Multiple COM Surrogate Running and PC Slowdown/BSOD

[Minotaur667]

Greetings,

This issue popped up at least a month ago. It started with slight performance issues on programs and games but quickly escalated to major performance drops and regular Blue-Screens as well as total system lockups.
Multiple scans have ran over the past few days such as Avast Full System Scan (high sensitivity) and a Boot-Time Scan. I have also run Spybot 2.4 in a deep scan, along with RogueKiller and Malwarebytes rootkit Scan. All found and removed minor threats but none have solved the issue.

I have ran FRST and have attached the FRST and Addition files for your viewing.

Thank you in advance for your consideration.

 

[TwinHeadedEagle]

Hello,

Check Disk

• Press the
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the
  
  + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

System File Checker

• Press
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• sfc /scannow

• Windows will begin with system scan.
• When done, please reboot your system.

System File Checker report:

• Press
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

• Attach sfcdetails.txt from your Desktop in your next reply.

Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• If security notifications appear, click Continue or Run.
• Accept the prompt about restoring services.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

 

[Minotaur667]

Thank you for the expedient response.

The link to the Services Repair is broken. When I click it, it tells me: 404 Not Found, and when I try to find ESET Services Repair myself, other than one that costs money, I have no options to download it (even if I use another computer to try to get it via the link it says the same thing).

System File Checker came back as nothing wrong as well. Everything else is being done as I type this up.

I will post again with the results of everything else.

 

[Minotaur667]

Due to me realizing I hadn't attached the log file, here it is.

 

[Minotaur667]

Check Disk Results:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/04/2016 11:46:17 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: RaikohMkIV
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
464640 file records processed.

File verification completed.
4539 large file records processed.

0 bad file records processed.


Stage 2: Examining file name linkage ...
537194 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered to lost and found.


Stage 3: Examining security descriptors ...
Cleaning up 4883 unused index entries from index $SII of file 0x9.
Cleaning up 4883 unused index entries from index $SDH of file 0x9.
Cleaning up 4883 unused security descriptors.
Security descriptor verification completed.
36278 data files processed.

CHKDSK is verifying Usn Journal...
41379016 USN bytes processed.

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
464624 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...
13515430 free clusters processed.

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

124930047 KB total disk space.
70147292 KB in 206591 files.
141420 KB in 36279 indexes.
0 KB in bad sectors.
579615 KB in use by the system.
65536 KB occupied by the log file.
54061720 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
13515430 allocation units available on disk.

Internal Info:
00 17 07 00 81 b4 03 00 fd 3f 07 00 00 00 00 00 .........?......
ea 05 00 00 a6 09 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-04-10T13:46:17.261463100Z" />
<EventRecordID>4047</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>RaikohMkIV</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
464640 file records processed.

File verification completed.
4539 large file records processed.

0 bad file records processed.


Stage 2: Examining file name linkage ...
537194 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered to lost and found.


Stage 3: Examining security descriptors ...
Cleaning up 4883 unused index entries from index $SII of file 0x9.
Cleaning up 4883 unused index entries from index $SDH of file 0x9.
Cleaning up 4883 unused security descriptors.
Security descriptor verification completed.
36278 data files processed.

CHKDSK is verifying Usn Journal...
41379016 USN bytes processed.

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
464624 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...
13515430 free clusters processed.

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

124930047 KB total disk space.
70147292 KB in 206591 files.
141420 KB in 36279 indexes.
0 KB in bad sectors.
579615 KB in use by the system.
65536 KB occupied by the log file.
54061720 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
13515430 allocation units available on disk.

Internal Info:
00 17 07 00 81 b4 03 00 fd 3f 07 00 00 00 00 00 .........?......
ea 05 00 00 a6 09 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Minotaur667]

Still slower than it should be and still having skips. Blue-screens seem to have ceased but I still end up having 5 to 7 COM Surrogate processes running in task manager.

If you could generate a fix list file for me to run with FRST, it should resolve this thing.

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Minotaur667]

Scanned as asked and the results logfile is attached.

I noticed a new error popping up after the restart regarding dllhost.exe and I understand this is where COM Surrogate in Task Manager comes from. It say: "The instruction at 0x00007FF99F3100EA referenced memory at 0x00007FF99F3100E8. The memory could not be written. Click OK to terminate the program."
The error pops up again regardless of whether I close it or click OK.

 

[TwinHeadedEagle]

Okay, I would like to see one more FRST scan.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Minotaur667]

Okay, I have completed the FRST Scan as you requested and attached the two logfiles.

 

[Minotaur667]

bump

 

[TwinHeadedEagle]

Your PC isn't infected. Open your topic here and ask for help: Troubleshooting Software - Questions and Help!

 

[Minotaur667]

Hold on now. So, it was infected, but the steps I took that you told me to do left my PC in an almost broken state and now you won't help?

Near as I can tell, the steps you provided haven't actually fixed the problem but have sidestepped it and caused a new issue and now you won't help me with the problem that you caused.