dllhost.exe Com Surrogate problem - computer very slow

Status
Not open for further replies.

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
 

Attachments

  • Addition.txt
    20.5 KB · Views: 209
  • FRST.txt
    14.7 KB · Views: 253

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Hi,


You're missing Aswmbr report.

Thank you very much for your help! I ran the aswMBR scan twice and both times it caused the computer to shut down completely and did not produce a log. Do you have any suggestions about how I should try to run it again?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Sorry, I misunderstood you. Let's move on:




1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Sorry, I misunderstood you. Let's move on:




1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

I attempted to run ComboFix twice. Each time the program started and progressed through 3 or 4 stages and then stopped with a message indicating there was a connection problem. I was inable to continue.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
I am also getting an error message that says "Windows Defender - Application failed to initialize. A problem caused this programs service to stop". This message keeps coming up even if I shut down completely and restart. This may have resulted from trying to stop all virus or malware software prior to running ComboFix. Do you have any suggestions for this problem. Thank you very much for your help!
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try something different


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Let's try something different


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

I ran TDSSKILLER and did not receive any messages about suspicious or malicious objects. The LOGFILE is attached. Thanks again for your help!
 

Attachments

  • TDSSKiller.3.0.0.19_06.02.2014_17.19.29_log.txt
    163.9 KB · Views: 179

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try to run ComboFix one more time. If it is not located at Desktop , please move it.

Then, press Start button (between ctrl and alt) + R together. Run windows will open. Copy this and press OK.

Code:
"%userprofile%\desktop\combofix.exe" /killall
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Let's try to run ComboFix one more time. If it is not located at Desktop , please move it.

Then, press Start button (between ctrl and alt) + R together. Run windows will open. Copy this and press OK.

Code:
"%userprofile%\desktop\combofix.exe" /killall

ComboFix ran successfully. Log is attached. Many thanks for your help.
 

Attachments

  • ComboFix.txt
    8.1 KB · Views: 292

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Open notepad and copy/paste the text present inside the code box below:


Code:
Folder::
c:\users\Marjorie\AppData\Roaming\Fowacye
c:\users\Marjorie\Apps\NT
c:\users\Marjorie\AppData\Local\Omics
c:\users\Marjorie\AppData\Roaming\HpUpdate

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Msmdmwbs"=-
"Omics"=-
"GameServer518"=-
"Zyivfuubd"=-

ClearJavaCache::
Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Open notepad and copy/paste the text present inside the code box below:


Code:
Folder::
c:\users\Marjorie\AppData\Roaming\Fowacye
c:\users\Marjorie\Apps\NT
c:\users\Marjorie\AppData\Local\Omics
c:\users\Marjorie\AppData\Roaming\HpUpdate
 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Msmdmwbs"=-
"Omics"=-
"GameServer518"=-
"Zyivfuubd"=-
 
ClearJavaCache::
Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Copied items from your post to Notepad and dragged the file to ComboFix.exe. ComboFix then started and ran to completion. Log is attached. Your help is much needed and much appreciated.
 

Attachments

  • ComboFix.txt
    7.2 KB · Views: 208

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Tell me how is the situation now?



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
"TwinHeadedEagle, post: 161877, member: 6533"]Tell me how is the situation now?

The computer is running much faster since running ComboFix twice. That is very encouraging. Thanks.

I will work on the AdwCleaner next.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
"TwinHeadedEagle, post: 161877, member: 6533"]Tell me how is the situation now?

The computer is running much faster since running ComboFix twice. That is very encouraging. Thanks.

I ran AdwCleaner. Two logs were created and are attached. This program was run last year on this computer and the log files were still on the c drive. Is that why these files are R1 and S1? Many thanks.
 

Attachments

  • AdwCleaner[R1].txt
    901 bytes · Views: 133
  • AdwCleaner[S1].txt
    961 bytes · Views: 115

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
Computer seems clean, still any problems?

The computer is running much faster now. The steps you recommended seemed to be very effective. I still have several questions I would like to ask but I am about to leave my house and I will be gone most of the day. I will post another reply when time permits. Thank you very much for a job well done.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
No problem, ask everything you need :)


We can remove used tools now:



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

gwrsr

New Member
Thread author
Verified
Sep 29, 2013
29
No problem, ask everything you need :)

The computer is running much better now. The service you provided was very professional and very effective. I appreciate your help very much.
For the future, is there a program or programs you would recommend to protect against more problems? I hear about a number of free or free trial programs that are available but I don’t know about them. I understand that Microsoft has protection software for Windows that is available for free. My cable company, Charter, also has a security suite that I can download and use at no cost. I installed a free version of AVAST Antivirus on an older computer and it seems that it causes the computer to run slow at times, particularly at startup. I would appreciate your advice on the best way to go.
Thanks again for your help!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top