Solved dllhost.exe Com Surrogate Memory Usage

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
This Dregol program came with a free file reader I downloaded. I went through the malware removal steps on this site which were great but it seems to have come back somehow. Not sure what to do. Any help would be appreciated thanks.
 

Attachments

  • FRST.txt
    96.9 KB · Views: 26
  • AdwCleaner[R1].txt
    1.5 KB · Views: 55
  • Addition.txt
    15.1 KB · Views: 21
  • Addition.txt
    15.1 KB · Views: 20
  • FRST.txt
    96.9 KB · Views: 17
  • AdwCleaner[R1].txt
    1.5 KB · Views: 17

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
Came up clean
 

Attachments

  • FRST.txt
    97.2 KB · Views: 18
  • mbar-log-2015-05-26 (13-36-34).txt
    2.1 KB · Views: 17
  • system-log.txt
    26.1 KB · Views: 18

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
I ran adwcleaner and the same thing was back again in Chrome. It cleaned it again but it seems like its not really gone. I haven't added any programs or opened any files since the first cleanup. Its still the same bugger. Haha.
 

Attachments

  • AdwCleaner[S2].txt
    1.7 KB · Views: 21
  • Addition.txt
    15.9 KB · Views: 23
  • FRST.txt
    97.7 KB · Views: 22

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I see no malware here.

FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please re-run
51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Attachments

  • fixlist.txt
    813 bytes · Views: 19

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
Looks clean to me. I have no idea what's happening. You're getting a donation either way.
 

Attachments

  • Fixlog.txt
    2 KB · Views: 13
  • Malwarebytes.txt
    1 KB · Views: 17

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
Once again I run ADWCleaner and this dregol.com comes up under Chome: Startup_urls and also Homepage, even though I've uninstalled it and deleted it a few times through ADW Cleaner. How can I remove it completely?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Looks clean to me. I have no idea what's happening. You're getting a donation either way.

Let's find out ;)


Let's try this:

51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    chrdefaults;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
During the running an error message came up:
DaS_21.exe-Net ramework Initiation error . Must install V4.0.30319
 

Attachments

  • zoek-results.txt
    12.3 KB · Views: 53

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's run one more Zoek fix:

51a612a8b27e2-Zoek.png
Fix with ZOEK

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    chrdefaults;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
Hopefully clean enough to access paypal safety. Just donated.
Seems a little slow in chrome. I'm wondering if maybe some hardware issues.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
 

Attachments

  • fixlist.txt
    693 bytes · Views: 39

Grizzo

New Member
Thread author
Verified
May 26, 2015
25
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 6/2/2015 7:05:28 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Gregogorio-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
133632 file records processed.

File verification completed.
273 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
172882 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
133632 file SDs/SIDs processed.

Cleaning up 328 unused index entries from index $SII of file 0x9.
Cleaning up 328 unused index entries from index $SDH of file 0x9.
Cleaning up 328 unused security descriptors.
Security descriptor verification completed.
19626 data files processed.

CHKDSK is verifying Usn Journal...
37353656 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
133616 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
233115140 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

976657407 KB total disk space.
43878524 KB in 72626 files.
51248 KB in 19627 indexes.
0 KB in bad sectors.
267071 KB in use by the system.
65536 KB occupied by the log file.
932460564 KB available on disk.

4096 bytes in each allocation unit.
244164351 total allocation units on disk.
233115141 allocation units available on disk.

Internal Info:
00 0a 02 00 69 68 01 00 d8 c3 02 00 00 00 00 00 ....ih..........
39 01 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 9...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-06-02T14:05:28.000000000Z" />
<EventRecordID>2125</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Gregogorio-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
133632 file records processed.

File verification completed.
273 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
172882 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
133632 file SDs/SIDs processed.

Cleaning up 328 unused index entries from index $SII of file 0x9.
Cleaning up 328 unused index entries from index $SDH of file 0x9.
Cleaning up 328 unused security descriptors.
Security descriptor verification completed.
19626 data files processed.

CHKDSK is verifying Usn Journal...
37353656 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
133616 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
233115140 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

976657407 KB total disk space.
43878524 KB in 72626 files.
51248 KB in 19627 indexes.
0 KB in bad sectors.
267071 KB in use by the system.
65536 KB occupied by the log file.
932460564 KB available on disk.

4096 bytes in each allocation unit.
244164351 total allocation units on disk.
233115141 allocation units available on disk.

Internal Info:
00 0a 02 00 69 68 01 00 d8 c3 02 00 00 00 00 00 ....ih..........
39 01 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 9...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top