Problem Help removing malware? Made several attempts but got nowhere.

Type runs into the search box, choose run then type CHKDSK. When I tried to do that a window popped up saying chkdsk utility stop working.

I went to the C Drive within Windows Explorer-right clicked-selected properties-tools tab-selected CHKDSK for errors and check the box to recover fatal errors.

I restarted the system and CHKDSK is now running upon restart. I guess a bullet to ask, but was this what you intended me to do?

 

You got it... let it run then we can run SFC /scannow after it finishes..

 

Here's what I've got.

The CHKDSK said that the volume was clean.

I tried to pull a log from the event viewer. Every time I to launch the command prompt I get the dialog box that says COM surrogate has stopped working. I believe I get this error any time I've tried to use "run"to start anything. I have the same problem with starting the CHKDSK. Is there any other way to do the scan?

 

SCRATCHING MY OLD NOGGIN...... Let's backtrack, when you ran Zoek it made a restore point so execute that restore point and let's go back to where we started. Then see if you can scan with FRST and maybe I can find the problem in that log..

 

You don't BE darn, you ARE darn!.....

 

Well… I forgot to manually make a system restore point before running that program. I thought the program made a restore point.

I was not able to get to system restore running Windows normally, but I was able to get there under safe mode. The only restoration point was this morning.




I don't know if it's helpful, but I'm not receiving any of those windows telling me about different applications failing when I run in safe mode.

 

Zoek should have made a restore point... but maybe not..

go back here and see if you can make a FRST scan:

http://forums.afterdawn.com/threads...attempts-but-got-nowhere.760830/#post-5091461

attach the reports or maybe we can go a different route....

 

Here you go, I ran the application in safe mode. It was the only way I could get it to run. Here are the corresponding logs. Thanks again for the help.

 

Oh, wheels, you've got things that I am not familiar with.... don't see much malware but a problem with a dll file that I will have to investigate. it may take me some time and I'll try to find the best way to fix it. hang in there, busy tomorrow but will get on it asap and keep you informed..

 

That makes sense with the com surrogate error that we've been getting. I'm assuming it's not as simple as removing the problematic DLL and pasting a clean copy into the directory.

By the way, please take your time. I really appreciate all your help. Without your help. I would've run a few rescue disks and been forced to simply reformat the hard drive.

 

Hi wheels,

On my first run through of your log, I suspect that you may have picked up dllhost.exe *32 COM Surrogate Trojan.Poweliks.

First, we can check for it with ESET Poweliks cleaner.. I use to have to remove these by hand and it’s a PITA to guide a novice through the registry. LMAO

Download ESET Poweliks Cleaner from the below link:
ESET POWELINKS CLEANER DOWNLOAD LINK (This link will download ESET Poweliks Cleaner on your computer)

Once the ESET Poweliks Cleaner tool has been downloaded, look for the file called ESETPoweliksCleaner.exe on your desktop and double-click it.




You will now be shown the main screen for the ESET Poweliks Cleaner and it will begin to search for the infection. If the tool detects Poweliks, it will state that it found it and then ask if you wish to remove it.




If Poweliks is detected, then press the Y button on your keyboard. ESET Poweliks Cleaner will now remove the Poweliks trojan from your computer.


If that is what it is then after removal we can clean up the little stuff… Hang in there.

2oG

 

Good attempt but it did not find anything.

Thanks

 

Well, pshaw!!
It has all the earmarks... This may take a little time.

I just ran in for lunch and will be out this afternoon so, I'll look it over with a big magnifier and get back with you later today..

We'll figure something out.
later,
2old

 

Thanks, no rush I really appreciate all of the help.

 

Naw, it would take one stronger than that!

@wheels,
The first time I looked at the FRST log I didn’t get all the way to the bottom…
Today I went all the way……

Look what I found:

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:2.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:70.22 GB) NTFS

Drive h: (2nd drive) (Fixed) (Total:230.45 GB) (Free:69.06 GB) NTFS ==>[system with boot components (obtained from drive)]



Your drives are ‘Blivits’. That’s what I call a 5 lb bag with 10 lbs of shit in it.. lol

The drives need at least 15% free space (20% is better) in order to operate and defrag properly.

Your C drive has 1% free, D drive 3% free and H drive has 29% the only good one.

With only 1% free on your C drive I would imagine it hasn’t been defragged in a long time. Since C is your OS, I would guess, it doesn’t have room to work and you are getting all the errors.


Start by deleting anything you don’t need or can do without like old ppgs you don’t use, movies, videos, data files you no longer need etc., etc.. Long way to go! C drive needs at least 35GB Free in order to work correctly..


Let me know and I’ll attempt to help as much as I can.. Ask questions..

2oG

 

couldnt hurt.or even just run the windows disk clean utility.

 

Would need Ccleaner on steroids....