Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHOST.EXE *32 Com Surrogate problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 steve5125

steve5125

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 31 October 2014 - 06:47 AM

Here are the 2 DDS files.  Again, problem is that once PC is connected to internet 7-12 of these dllhost.exe *32  Com Surrogate processes start running and computer is very very slow and unusable.  

Attached Files


Edited by hamluis, 31 October 2014 - 07:02 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 31 October 2014 - 12:36 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 31 October 2014 - 01:15 PM

Hi Jürgen,

I appreciate your help and quick response.

Here are the two files requested.

 

Thanks ahead for your help!

Dave S.

 

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 31 October 2014 - 02:12 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 31 October 2014 - 04:26 PM

Here is ComboFix.txt.  Thanks Again!

Attached Files



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 01 November 2014 - 03:45 AM

Hi,

Step 1

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 November 2014 - 02:25 PM

Hi deepybka,

 

Here are files. 

Thanks again for your help!

 

 

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 01 November 2014 - 02:49 PM

Hi,

the FRST-Log seems to be empty... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 November 2014 - 03:06 PM

Does that mean the malware is fixed?

 

Is there anything more that should be done to fix the problem?



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 01 November 2014 - 03:12 PM

Does that mean the malware is fixed?

 Yes, the malware is fixed. But it means that the log is incomplete. Please rerun FRST and post the log. :)


Edited by deeprybka, 01 November 2014 - 03:13 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 November 2014 - 03:30 PM

I see! Do not know why that happened.  Let's try this again.  :)


With files!

Attached Files



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 01 November 2014 - 03:36 PM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 November 2014 - 06:46 PM

Here are files.

Still looks like there are potential viruses but different ones.

 

Also, the C:\ drive looks different:

1.  There is a $Recycle.bin, Boot, ComboFix.

2.  ComFix has c:\ and d:\ drives in it and a file I do not know about, My Web Sites on MSN (I do not use MSN).

 

 

Thanks!

Attached Files



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:10 AM

Posted 02 November 2014 - 07:06 AM

Still looks like there are potential viruses but different ones.

 
Hi,
what do you mean exactly?

Uninstall Combofix:
Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.
3w7i5uxa.png

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 steve5125

steve5125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 02 November 2014 - 02:49 PM

Sorry for the delay in responding. 

Looks like it is cleaning up well.

Did Combofix uninstall.

Here are FRST files, how do they look?

 

Thank you!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users