Rogue Killer Report Analysis Request

[Tez]

Hi All, I noticed some odd behaviour on my PC today so decided to check things out.
I ran RogueKiller and found some possibles. I was wondering if anyone would be able to take a look for me?

Thanks in advance.

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TEZCAT [Administrator]
Mode : Scan -- Date : 01/25/2015  22:17:40

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3971878117-1300230882-1851587195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3971878117-1300230882-1851587195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB ATA Device +++++

[Curson]

Hi Tez,

Welcome to Adlice.com Forum.

Your report is clean.
Could you describe exactly what you mean by "odd behaviour" ?

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

[Tez]

Thanks for getting back to me and the welcome, and topic move, sorry, missed that part of the forum.

Anyway, by odd behaviour I can be quite specific.

I was doing some writing in Word,  when I plugged in my backup drive into the USB3.
When I had a folder open it started disconnecting and reconnecting, and during one of these moments when it tabbed back to word a portion of text changed formatting and then reverted. (it went from 10pt courier black to light blue italic bold and indented like a quote.)

A bit disturbed so I checked task manager where I saw dllhost com surrogate running for a moment. Which lead me to a Malwarebytes post from a few months back, and i thought I'd do some research.
https://forums.malwarebytes.org/index.php?/topic/159804-dllhost-com-surrogate-virus/

Bar a few errant registry items everything turned up clear (the only thing I wasn't sure about was the roguekiller report).

But if you say all is clear, i'm happy enough. Perhaps the infection is on the external backup drive? Which is a concern as it's mainly family pics...

[Curson]

Hi Tez,

COM Surrogate aka dllhost.exe is a legit process and is part of the Windows OS.
Please read : What does the COM Surrogate do and why does it always stop working?



Did you experience error such as above ?

Regards.