly what you mean by "odd behaviour" ?
Regards.
Note : This thread has been moved to the "RogueKiller" section for clarity.
-
Thanks for getting back to me and the welcome, and topic move, sorry, missed that part of the forum.
Anyway, by odd behaviour I can be quite specific.
I was doing some writing in Word, when I plugged in my backup drive into the USB3.
When I had a folder open it started disconnecting and reconnecting, and during one of these moments when it tabbed back to word a portion of text changed formatting and then reverted. (it went from 10pt courier black to light blue italic bold and indented like a quote.)
A bit disturbed so I checked task manager where I saw dllhost com surrogate running for a moment. Which lead me to a Malwarebytes post from a few months back, and i thought I'd do some research.
https://forums.malwarebytes.org/index.php?/topic/159804-dllhost-com-surrogate-virus/
Bar a few errant registry items everything turned up clear (the only thing I wasn't sure about was the roguekiller report).
But if you say all is clear, i'm happy enough. Perhaps the infection is on the external backup drive? Which is a concern as it's mainly family pics...
-
Hi Tez,
COM Surrogate aka dllhost.exe is a legit process and is part of the Windows OS.
Please read : What does the COM Surrogate do and why does it always stop working? (http://blogs.msdn.com/b/oldnewthing/archive/2009/02/12/9413816.aspx)
(http://i.imgur.com/aW29r0B.jpg)
Did you experience error such as above ?
Regards.