Inactive COM surrogate problem, FastStone viewer issue

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Irving-Harring

Thread Starter
Joined
Jul 23, 2021
Messages
1
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20210321104105.000000-240
Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics
Hard Drives: A: 894 GB (871 GB Free); C: 909 GB (220 GB Free); E: 9313 GB (5103 GB Free); F: 13038 GB (7504 GB Free);
Motherboard: Dell Inc. 084J0R, ver A00, s/n CHS9CY1.CN7016339201XI.
System: Dell Inc., ver DELL - 1072009, s/n CHS9CY1
Antivirus: Windows Defender, Disabled

I just noticed that despite the fact that I have Kaspersky free antivirus and it's supposedly turned on, it doesn't show in the info above!

Various problems began today when I tried to view photos in a desktop folder. There are approx 45 photos and one MP4 file in that folder.
My primary photo viewer is FastStone. As I recall, I attempted to open that folder in FastStone and it wouldn't fully load some 8 hours ago. I then opened task manager and noticed that COM surrogate was showing exceptionally high resource use. I disabled it. I was then able to close the image folder. However, when I tried to open the folder and photo files again, the problem reappeared and locked up my computer. I restarted my computer with the same result. I then ran Ccleaner, Zemana, and Malwarebytes. I found various infections. I deleted them all. Upon trying FastStone again, the problem re-appeared. I ran RKill, TDSSKiller, Microsoft, Emsisoft and Kaspersky (unattended) in Windows_Repair_Toolbox. Various infections were found and deleted. I have attached the reports from FRST, Malwarebytes, etc. below. I then deleted FastStone and reinstalled it. After that, I ran various virus scans on the offending folder. Coming up clean, I attempted to open the folder again with Windows Explorer and FastStone. The same problem of locking up the files and folder repeated. So, now, barely able to escape the file/folder lockup scenario again (currently with 3 instances of COM surrogate - one of them being Very High in resource use appearing in task manager) and out of reasonable options, I've come here to seek your expertise. HELP, and thanks SO much for your assistance!!

Sincerely, A Struggling Teacher/Windows 10 User...

PS: I am now going to disable Kaspersky and re-initiate Windows Defender
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,185
Sincerely, A Struggling Teacher/Windows 10 User...
That makes us two here. :)

Let me know how you want me to call you here.

Welcome to TSG Forums.


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

===================

Currently reviewing your logs. I will be back to you as soon as I am ready.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,185
Well, let's begin.

Here are my first comments/instructions regarding your logs:

1. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2 below.

2. Uninstall programs

Many of the programs you have installed do the same job (e.g. Youtube Downloaders, screen recorders, file finders, video converters, photo viewers...). And there is also the preinstalled software (Dell SupportAssist). Do you really need all these programs? Personally I keep only the programs I need/use. I recommend you to take a good look into your programs list and uninstall whatever you don't need/use.

Seriously consider to uninstall the following:

You have already installed Kaspersky Security Cloud and Malwarebytes (plus the built-in Windows 10 Windows Defender). More security solutions doesn't protect you more. Sometimes, many antivirus programs cause issues and conflicts. So, consider to uninstall
Code:
HitmanPro 3.8
Zemana AntiMalware version 3.2.27

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities. So consider to uninstall
Code:
Glary Utilities 5.169
CCleaner
If you keep CCleaner, then do not use the registry cleaning option.

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

First, uninstall
Code:
Java 8 Update 291

Question about this:

You have Microsoft 365 Apps for enterprise installed. Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus) is a business subscription plan that charges per user rather than per device. Does the computer belongs to a company? If it's yours, do you have a legal subscription about Microsoft 365 Apps for enterprice?

If you don't have a legal subscription, then you have to consider to uninstall that. As an alternative you can use free Microsoft Office Online, or any other free Office platform, like Libre Office or Free Office.


3. Uninstall a Chrome extension

Open Chrome.
At the top right choose More (the three vertical dots) > More Tools > Extensions
Find TMS - Torrent search, and remove it, clicking on Remove.
Confirm the action by clicking Remove once again.


4. Notifications from Chrome / Startup page

Did you intentionally enabled notifications from these sites?
Code:
hxxps://3gpking.pro;
hxxps://time4news.net;
hxxps://ugy9m.njnxhh.com
Also... your Chrome start page is a browser hijacker (mybrowserbar.com).


5. Fresh FRST logs

After the above, I would like to see fresh FRST logs (FRST and Addition).


In your next reply please post:
  1. Which programs did you uninstall
  2. If everything went fine with the extension removal
  3. Your reply about Chrome's notifications
  4. Fresh FRST logs (FRST and Addition)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,185
Hello.

Do you still need assistance?

Asking for help, providing your logs for analysis and then go away, is not just a simple thing. Plus, it's not kind at all. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.

Let me know if you need time to proceed to my instructions. Otherwise, I will mark the topic as Inactive.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,185
I'm leaving this thread due to lack of feedback. If you still need assistance, you can post here again, or, if the thread is closed, send me a personal message (hover the mouse on my profile avatar and press Start a conversation) with a link to the topic.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top