Status
Not open for further replies.
Operating System
Windows Vista
Infection date and initial symptoms
January 21, 2014 the computer was running very slow.
Current issues and symptoms
Computer is still running very slow. I found about 36 copies of dllhost.exe COM Surrogate running at the same time and causing CPU Usage and Physical Memory to fluctuate wildly, at times approaching 100%.
Steps taken in order to remove the infection
None. I ran FRST scan and aswMBR scan. I ran the aswMBR scan twice and both times it caused the computer to shut down and did not produce a log.

gwrsr

New Member
Hi,


You're missing Aswmbr report.
Thank you very much for your help! I ran the aswMBR scan twice and both times it caused the computer to shut down completely and did not produce a log. Do you have any suggestions about how I should try to run it again?
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Sorry, I misunderstood you. Let's move on:




1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

gwrsr

New Member
Sorry, I misunderstood you. Let's move on:




1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
I attempted to run ComboFix twice. Each time the program started and progressed through 3 or 4 stages and then stopped with a message indicating there was a connection problem. I was inable to continue.
 

gwrsr

New Member
I am also getting an error message that says "Windows Defender - Application failed to initialize. A problem caused this programs service to stop". This message keeps coming up even if I shut down completely and restart. This may have resulted from trying to stop all virus or malware software prior to running ComboFix. Do you have any suggestions for this problem. Thank you very much for your help!
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Let's try something different


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

gwrsr

New Member
Let's try something different


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
I ran TDSSKILLER and did not receive any messages about suspicious or malicious objects. The LOGFILE is attached. Thanks again for your help!
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Let's try to run ComboFix one more time. If it is not located at Desktop , please move it.

Then, press Start button (between ctrl and alt) + R together. Run windows will open. Copy this and press OK.

Code:
"%userprofile%\desktop\combofix.exe" /killall
 

gwrsr

New Member
Let's try to run ComboFix one more time. If it is not located at Desktop , please move it.

Then, press Start button (between ctrl and alt) + R together. Run windows will open. Copy this and press OK.

Code:
"%userprofile%\desktop\combofix.exe" /killall
ComboFix ran successfully. Log is attached. Many thanks for your help.
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Open notepad and copy/paste the text present inside the code box below:


Code:
Folder::
c:\users\Marjorie\AppData\Roaming\Fowacye
c:\users\Marjorie\Apps\NT
c:\users\Marjorie\AppData\Local\Omics
c:\users\Marjorie\AppData\Roaming\HpUpdate

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Msmdmwbs"=-
"Omics"=-
"GameServer518"=-
"Zyivfuubd"=-

ClearJavaCache::
Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
 

gwrsr

New Member
Open notepad and copy/paste the text present inside the code box below:


Code:
Folder::
c:\users\Marjorie\AppData\Roaming\Fowacye
c:\users\Marjorie\Apps\NT
c:\users\Marjorie\AppData\Local\Omics
c:\users\Marjorie\AppData\Roaming\HpUpdate
 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Msmdmwbs"=-
"Omics"=-
"GameServer518"=-
"Zyivfuubd"=-
 
ClearJavaCache::
Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
 

gwrsr

New Member
Copied items from your post to Notepad and dragged the file to ComboFix.exe. ComboFix then started and ran to completion. Log is attached. Your help is much needed and much appreciated.
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Tell me how is the situation now?



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
 

gwrsr

New Member
"TwinHeadedEagle, post: 161877, member: 6533"]Tell me how is the situation now?

The computer is running much faster since running ComboFix twice. That is very encouraging. Thanks.

I will work on the AdwCleaner next.
 

gwrsr

New Member
"TwinHeadedEagle, post: 161877, member: 6533"]Tell me how is the situation now?

The computer is running much faster since running ComboFix twice. That is very encouraging. Thanks.

I ran AdwCleaner. Two logs were created and are attached. This program was run last year on this computer and the log files were still on the c drive. Is that why these files are R1 and S1? Many thanks.
 

Attachments

gwrsr

New Member
Computer seems clean, still any problems?
The computer is running much faster now. The steps you recommended seemed to be very effective. I still have several questions I would like to ask but I am about to leave my house and I will be gone most of the day. I will post another reply when time permits. Thank you very much for a job well done.
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
No problem, ask everything you need :)


We can remove used tools now:



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

gwrsr

New Member
No problem, ask everything you need :)

The computer is running much better now. The service you provided was very professional and very effective. I appreciate your help very much.
For the future, is there a program or programs you would recommend to protect against more problems? I hear about a number of free or free trial programs that are available but I don’t know about them. I understand that Microsoft has protection software for Windows that is available for free. My cable company, Charter, also has a security suite that I can download and use at no cost. I installed a free version of AVAST Antivirus on an older computer and it seems that it causes the computer to run slow at times, particularly at startup. I would appreciate your advice on the best way to go.
Thanks again for your help!
 
Status
Not open for further replies.