Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate - dllhost.exe *32


  • This topic is locked This topic is locked
2 replies to this topic

#1 ptommo77

ptommo77

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 23 March 2014 - 04:44 PM

Help,

 

I have the com surrogate thing that has been discussed in a number of threads. I have downloaded and ran FARBAR as per instructions in a previous thread with the following logs being the result. Please help with a fix list.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Peter Thomas (administrator) on SAMC-002 on 24-03-2014 05:33:12
Running from C:\Users\Peter Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [AS2014] - C:\ProgramData\nX37n33r\nX37n33r.exe
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2230848 2012-04-30] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\nX37n33r\nX37n33r.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Facebook Update] - C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Exzvtion] - regsvr32.exe "C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll" <===== ATTENTION
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Flasures] - rundll32 "C:\Windows\client64.dll",CreateProcessNotify
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {c4d82d5b-5afc-11e2-b89d-60eb694fb604} - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {d931add4-23d6-11e0-96b9-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = 
SearchScopes: HKCU - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = 
SearchScopes: HKCU - {C81156CE-A7CB-4CEF-90CD-959E769DBB67} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {AD58C149-8AE2-4878-99DC-3A164E32F814} http://apps.bentley.com/studentserver/Scripts/SAXFileEE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (CLSID_QueryResult) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-18]
CHR Extension: (YouTube) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-14]
CHR Extension: (Google Search) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5715968 2012-04-27] (SMSC)
S3 STSService; "C:\Program Files (x86)\AllMusicConverter Media Suite\STSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [80384 2013-11-05] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [34040 2011-02-16] (Windows ® Codename Longhorn DDK provider)
S3 qcusbser; C:\Windows\System32\DRIVERS\hwusbser02.sys [120960 2010-12-08] (QUALCOMM Incorporated)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [141888 2012-05-01] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2012-05-01] (SMSC)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CEDRIVER60; \??\C:\Program Files (x86)\Cheat Engine 6\dbk64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
U2 wuaserv; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 05:33 - 2014-03-24 05:35 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:49 - 2014-03-24 05:27 - 00000000 ___HD () C:\725650d
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 19:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 19:00 - 2014-03-24 05:33 - 00000000 ____D () C:\FRST
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:43 - 2014-03-23 20:41 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 10:43 - 2014-03-23 17:03 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 10:43 - 2014-03-23 10:44 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:24 - 2014-03-22 18:25 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:19 - 2014-03-22 18:20 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:04 - 2014-02-19 06:50 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 21:04 - 2014-03-24 05:38 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 18:48 - 2014-03-14 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:55 - 2014-03-23 10:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:46 - 2014-03-03 09:47 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:58 - 2014-02-22 10:59 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:53 - 2014-02-22 09:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 05:38 - 2014-03-14 21:04 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-24 05:35 - 2014-03-24 05:33 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-24 05:33 - 2014-03-23 19:00 - 00000000 ____D () C:\FRST
2014-03-24 05:30 - 2011-01-20 08:59 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 05:29 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Xuvily
2014-03-24 05:29 - 2011-01-19 22:17 - 00425760 _____ () C:\Windows\PFRO.log
2014-03-24 05:29 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 05:29 - 2009-07-14 12:51 - 00160000 _____ () C:\Windows\setupact.log
2014-03-24 05:27 - 2014-03-23 19:49 - 00000000 ___HD () C:\725650d
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Ybtea
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Kanoi
2014-03-24 05:27 - 2011-01-19 15:26 - 00000000 ___RD () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 05:25 - 2012-06-13 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 05:25 - 2011-01-20 08:59 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 05:24 - 2013-02-24 16:59 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:41 - 2014-03-23 10:43 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 20:39 - 2009-07-14 13:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 18:10 - 2011-03-04 10:33 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-03-23 18:04 - 2010-07-15 07:29 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 18:03 - 2012-10-10 19:01 - 00000000 ____D () C:\Users\Mikki\Desktop\Halo Combat Evolved
2014-03-23 18:03 - 2012-09-22 12:57 - 00000000 ____D () C:\Users\Mikki\Documents\My Games
2014-03-23 18:03 - 2012-04-22 20:07 - 00000000 ___SD () C:\ComboFix
2014-03-23 18:03 - 2011-03-28 08:34 - 00000000 ____D () C:\Users\Mikki\Documents\Fax
2014-03-23 18:03 - 2011-02-21 11:53 - 00000000 ____D () C:\OpenOffice.org 3.3 (en-US) Installation Files
2014-03-23 18:03 - 2011-02-16 17:13 - 00000000 ____D () C:\Users\Mikki\Desktop\Photos Courtesy of Randy Martin Photography
2014-03-23 18:03 - 2011-02-13 13:33 - 00000000 ____D () C:\Users\Mikki\Documents\My Received Files
2014-03-23 18:03 - 2011-01-20 17:40 - 00000000 __RSD () C:\Users\Mikki\Documents\My Stationery
2014-03-23 18:03 - 2010-06-08 01:38 - 00000000 ____D () C:\HP
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ____D () C:\SwSetup
2014-03-23 18:03 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-03-23 18:03 - 2009-03-02 13:14 - 00000000 ____D () C:\HD-CEU2_120
2014-03-23 17:51 - 2010-07-15 06:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 17:04 - 2013-02-24 16:59 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job
2014-03-23 17:03 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 12:47 - 2011-09-21 09:20 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{65BC98F3-5B7D-4C16-8FBA-C85129511154}
2014-03-23 10:59 - 2011-04-04 07:21 - 00364118 _____ () C:\Users\Mikki\Desktop\print.bmp
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:53 - 2011-06-25 15:01 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Stardock
2014-03-23 10:53 - 2011-02-03 16:12 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\OpenOffice.org
2014-03-23 10:53 - 2011-01-20 17:43 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Skype
2014-03-23 10:53 - 2011-01-19 18:44 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\CyberLink
2014-03-23 10:53 - 2011-01-19 17:53 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Adobe
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2011-08-09 15:49 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Apple Computer
2014-03-23 10:51 - 2011-01-29 15:06 - 00000000 ____D () C:\Users\Mikki\AppData\Local\jagexlauncher
2014-03-23 10:51 - 2011-01-20 17:41 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Google
2014-03-23 10:51 - 2011-01-19 18:50 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Cyberlink
2014-03-23 10:50 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-23 10:50 - 2012-04-22 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 10:50 - 2011-05-27 08:02 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-23 10:50 - 2011-01-19 20:44 - 00000000 ____D () C:\ProgramData\HP
2014-03-23 10:49 - 2010-07-15 07:09 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-23 10:47 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-23 10:47 - 2013-04-23 16:39 - 00000000 ____D () C:\ProgramData\Bentley
2014-03-23 10:44 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:44 - 2014-03-03 10:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-23 00:04 - 2013-01-10 17:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\vlc
2014-03-23 00:04 - 2011-03-04 10:34 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Azureus
2014-03-22 22:24 - 2010-08-17 16:30 - 01696019 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 18:41 - 2011-01-31 15:04 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CrashDumps
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:25 - 2014-03-22 18:24 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:20 - 2014-03-22 18:19 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:14 - 2011-03-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files\HP
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 18:07 - 2011-04-11 11:49 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Conduit
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:17 - 2011-01-21 13:14 - 00000000 ____D () C:\Users\Mikki\Tracing
2014-03-18 19:17 - 2011-01-19 17:55 - 00085472 _____ () C:\Users\Mikki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:57 - 2013-06-14 18:49 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-16 13:03 - 2009-07-14 12:45 - 00374400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 12:03 - 2011-01-20 08:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 20:04 - 2011-01-19 04:23 - 00085472 _____ () C:\Users\Peter Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 19:56 - 2011-11-09 08:57 - 00045056 _____ () C:\Users\Peter Thomas\Desktop\CofG VH-EGG.xls
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 19:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-14 18:49 - 2014-03-14 18:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-13 17:27 - 2013-03-20 16:30 - 00000000 ____D () C:\Users\Peter Thomas\Desktop\Yolandie Engineering
2014-03-12 08:25 - 2012-06-13 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:25 - 2012-05-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:25 - 2011-06-06 17:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 10:36 - 2012-02-20 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Windows Live
2014-03-10 10:36 - 2011-01-19 15:59 - 00000000 ____D () C:\Users\Peter Thomas\Tracing
2014-03-10 10:32 - 2011-01-25 08:41 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CutePDF Writer
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:47 - 2014-03-03 09:46 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 11:21 - 2011-02-24 20:58 - 00000000 ____D () C:\ProgramData\Apple
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:59 - 2014-02-22 10:58 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:59 - 2010-08-17 16:28 - 00456246 _____ () C:\Windows\DPINST.LOG
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:54 - 2014-02-22 09:53 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
Files to move or delete:
====================
C:\Users\Mikki\jagex_runescape_preferences.dat
C:\Users\Mikki\jagex_runescape_preferences2.dat
C:\Users\Peter Thomas\g2ax_customer_downloadhelper_win32_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 12:25
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:20 AM

Posted 24 March 2014 - 06:02 PM

Multiple posts, see http://www.bleepingcomputer.com/forums/t/528501/com-surrogate-dllhostexe-32/
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,167 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:20 AM

Posted 24 March 2014 - 06:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users