mangamaniac Posted January 25, 2015 ID:932664 Share Posted January 25, 2015 Recently I've taken to translating manga from Chinese to English (unlicensed at least in English). I think one of the Raws must of been infected. Scanned with Mal bytes and Microsoft ?Safety? Scanner and Win Def. Any processes I run which are taking up alot of RAM slow down after an hour in. Bringing up task manager show multiple 2-4 Com Surrogates Running traceing to dllhost.exe in Sys 32. Problem is. I do not have IE browser installed any longer nor were there any apps I have initiated that run to establish a Dcom server Event Viewer show: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:"2"Happened while starting this command:C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} this error appeared no less than 34 times over a period of 3 sec. Everytime which I bring up taskmanager I see the program dllhost.exe turn it self off. Close task manager, slow down returns. ad infinitum. Help appreciated. PS - Should need be, I can send copies of suspect raws which may have infected my computer. Link to post Share on other sites More sharing options...
Naathim Posted January 25, 2015 ID:932676 Share Posted January 25, 2015 Hello and welcome! I'm Radek and I'll try to help you with your issue. Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan Tool Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
mangamaniac Posted January 25, 2015 Author ID:932877 Share Posted January 25, 2015 Problem still persists. Com Surrogates still here. dllhost.exe priority is auto set to norm despite being shifted to low. All major apps in current use priority down graded to low. 001 - scan canceled- battery dry002 - curiosity to see if malware was detected again, FUBAR assessment003 - complete scan, undisturbed. Turned up clean Thanks for your timeFRST.txtAddition.txtMBAM_scan_of_sys32_001.txtMBAM_scan_of_sys32_003.txtMBAM_scan_of_sys32_002.txt Link to post Share on other sites More sharing options...
mangamaniac Posted January 26, 2015 Author ID:933232 Share Posted January 26, 2015 T Link to post Share on other sites More sharing options...
Naathim Posted January 28, 2015 ID:933822 Share Posted January 28, 2015 Hi,I am sorry, I have been flying more than 30h lately and wasn't able to respond properly. Scan with Malwarebytes' Anti-RootkitPlease download Malwarebytes' Anti-Rootkit and save the file to your desktop.Note that the tool is still in its BETA stage, therefore not all functionalities may be added.Right-click on icon and select Run as Administrator to start the tool.It will ask you for an extraction place - make sure you will unpack it to your desktop.After the extraction, the tool should start itself (no action required).On the Introduction screen click Next.On the Update screen click Update.When prompted about the succesful update, click Next.On the Scan System screen, make sure that all three optionsDriversSectorsSystemare checked for scanning and press Scan.Wait patiently and don't do anything on your machine while MBAR goes through your system!If no infection is found, just close the tool.If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.When finished (either with or without cleanup), please navigate to the MBAR directory.Search there for these two files:> mbar-log-date(time).txt> system-log.txtPlease include the content of both files in your reply. Link to post Share on other sites More sharing options...
mangamaniac Posted January 29, 2015 Author ID:934091 Share Posted January 29, 2015 Ran twice turned up clean. Surrogates still here. Rogue MS ? Link to post Share on other sites More sharing options...
Naathim Posted January 29, 2015 ID:934207 Share Posted January 29, 2015 Strange cause I don't see that in the logfiles. Unless the infection changed its vector or returned. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
mangamaniac Posted February 2, 2015 Author ID:935550 Share Posted February 2, 2015 got them here. College has been demandingAddition.txtFRST.txt Link to post Share on other sites More sharing options...
Naathim Posted February 4, 2015 ID:936109 Share Posted February 4, 2015 Hi and sorry for the delay.There's definitely no Poweliks here. Instead I think there's some internal problem. Run System Files CheckerSFC is internal Windows tool to verify the integration of critical system files.Press the on your keyboard.In the search box type in cmd and wait until it appears.Right-click on the cmd.exe and select Run as Administrator to start command prompt.Type in the following command: sfc /scannow and press enter. Note the space as marked: sfc_/scannow.Let in run unhindered. This procedure may take some time.Did it say that finished and no violations were found? Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:937929 Share Posted February 9, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts