Trojan issue dllhost *32 COM surrogate major issue #?

bbcode3 New Helpee Posts: 25	Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 20:55:06 GMT -8 via mobile Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by bbcode3 on Oct 26, 2014 20:55:06 GMT -8 I'm not aware of me encrypting any photos. . Ever. What should I do?

Quads
Malware Removalists

In New Zealand

Posts: 9,387

Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 20:55:20 GMT -8

Post by Quads on Oct 26, 2014 20:55:20 GMT -8

The Ransomware not you has or should have encrypted files to try and get you to pay the bad guys money to get your files back.

You may want to read carefully all of this message first before starting the steps.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,

DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)

The script tells FRST what to do.

Start FRST that is on the desktop
When the tool opens click Yes to disclaimer. (if it still does)

Press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)

Quads

Last Edit: Oct 26, 2014 20:58:58 GMT -8 by Quads

bbcode3
New Helpee

Posts: 25

Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 22:11:31 GMT -8

Post by bbcode3 on Oct 26, 2014 22:11:31 GMT -8

You are correct I see after looking. My photos and some other things have been hijacked and a fee to get it back. What should I do with that?

Thank you for the script. Below is the text.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014

Ran by Brandon at 2014-10-27 01:08:26 Run:1

Running from C:\Users\Brandon\Desktop

Loaded Profiles: Brandon & UpdatusUser (Available profiles: Brandon & Morgandy & Kammie Jo & UpdatusUser)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

<!DOCTYPE HTML>
 <html> 
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Oops, there was an error! | Malware Removal </title>
<link rel="canonical" href="http://qmalwareremoval.freeforums.net/attachment/download/1726" />
<link rel="alternate" type="application/rss+xml" href="http://qmalwareremoval.freeforums.net/rss/public" />
<link rel="shortcut icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" />
<link rel="icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" />
<meta property="og:url" content="http://qmalwareremoval.freeforums.net/attachment/download/1726" />
<meta property="og:title" content="Oops, there was an error! | Malware Removal " />
<meta property="og:description" content="Visit our forum at: qmalwareremoval.freeforums.net" />
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@proboards" />
<meta name="twitter:app:id:iphone" content="307880732" />
<meta name="twitter:app:url:iphone" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" />
<meta name="twitter:app:id:ipad" content="307880732" />
<meta name="twitter:app:url:ipad" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" />
<meta name="twitter:app:id:googleplay" content="com.quoord.tapatalkpro.activity" />
<meta name="twitter:app:url:googleplay" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" />

<link rel="stylesheet" type="text/css" media="screen" href="http://d.storage.proboards.com/f/Default/forum_196.css" id="forum_style">
<link rel="stylesheet" type="text/css" media="print" href="http://d.storage.proboards.com/f/print.css">
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript" src="http://d.storage.proboards.com/f/forum_196.js"></script>
<script type="text/javascript">proboards.data([['ad_free',0],['time_style',0],['military_time',0],['timezone',"guest"],['serverDate',1414390029000],['search-query-min',3],['search-query-max',50],['is_current_user_guest',"1"],['plugin_max_key_length',4000],['plugin_max_super_forum_key_length',32000],['login_url',"https://login.proboards.com/login/5448498/1"],['register_url',"https://login.proboards.com/register/5448498"]]);</script>
<script type="text/javascript">proboards.plugin._plugins["pixeldepth_icon_to_name"] = {
settings: {"images_users":[{"image_url":"","image_title":"","replace_name":"0","users":["1"]}],"images_groups":[{"image_url":"http://www.gettyicons.com/free-icons/141/ginux/png/24/antivirus_24.png","image_title":"","replace_name":"0","groups":["4"]}]}
};
proboards.plugin._plugins["wormocodes_image_in_title"] = {
settings: {"image_tags":[{"look_for":"#?","image_url":"http://storage.proboards.com/5448498/i/4BIqmtWkxUeWswvqmv_T.png","force_height":"23","force_width":"48","navigation_replace_text":"#?"},{"look_for":"[CLOSED]","image_url":"http://storage.proboards.com/5448498/i/sUOVZ3Gs6ICcCwf4r8tE.png","force_height":"23","force_width":"48","navigation_replace_text":""}]}
};</script>

</head>
<body>

<div id="wrapper">
<header>
<div id="banner-container" role="banner">
<h2 id="banner">
<a id="logo" href="/">Malware Removal </a>
</h2>
</div>
<a id="navigation-skip" href="#content" accesskey="s" class="aria-hidden" title="Skip Navigation">Skip Navigation</a>
<a href="#" accesskey="d" title="Open Menu" onclick="proboards.hotkeys.activate(Keys.d); return false;"></a>
<div id="navigation-menu" class="ui-helper-clearfix">
<ul role="navigation">

<li>
<a href="/">
Home

</a>
</li>

<li>
<a href="/help">
Help

</a>
</li>

<li>
<a href="/search">
Search

</a>
</li>

</ul>
<p id="welcome">

Welcome Guest.

Please <a href="https://login.proboards.com/login/5448498/1">Login</a> or <a href="https://login.proboards.com/register/5448498">Register</a>.

</p>
</div>
</header>

<div id="navigation-tree">
<div class="nav-tree-wrapper"><ul id="nav-tree" class="ui-helper-clearfix" role="navigation"><li id="nav-tree-branch-0" class="nav-tree-branch ui-helper-clearfix"><div itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/" itemprop="url"><span itemprop="title">Malware Removal </span></a></div><span class="menu_arrow"><span></span></span></li></ul></div><div class="popup_html">
<ul id="nav-tree-menu-0" role="navigation">
<li class="nav-tree-cat-2"><a href="/#category-2"><span class="item-text">System Security</span><div class="clear"></div></a>
<ul role="navigation">
<li class="nav-tree-board-2"><a href="http://qmalwareremoval.freeforums.net/board/2/malware-removal-protected"><span class="item-text">Malware Removal (Protected)</span><div class="clear"></div></a></li>
<li class="nav-tree-board-6"><a href="http://qmalwareremoval.freeforums.net/board/6/security-software"><span class="item-text">Security Software</span><div class="clear"></div></a></li>
</ul>
</li>
<li class="nav-tree-cat-3"><a href="/#category-3"><span class="item-text">Windows and Software Problems (not due to infection)</span><div class="clear"></div></a>
<ul role="navigation">
<li class="nav-tree-board-3"><a href="http://qmalwareremoval.freeforums.net/board/3/windows"><span class="item-text">Windows</span><div class="clear"></div></a></li>
<li class="nav-tree-board-4"><a href="http://qmalwareremoval.freeforums.net/board/4/third-party-software"><span class="item-text">Third Party Software </span><div class="clear"></div></a></li>
</ul>
</li>
<li class="nav-tree-cat-1"><a href="/#category-1"><span class="item-text">General</span><div class="clear"></div></a>
<ul role="navigation">
<li class="nav-tree-board-1"><a href="http://qmalwareremoval.freeforums.net/board/1/general-board"><span class="item-text">General Board</span><div class="clear"></div></a></li>
<li class="nav-tree-board-7"><a href="http://qmalwareremoval.freeforums.net/board/7/penthouse-play-pen"><span class="item-text">Penthouse Play Pen</span><div class="clear"></div></a></li>
</ul>
</li>
</ul></div><script type="text/javascript">
var offset = ($.browser.msie && parseInt($.browser.version) == 8) ? '3 -1' : '3 0';

$('#nav-tree-menu-0')
.addClass('nav-tree-menu')
.menu({
position: {
my: 'left top',
at: 'left bottom',
offset: offset,
of: $('#nav-tree-branch-0'),
collision: 'flipfit'
},
button: $('#nav-tree-branch-0'),
showDelay: 400,
show: function() {
var self = $(this);

// Make sure all other menus are closed
$('.popup_html > ul').not(self).menu('hide');

$(document).on('mousemove', function(e) {
var elem = $(e.target);
if(elem.parents('#nav-tree, .popup_html').length == 0 && !elem.is('#nav-tree, .popup_html') && !$('#nav-tree-menu-0').data('hotkey-open')) {
self.menu('hide');
$(document).unbind('mousemove');
}
});
}
});
</script>
</div>

<div id="top-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;">

<script type="text/javascript">
oz_api = 'valuation';
oz_site = '7781/12408';
oz_zone = '135274';
oz_ad_slot_size = '728x90';
</script>
<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script>

<script type="text/javascript">
$(document).ready(function() {
$('#top-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
var f = $('#top-ad-banner iframe');
var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=ATF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.0194915914371485&uid=0';

if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") {
u = u + '&rtp=' + rp_valuation.estimate.tier;
}

f.attr('src', u);
});
</script>

</div>
<script type="text/javascript">
$(window).load(function() {
var topAd = $('#top-ad-banner');
if (topAd.prop('scrollHeight') < 90) {
topAd.css('height', 'auto').html(
'<b>Please consider supporting this website by disabling your ad-blocker.<br />' +
'This website does not use audio ads, popups, or other annoyances. Thank you!</b>'
);
$("head").append('<style type="text/css">#top-ad-banner { display: block !important; }</style>');
}
});
</script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/Dox5kMQpamIWhhKOo03B.js" data-plugin="2" data-component="3"></script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/IcEbexbhe_w0Gho77dWK.js" data-plugin="7" data-component="10"></script>

<div id="content" role="main">

<div class="container error">
<div class="title-bar">
<h2>Oops, there was an error!</h2>
</div>
<div class="content pad-all cap-bottom auto-overflow">
Guests do not have access to download attachments. Please log in and try again.

</div>
</div>

</div>

<script type="text/javascript" src="http://ads.pro-market.net/ads/scripts/site-131222.js"></script><script type="text/javascript">
(function() {
var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true;
nstrack.src = "http://track.netshelter.net/async/js/sites/proboards.com-async.js";
el_nstrack.parentNode.insertBefore(nstrack, el_nstrack);
})();
</script><div style="margin-bottom: 2px; text-align: center;"><a href="https://www.proboards.com/store/add_cart/ad_free/50000/qmalwareremoval.freeforums.net/1">Click here to remove banner ads from this forum.</a></div>
<div id="bottom-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;">

<script type="text/javascript">
oz_api = 'valuation';
oz_site = '7781/12408';
oz_zone = '135276';
oz_ad_slot_size = '728x90';
</script>
<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script>

<script type="text/javascript">
$(document).ready(function() {
$('#bottom-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
var f = $('#bottom-ad-banner iframe');
var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=BTF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.277119734738761&uid=0';

if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") {
u = u + '&rtp=' + rp_valuation.estimate.tier;
}

f.attr('src', u);
});
</script>

</div>

<footer role="contentinfo">
<p class="footer-text">
This Forum Hosted For FREE By <a href="http://www.proboards.com/" target="_blank">ProBoards</a><br />
Get Your Own <a href="http://www.proboards.com/" target="_blank">Free Message Boards & Free Forums</a>!
</p>
<div class="footer-links">
<a href="http://www.proboards.com/tos" accesskey="8">Terms of Service</a> |
<a href="http://www.proboards.com/privacy">Privacy Policy</a> |
<a href="http://www.proboards.com/privacy#enhanced">Notice</a> |
<a href="http://www.viglink.com/policies/ftc" target="_blank">FTC Disclosure</a> |
<a href="http://www.proboards.com/report-abuse" accesskey="7">Report Abuse</a> |
<a href="http://www.proboards.com/mobile-forum-app">Mobile</a>
| <a href="http://www.proboards.com/ads"><b>Advertise Here</b></a>
</div>
</footer>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-3734504-3']);
_gaq.push(['_setDomainName', 'none']);
_gaq.push(['_setAllowLinker', true]);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<script type="text/javascript">
var vglnk;
$(document).ready(function() {
vglnk = {
api_url: '//api.viglink.com/api', key: 'bbb516d91daee20498798694a42dd559'
};
var vglnkSrc = ('https:' == document.location.protocol ? vglnk.api_url : '//cdn.viglink.com/api') + '/vglnk.js';

// VigLink ProBoards Convert Code (using above key)
var s = document.createElement('script');
s.type = 'text/javascript'; s.async = true; s.src = vglnkSrc;
document.body.appendChild(s);
});
</script>

</div>

</body>
</html>

*****************

<!DOCTYPE HTML> => Error: No automatic fix found for this entry.

 <html>  => Error: No automatic fix found for this entry.

<head> => Error: No automatic fix found for this entry.

<meta http-equiv="content-type" content="text/html; charset=UTF-8" /> => Error: No automatic fix found for this entry.

<title>Oops, there was an error! | Malware Removal </title> => Error: No automatic fix found for this entry.

<link rel="canonical" href="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> => Error: No automatic fix found for this entry.

<link rel="alternate" type="application/rss+xml" href="http://qmalwareremoval.freeforums.net/rss/public" /> => Error: No automatic fix found for this entry.

<link rel="shortcut icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> => Error: No automatic fix found for this entry.

<link rel="icon" type="image/x-icon" href="//images.proboards.com/v5/favicon.ico" /> => Error: No automatic fix found for this entry.

<meta property="og:url" content="http://qmalwareremoval.freeforums.net/attachment/download/1726" /> => Error: No automatic fix found for this entry.

<meta property="og:title" content="Oops, there was an error! | Malware Removal " /> => Error: No automatic fix found for this entry.

<meta property="og:description" content="Visit our forum at: qmalwareremoval.freeforums.net" /> => Error: No automatic fix found for this entry.

<meta name="twitter:card" content="summary" /> => Error: No automatic fix found for this entry.

<meta name="twitter:site" content="@proboards" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:id:iphone" content="307880732" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:url:iphone" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:id:ipad" content="307880732" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:url:ipad" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:id:googleplay" content="com.quoord.tapatalkpro.activity" /> => Error: No automatic fix found for this entry.

<meta name="twitter:app:url:googleplay" content="tapatalk://support.tapatalk.com/?user_id=169&location=index" /> => Error: No automatic fix found for this entry.

<link rel="stylesheet" type="text/css" media="screen" href="http://d.storage.proboards.com/f/Default/forum_196.css" id="forum_style"> => Error: No automatic fix found for this entry.

<link rel="stylesheet" type="text/css" media="print" href="http://d.storage.proboards.com/f/print.css"> => Error: No automatic fix found for this entry.

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> => Error: No automatic fix found for this entry.

<script type="text/javascript" src="http://d.storage.proboards.com/f/forum_196.js"></script> => Error: No automatic fix found for this entry.

<script type="text/javascript">proboards.data([['ad_free',0],['time_style',0],['military_time',0],['timezone',"guest"],['serverDate',1414390029000],['search-query-min',3],['search-query-max',50],['is_current_user_guest',"1"],['plugin_max_key_length',4000],['plugin_max_super_forum_key_length',32000],['login_url',"https://login.proboards.com/login/5448498/1"],['register_url',"https://login.proboards.com/register/5448498"]]);</script> => Error: No automatic fix found for this entry.

<script type="text/javascript">proboards.plugin._plugins["pixeldepth_icon_to_name"] = { => Error: No automatic fix found for this entry.

settings: {"images_users":[{"image_url":"","image_title":"","replace_name":"0","users":["1"]}],"images_groups":[{"image_url":"http://www.gettyicons.com/free-icons/141/ginux/png/24/antivirus_24.png","image_title":"","replace_name":"0","groups":["4"]}]} => Error: No automatic fix found for this entry.

}; => Error: No automatic fix found for this entry.

proboards.plugin._plugins["wormocodes_image_in_title"] = { => Error: No automatic fix found for this entry.

settings: {"image_tags":[{"look_for":"#?","image_url":"http://storage.proboards.com/5448498/i/4BIqmtWkxUeWswvqmv_T.png","force_height":"23","force_width":"48","navigation_replace_text":"#?"},{"look_for":"[CLOSED]","image_url":"http://storage.proboards.com/5448498/i/sUOVZ3Gs6ICcCwf4r8tE.png","force_height":"23","force_width":"48","navigation_replace_text":""}]} => Error: No automatic fix found for this entry.

};</script> => Error: No automatic fix found for this entry.

</head> => Error: No automatic fix found for this entry.

<body> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<div id="wrapper"> => Error: No automatic fix found for this entry.

<header> => Error: No automatic fix found for this entry.

<div id="banner-container" role="banner"> => Error: No automatic fix found for this entry.

<h2 id="banner"> => Error: No automatic fix found for this entry.

<a id="logo" href="/">Malware Removal </a> => Error: No automatic fix found for this entry.

</h2> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

<a id="navigation-skip" href="#content" accesskey="s" class="aria-hidden" title="Skip Navigation">Skip Navigation</a> => Error: No automatic fix found for this entry.

<a href="#" accesskey="d" title="Open Menu" onclick="proboards.hotkeys.activate(Keys.d); return false;"></a> => Error: No automatic fix found for this entry.

<div id="navigation-menu" class="ui-helper-clearfix"> => Error: No automatic fix found for this entry.

<ul role="navigation"> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<li> => Error: No automatic fix found for this entry.

<a href="/"> => Error: No automatic fix found for this entry.

Home => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</a> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<li> => Error: No automatic fix found for this entry.

<a href="/help"> => Error: No automatic fix found for this entry.

Help => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</a> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<li> => Error: No automatic fix found for this entry.

<a href="/search"> => Error: No automatic fix found for this entry.

Search => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</a> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</ul> => Error: No automatic fix found for this entry.

<p id="welcome"> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

Welcome Guest. => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

Please <a href="https://login.proboards.com/login/5448498/1">Login</a> or <a href="https://login.proboards.com/register/5448498">Register</a>. => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</p> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

</header> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<div id="navigation-tree"> => Error: No automatic fix found for this entry.

<div class="nav-tree-wrapper"><ul id="nav-tree" class="ui-helper-clearfix" role="navigation"><li id="nav-tree-branch-0" class="nav-tree-branch ui-helper-clearfix"><div itemscope="itemscope" itemtype="http://data-vocabulary.org/Breadcrumb"><a href="/" itemprop="url"><span itemprop="title">Malware Removal </span></a></div><span class="menu_arrow"><span></span></span></li></ul></div><div class="popup_html"> => Error: No automatic fix found for this entry.

<ul id="nav-tree-menu-0" role="navigation"> => Error: No automatic fix found for this entry.

<li class="nav-tree-cat-2"><a href="/#category-2"><span class="item-text">System Security</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.

<ul role="navigation"> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-2"><a href="http://qmalwareremoval.freeforums.net/board/2/malware-removal-protected"><span class="item-text">Malware Removal (Protected)</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-6"><a href="http://qmalwareremoval.freeforums.net/board/6/security-software"><span class="item-text">Security Software</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

</ul> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

<li class="nav-tree-cat-3"><a href="/#category-3"><span class="item-text">Windows and Software Problems (not due to infection)</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.

<ul role="navigation"> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-3"><a href="http://qmalwareremoval.freeforums.net/board/3/windows"><span class="item-text">Windows</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-4"><a href="http://qmalwareremoval.freeforums.net/board/4/third-party-software"><span class="item-text">Third Party Software </span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

</ul> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

<li class="nav-tree-cat-1"><a href="/#category-1"><span class="item-text">General</span><div class="clear"></div></a> => Error: No automatic fix found for this entry.

<ul role="navigation"> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-1"><a href="http://qmalwareremoval.freeforums.net/board/1/general-board"><span class="item-text">General Board</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

<li class="nav-tree-board-7"><a href="http://qmalwareremoval.freeforums.net/board/7/penthouse-play-pen"><span class="item-text">Penthouse Play Pen</span><div class="clear"></div></a></li> => Error: No automatic fix found for this entry.

</ul> => Error: No automatic fix found for this entry.

</li> => Error: No automatic fix found for this entry.

</ul></div><script type="text/javascript"> => Error: No automatic fix found for this entry.

var offset = ($.browser.msie && parseInt($.browser.version) == 8) ? '3 -1' : '3 0'; => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

$('#nav-tree-menu-0') => Error: No automatic fix found for this entry.

.addClass('nav-tree-menu') => Error: No automatic fix found for this entry.

.menu({ => Error: No automatic fix found for this entry.

position: { => Error: No automatic fix found for this entry.

my: 'left top', => Error: No automatic fix found for this entry.

at: 'left bottom', => Error: No automatic fix found for this entry.

offset: offset, => Error: No automatic fix found for this entry.

of: $('#nav-tree-branch-0'), => Error: No automatic fix found for this entry.

collision: 'flipfit' => Error: No automatic fix found for this entry.

}, => Error: No automatic fix found for this entry.

button: $('#nav-tree-branch-0'), => Error: No automatic fix found for this entry.

showDelay: 400, => Error: No automatic fix found for this entry.

show: function() { => Error: No automatic fix found for this entry.

var self = $(this); => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

// Make sure all other menus are closed => Error: No automatic fix found for this entry.

$('.popup_html > ul').not(self).menu('hide'); => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

$(document).on('mousemove', function(e) { => Error: No automatic fix found for this entry.

var elem = $(e.target); => Error: No automatic fix found for this entry.

if(elem.parents('#nav-tree, .popup_html').length == 0 && !elem.is('#nav-tree, .popup_html') && !$('#nav-tree-menu-0').data('hotkey-open')) { => Error: No automatic fix found for this entry.

self.menu('hide'); => Error: No automatic fix found for this entry.

$(document).unbind('mousemove'); => Error: No automatic fix found for this entry.

} => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

} => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<div id="top-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

oz_api = 'valuation'; => Error: No automatic fix found for this entry.

oz_site = '7781/12408'; => Error: No automatic fix found for this entry.

oz_zone = '135274'; => Error: No automatic fix found for this entry.

oz_ad_slot_size = '728x90'; => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

$(document).ready(function() { => Error: No automatic fix found for this entry.

$('#top-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); => Error: No automatic fix found for this entry.

var f = $('#top-ad-banner iframe'); => Error: No automatic fix found for this entry.

var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=ATF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.0194915914371485&uid=0'; => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { => Error: No automatic fix found for this entry.

u = u + '&rtp=' + rp_valuation.estimate.tier; => Error: No automatic fix found for this entry.

} => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

f.attr('src', u); => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

$(window).load(function() { => Error: No automatic fix found for this entry.

var topAd = $('#top-ad-banner'); => Error: No automatic fix found for this entry.

if (topAd.prop('scrollHeight') < 90) { => Error: No automatic fix found for this entry.

topAd.css('height', 'auto').html( => Error: No automatic fix found for this entry.

'<b>Please consider supporting this website by disabling your ad-blocker.<br />' + => Error: No automatic fix found for this entry.

'This website does not use audio ads, popups, or other annoyances. Thank you!</b>' => Error: No automatic fix found for this entry.

); => Error: No automatic fix found for this entry.

$("head").append('<style type="text/css">#top-ad-banner { display: block !important; }</style>'); => Error: No automatic fix found for this entry.

} => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

</script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/Dox5kMQpamIWhhKOo03B.js" data-plugin="2" data-component="3"></script><script type="text/javascript" src="http://storage.proboards.com/5448498/j/IcEbexbhe_w0Gho77dWK.js" data-plugin="7" data-component="10"></script> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<div id="content" role="main"> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<div class="container error"> => Error: No automatic fix found for this entry.

<div class="title-bar"> => Error: No automatic fix found for this entry.

<h2>Oops, there was an error!</h2> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

<div class="content pad-all cap-bottom auto-overflow"> => Error: No automatic fix found for this entry.

Guests do not have access to download attachments. Please log in and try again. => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<script type="text/javascript" src="http://ads.pro-market.net/ads/scripts/site-131222.js"></script><script type="text/javascript"> => Error: No automatic fix found for this entry.

(function() { => Error: No automatic fix found for this entry.

var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true; => Error: No automatic fix found for this entry.

nstrack.src = "http://track.netshelter.net/async/js/sites/proboards.com-async.js"; => Error: No automatic fix found for this entry.

el_nstrack.parentNode.insertBefore(nstrack, el_nstrack); => Error: No automatic fix found for this entry.

})(); => Error: No automatic fix found for this entry.

</script><div style="margin-bottom: 2px; text-align: center;"><a href="https://www.proboards.com/store/add_cart/ad_free/50000/qmalwareremoval.freeforums.net/1">Click here to remove banner ads from this forum.</a></div> => Error: No automatic fix found for this entry.

<div id="bottom-ad-banner" style="height: 90px; width: 728px; margin: 0 auto 10px; text-align: center;"> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

oz_api = 'valuation'; => Error: No automatic fix found for this entry.

oz_site = '7781/12408'; => Error: No automatic fix found for this entry.

oz_zone = '135276'; => Error: No automatic fix found for this entry.

oz_ad_slot_size = '728x90'; => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

<script type="text/javascript" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=7781/12408"></script> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

$(document).ready(function() { => Error: No automatic fix found for this entry.

$('#bottom-ad-banner').append('<iframe class="pb-ads" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>'); => Error: No automatic fix found for this entry.

var f = $('#bottom-ad-banner iframe'); => Error: No automatic fix found for this entry.

var u = 'http://ads.proboards.com/ad.pl?as=728x90&ap=BTF&f=5448498&s=0&fc=4&d=qmalwareremoval.freeforums.net&g=&a=&cb=0.277119734738761&uid=0'; => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

if (typeof(rp_valuation) !== "undefined" && typeof(rp_valuation.estimate) !== "undefined" && typeof(rp_valuation.estimate.tier) !== "undefined") { => Error: No automatic fix found for this entry.

u = u + '&rtp=' + rp_valuation.estimate.tier; => Error: No automatic fix found for this entry.

} => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

f.attr('src', u); => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

<footer role="contentinfo"> => Error: No automatic fix found for this entry.

<p class="footer-text"> => Error: No automatic fix found for this entry.

This Forum Hosted For FREE By <a href="http://www.proboards.com/" target="_blank">ProBoards</a><br /> => Error: No automatic fix found for this entry.

Get Your Own <a href="http://www.proboards.com/" target="_blank">Free Message Boards & Free Forums</a>! => Error: No automatic fix found for this entry.

</p> => Error: No automatic fix found for this entry.

<div class="footer-links"> => Error: No automatic fix found for this entry.

<a href="http://www.proboards.com/tos" accesskey="8">Terms of Service</a> | => Error: No automatic fix found for this entry.

<a href="http://www.proboards.com/privacy">Privacy Policy</a> | => Error: No automatic fix found for this entry.

<a href="http://www.proboards.com/privacy#enhanced">Notice</a> | => Error: No automatic fix found for this entry.

<a href="http://www.viglink.com/policies/ftc" target="_blank">FTC Disclosure</a> | => Error: No automatic fix found for this entry.

<a href="http://www.proboards.com/report-abuse" accesskey="7">Report Abuse</a> | => Error: No automatic fix found for this entry.

<a href="http://www.proboards.com/mobile-forum-app">Mobile</a> => Error: No automatic fix found for this entry.

| <a href="http://www.proboards.com/ads"><b>Advertise Here</b></a> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

</footer> => Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

var _gaq = _gaq || []; => Error: No automatic fix found for this entry.

_gaq.push(['_setAccount', 'UA-3734504-3']); => Error: No automatic fix found for this entry.

_gaq.push(['_setDomainName', 'none']); => Error: No automatic fix found for this entry.

_gaq.push(['_setAllowLinker', true]); => Error: No automatic fix found for this entry.

_gaq.push(['_trackPageview']); => Error: No automatic fix found for this entry.

(function() { => Error: No automatic fix found for this entry.

var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; => Error: No automatic fix found for this entry.

ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; => Error: No automatic fix found for this entry.

var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); => Error: No automatic fix found for this entry.

})(); => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

<script type="text/javascript"> => Error: No automatic fix found for this entry.

var vglnk; => Error: No automatic fix found for this entry.

$(document).ready(function() { => Error: No automatic fix found for this entry.

vglnk = { => Error: No automatic fix found for this entry.

api_url: '//api.viglink.com/api', key: 'bbb516d91daee20498798694a42dd559' => Error: No automatic fix found for this entry.

}; => Error: No automatic fix found for this entry.

var vglnkSrc = ('https:' == document.location.protocol ? vglnk.api_url : '//cdn.viglink.com/api') + '/vglnk.js'; => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

// VigLink ProBoards Convert Code (using above key) => Error: No automatic fix found for this entry.

var s = document.createElement('script'); => Error: No automatic fix found for this entry.

s.type = 'text/javascript'; s.async = true; s.src = vglnkSrc; => Error: No automatic fix found for this entry.

document.body.appendChild(s); => Error: No automatic fix found for this entry.

}); => Error: No automatic fix found for this entry.

</script> => Error: No automatic fix found for this entry.

</div> => Error: No automatic fix found for this entry.

=> Error: No automatic fix found for this entry.

</body> => Error: No automatic fix found for this entry.

</html> => Error: No automatic fix found for this entry.

==== End of Fixlog ====

Quads Malware Removalists In New Zealand Posts: 9,387	Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 22:14:56 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Oct 26, 2014 22:14:56 GMT -8 You have not done as instructed correctly for downloading the fixlist.txt you have downloaded it as htm(l) with html code format inside in .txt format Quads

bbcode3
New Helpee

Posts: 25

Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 22:39:53 GMT -8

Post by bbcode3 on Oct 26, 2014 22:39:53 GMT -8

I am very sorry. I believe I did it right this time.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Brandon at 2014-10-27 01:28:21 Run:2
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon & UpdatusUser (Available profiles: Brandon & Morgandy & Kammie Jo & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2046384403-2357638149-873898192-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm029YYus&ptb=7A9AAF44-3266-4CDE-8235-5F655C2267EA&ind=2011042110&ptnrS=CDxdm029YYus&si=17747&n=77de113e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {7F5B6B31-E3C2-4E7A-A6C2-D5E336934773} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=021FC6A1-84DA-4848-8104-01EE576C9B77&apn_sauid=5031A73F-A7C1-4762-AE91-CD0F6B688917
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0C0B0FtCyC0D0ByE0B0FyEtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAtCzzzz0AyE0BtG0BtByDtAtG0A0EtDtBtGtA0Dzz0AtGtB0BzztCzz0F0Dzy0E0DtDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0D0BtDyEzytCtGtB0AyCyEtGyD0ByBtDtG0AyD0E0BtGtBtB0E0C0FyE0B0FtDyD0AyB2Q&cr=1989031545&ir=
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
C:\Program Files (x86)\Ask.com
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF user.js: detected! => C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\user.js
FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\CouponAlert_2p.xml
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",SVC
c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
c:\Program Files (x86)\Optimizer Pro
R1 {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64; C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys [61080 2014-08-19] (StdLib)
S3 WinDriver6; system32\DRIVERS\Windrvr6.sys [X
C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys
2014-10-26 20:33 - 2014-10-26 20:33 - 00000739 _____ () C:\Users\Brandon\Desktop\DelFix.txt
2014-10-26 20:32 - 2014-10-26 20:32 - 00070656 _____ () C:\Windows\system32\uescg.dll
2014-10-26 20:32 - 2014-10-26 20:32 - 00000000 _____ () C:\Windows\system32\rqxphc.dll
2014-10-25 05:16 - 2014-10-25 16:06 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-25 02:56 - 2014-10-25 02:56 - 00173175 _____ () C:\Users\Brandon\Desktop\scan 2 Shortcut.txt
2014-10-25 02:56 - 2014-10-25 02:56 - 00097782 _____ () C:\Users\Brandon\Desktop\scan 2 FRST.txt
2014-10-25 02:56 - 2014-10-25 02:56 - 00047238 _____ () C:\Users\Brandon\Desktop\scan 2 Addition.txt
2014-10-25 02:48 - 2014-10-25 02:48 - 00079543 _____ () C:\Users\Brandon\Desktop\scan 1 FRST.txt
2014-10-25 02:48 - 2014-10-25 02:48 - 00046398 _____ () C:\Users\Brandon\Desktop\scan 1 Addition.txt
2014-10-23 22:26 - 2014-10-23 22:26 - 00008518 _____ () C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-23 22:26 - 2014-10-23 22:26 - 00008518 _____ () C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-23 22:26 - 2014-10-23 22:26 - 00004200 _____ () C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-23 22:26 - 2014-10-23 22:26 - 00004200 _____ () C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-23 22:26 - 2014-10-23 22:26 - 00000274 _____ () C:\Users\Brandon\AppData\Roaming\INSTALL_TOR.URL
2014-10-23 22:26 - 2014-10-23 22:26 - 00000274 _____ () C:\Users\Brandon\AppData\INSTALL_TOR.URL
2014-10-23 22:15 - 2014-10-23 22:15 - 00008518 _____ () C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-23 22:15 - 2014-10-23 22:15 - 00004200 _____ () C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-23 22:15 - 2014-10-23 22:15 - 00000274 _____ () C:\Users\Brandon\AppData\Local\INSTALL_TOR.URL
2014-10-23 22:07 - 2014-10-23 22:07 - 00008518 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-23 22:07 - 2014-10-23 22:07 - 00004200 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-23 22:07 - 2014-10-23 22:07 - 00000274 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-09-27 14:19 - 2014-09-27 14:19 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Astromenda
C:\Users\Brandon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwmb5b.dll
C:\Users\Brandon\AppData\Local\Temp\ERUNT.exe
C:\Users\Brandon\AppData\Local\Temp\ose00000.exe
C:\Users\Brandon\AppData\Local\Temp\_is24FE.exe
C:\Users\Brandon\AppData\Local\Temp\_is255C.exe
C:\Users\Brandon\AppData\Local\Temp\_is3769.exe
CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0FDE7062-A578-4038-831E-F6A45C68933D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {3CFA0540-BD30-48D4-917C-F551E5F2CA3F} - System32\Tasks\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E} => C:\Windows\system32\uescg.dll [2014-10-26] ()
Task: {95B789D4-D6A8-499E-8F96-2BB32BA4CC61} - System32\Tasks\thpm1537528073495612640 => \\.\globalroot\Device\HarddiskVolume2\Users\Brandon\AppData\Local\Temp\thpm1537528073495612640.tmp <==== ATTENTION
Task: {E6EA9F8C-7677-4011-8253-8A49A762ADD0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {EECF8C67-5CC6-4919-A237-23BBFBE70F77} - System32\Tasks\WSE_Astromenda => C:\Users\Brandon\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-19] ()
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Brandon\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!! (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt\tqmgxtcusbs.exe
C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt
end
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F5B6B31-E3C2-4E7A-A6C2-D5E336934773}" => Key deleted successfully.
"HKCR\CLSID\{7F5B6B31-E3C2-4E7A-A6C2-D5E336934773}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
"HKCR\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value deleted successfully.
"HKCR\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
"HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} => value deleted successfully.
"HKCR\CLSID\{37153479-1976-43C3-A1EE-557513977B64}" => Key not found.
"HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => Key deleted successfully.
C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found.
C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\user.js => Moved successfully.
C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\Astromenda.xml => Moved successfully.
C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0q62i0wv.default\searchplugins\CouponAlert_2p.xml => Moved successfully.
70e6ca8c => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll" => File/Directory not found.
"c:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64 => Service stopped successfully.
{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64 => Service deleted successfully.
WinDriver6 => Service deleted successfully.
C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys => Moved successfully.
C:\Users\Brandon\Desktop\DelFix.txt => Moved successfully.
C:\Windows\system32\uescg.dll => Moved successfully.
Could not move "C:\Windows\system32\rqxphc.dll" => Scheduled to move on reboot.
C:\ProgramData\wrnhoah.tmp => Moved successfully.
C:\Users\Brandon\Desktop\scan 2 Shortcut.txt => Moved successfully.
C:\Users\Brandon\Desktop\scan 2 FRST.txt => Moved successfully.
C:\Users\Brandon\Desktop\scan 2 Addition.txt => Moved successfully.
C:\Users\Brandon\Desktop\scan 1 FRST.txt => Moved successfully.
C:\Users\Brandon\Desktop\scan 1 Addition.txt => Moved successfully.
C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Brandon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Brandon\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Brandon\AppData\Roaming\INSTALL_TOR.URL => Moved successfully.
C:\Users\Brandon\AppData\INSTALL_TOR.URL => Moved successfully.
C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Brandon\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Brandon\AppData\Local\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\INSTALL_TOR.URL => Moved successfully.
C:\Users\Brandon\AppData\Local\Astromenda => Moved successfully.
"C:\Users\Brandon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwmb5b.dll" => File/Directory not found.
C:\Users\Brandon\AppData\Local\Temp\ERUNT.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\_is24FE.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\_is255C.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\_is3769.exe => Moved successfully.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-2046384403-2357638149-873898192-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FDE7062-A578-4038-831E-F6A45C68933D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FDE7062-A578-4038-831E-F6A45C68933D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CFA0540-BD30-48D4-917C-F551E5F2CA3F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFA0540-BD30-48D4-917C-F551E5F2CA3F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F753DDFC-F311-BBB0-D742-35C4EF8DD97E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95B789D4-D6A8-499E-8F96-2BB32BA4CC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B789D4-D6A8-499E-8F96-2BB32BA4CC61}" => Key deleted successfully.
C:\Windows\System32\Tasks\thpm1537528073495612640 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\thpm1537528073495612640" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6EA9F8C-7677-4011-8253-8A49A762ADD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6EA9F8C-7677-4011-8253-8A49A762ADD0}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EECF8C67-5CC6-4919-A237-23BBFBE70F77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EECF8C67-5CC6-4919-A237-23BBFBE70F77}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!! (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Brandon\Downloads\Fwd_ FW_ WHAT A ROADSIDE BOMB LOOKS LIKE..,.WHEN YOU'RE LUCKY!!!!!.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Brandon\Documents\KJ's Mercy Bill- Collections.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt\tqmgxtcusbs.exe" => File/Directory not found.
C:\Users\Brandon\AppData\Local\Temp\hdmqbdlqt => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-27 01:32:53)<=

C:\Windows\system32\rqxphc.dll => Is moved successfully.

==== End of Fixlog ====

Quads Malware Removalists In New Zealand Posts: 9,387	Trojan issue dllhost *32 COM surrogate major issue #? Oct 26, 2014 23:01:04 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Oct 26, 2014 23:01:04 GMT -8 The last step was to just take items and break malware apart, some go into quarantine Now though in Normal Mode the system should be running a lot better and dllhost.exe should quieten down. Quads

Quads
Malware Removalists

In New Zealand

Posts: 9,387

Trojan issue dllhost *32 COM surrogate major issue #? Oct 27, 2014 0:04:21 GMT -8

Post by Quads on Oct 27, 2014 0:04:21 GMT -8

We are not finished yet, I am just stating that the running Malware should at least be broken and the system (PC acting more normally)

Any files encrypted by the ransomware that has at some run to some extent on your system are gone, doesn't matter if it is 1 file or 1,000 files.
They can not be reversed by anyone except the bad guys.

Quads

Quads
Malware Removalists

In New Zealand

Posts: 9,387

Trojan issue dllhost *32 COM surrogate major issue #? Oct 27, 2014 9:49:17 GMT -8

Post by Quads on Oct 27, 2014 9:49:17 GMT -8

Read carefully

Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop

The Blue

Download Now
@bleeping Computer

button and run a scan (Scan Button). It will create a log after. Or there is a Report button,

ONE SCAN ONLY

Attach or paste the log back here

Quads

bbcode3 New Helpee Posts: 25	Trojan issue dllhost *32 COM surrogate major issue #? Oct 27, 2014 16:52:01 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by bbcode3 on Oct 27, 2014 16:52:01 GMT -8 pastebin.com/cFj1fg0p

Quads
Malware Removalists

In New Zealand

Posts: 9,387

Trojan issue dllhost *32 COM surrogate major issue #? Oct 27, 2014 18:11:45 GMT -8

Post by Quads on Oct 27, 2014 18:11:45 GMT -8

a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending)

b) Make sure all of the items under each TAB are to be ticked.

c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.

d) It should create a new log afterwards (with S0 in the name).

Here is a Screenshot example

Quads

Trojan issue dllhost *32 COM surrogate major issue #?

Post by bbcode3 on Oct 26, 2014 20:55:06 GMT -8

Post by Quads on Oct 26, 2014 20:55:20 GMT -8

Post by bbcode3 on Oct 26, 2014 22:11:31 GMT -8

Post by Quads on Oct 26, 2014 22:14:56 GMT -8

Post by bbcode3 on Oct 26, 2014 22:39:53 GMT -8

Post by Quads on Oct 26, 2014 23:01:04 GMT -8

Post by Quads on Oct 27, 2014 0:04:21 GMT -8

Post by Quads on Oct 27, 2014 9:49:17 GMT -8

Post by bbcode3 on Oct 27, 2014 16:52:01 GMT -8

Post by Quads on Oct 27, 2014 18:11:45 GMT -8