Com surrogate and tons of service host

[gimpmister]

I have several com surrogates and tons of service host with multiple definitions running in the background. I cannot run any scans because my computer won't run them and keeps restarting when I try. Is there anything I can do to stop the bleeding so that I can actually update it? I already tried a system restore. And I tried in safe mode.

Thanks

 

[argus]

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.

 

[gimpmister]

Ok, so I was able to get my computer to run this process and it came back saying it didn't find the virus.

 

[argus]

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[gimpmister]

I was finally able to get my computer to run the Farbar scan tool in Safe Mode, and am uploading the results here. Please let me know what I could do next! Thanks

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[gimpmister]

Thanks for all the help so far! I was able to run the fixlist and it gave me back this log. I am looking forward to seeing how the computer is running now!

 

[argus]

Glad I could help


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[gimpmister]

I am still running extremely slow with most of my disk space being used with tons of service host. Are there any other things you'd recommend that I could do from home? I still have COM Surrogates running as well.

Thanks

 

[argus]

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.

 

[gimpmister]

So I was able to download this cleaner and run it and it came back negative. Are there any other cleaners or processes that I can run? Thanks so much for the help. I really appreciate any more help you can give.

 

[argus]

Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[gimpmister]

I am still only able to run the program in safe mode, but here are the results. Thank you again for all the help.

 

[argus]

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• AVG
• Norton

Uninstallation procedure:

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

 

[gimpmister]

Just finished uninstalling AVG. Should I rerun Farbar?

 

[argus]

Run AVG remover
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2013_2706.exe

Re-run FRST in normal mode.

 

[gimpmister]

I was able to run the AVG remover, but every time I try to run FRST in normal mode, the application loads up and says "checking for update. Please wait..." up top but then it freezes and doesn't respond.

 

[argus]

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
• Accept the Terms of use.
• When the Scan button becomes available, please click it. RogueKiller will start a full scan.
• Let this process run uninterrupted!.
• When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

 

[gimpmister]

sadly my computer won't even let this program start up in normal mode. Should I run it in safe mode?

 

[argus]

Ok.