DLLHost exe COM Surrogate issues as well

[Retroidboy]

I appreciate any help you can offer! As a sidenote, I was going to upload my most recent TDSS Killer txt report which is 1MB and I was denied as it is too large? Also, I went to run FRST but my computer (it appears Windows and Norton 360) are trying to block it from running. Please let me know suggestions for this if I should upload these reports. Thanks!

 

[argus]

Temporarily disable your AntiVirus program
http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html




Please download Farbar Recovery Scan Tool (

) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Retroidboy]

Both files attached.

 

[argus]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
CustomCLSID: HKU\S-1-5-21-3206187381-2438941941-2778250019-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
HKU\S-1-5-21-3206187381-2438941941-2778250019-1001\...\MountPoints2: {0a6bd776-dc4c-11e2-bc28-180373e4033a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3206187381-2438941941-2778250019-1001\...\MountPoints2: {925b8d3a-bd1d-11e1-a42e-180373e4033a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3206187381-2438941941-2778250019-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
URLSearchHook: HKCU - Default Value = {6f52f077-2dbf-f864-8da7-73cc1a21005a}
URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll ()
SearchScopes: HKLM-x32 - {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadzipfree&ptb=D3804D96-5FE9-4080-9018-0C338711E0DF&ind=2014103121&n=780cc651&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadzipfree&ptb=D3804D96-5FE9-4080-9018-0C338711E0DF&ind=2014103121&n=780cc651&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {BF9F369D-97DF-4F15-B283-4F563B837A91} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=D27F81F8-5B26-4257-9AC3-9FA8681D0EA0&apn_sauid=FD1DEE67-FC18-4F7D-A9D0-A4714C740756
BHO-x32: Upromise RewardU Toolbar BHO -> {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} -> C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
C:\Program Files (x86)\Upromise RewardU Toolbar
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
Toolbar: HKCU - No Name - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
S3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [X]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [X]
C:\Windows\SysWOW64\00031322.tmp
C:\Windows\SysWOW64\00028703.tmp
C:\Windows\SysWOW64\00023811.tmp
C:\Windows\SysWOW64\00027352.tmp
C:\Windows\SysWOW64\00023783.tmp
C:\Windows\system32\Drivers\lvuvc.hs
EmptyTemp:
CMD: bitsadmin /reset /allusers
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

 

[Retroidboy]

Just finished. I do not have any com surrogates running in task manager at the moment. Looking good!? Fixlog is attached.

 

[argus]

Looking good.


• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



Cheers.

 

[Retroidboy]

Hi, thanks for everything. System is working great! $ donated! Enjoy a few (insert drink of choice) on me.