dllhost.exe *32 COM Surrogate Replication issue.

Hi and welcome. You have a poweliks infection.


Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.


Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Please attach the above two log first before you continue with the below.
Also at this point, I want to double check the status of Poweliks by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.

 

Good evening.

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
• [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3047828496-4189209094-568212370-1000\Software\Microsoft\Windows\CurrentVersion\Run | gjdwgmvtzwwg : regsvr32.exe /s "C:\Users\Anna\AppData\Local\Temp\17a4\AppData\Local\Microsoft\gjdwgmvtzwwg.dll" -> Found
• [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3047828496-4189209094-568212370-1000\Software\Microsoft\Windows\CurrentVersion\Run | gjdwgmvtzwwg : regsvr32.exe /s "C:\Users\Anna\AppData\Local\Temp\17a4\AppData\Local\Microsoft\gjdwgmvtzwwg.dll" -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.




Now re run Malware Bytes, have it fix anything it may find and attach the log regardless.


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

• cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
• nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• GRK64 <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• SN64 <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

Attach the new MGlogs.zip

 

Run Adwcleaner and have it remove what it finds.

Also clean out as many temp files from this folder as Windows lets you.

• C:\Users\Anna\AppData\Local\Temp

How are things running?

 

Excellent!

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

Download OTC

• Close all programs.
• Start OTC program.
• Click the CleanUp! button.
• Select Yes when asked "Begin cleanup process".
• If you are asked to reboot, select Yes.
• If any logs remain on the computer you can remove them.

You can also delete JRT and ADWcleaner, and any files/folders they generated.