Help with COM Surrogates and Trojans

[elokk]

I am having issues with a lot of COM Surrogates running and my antivirus (Vipre), popping up and telling me that it is blocking Trojan viruses from opening. I have tried to remove them using this software as well as ccleaner and malwarebytes. Please let me know if there is anything else I should be doing. I ran Farbar and am attaching the FRST and Additional files here. Thanks for any help!

 

[argus]

Re-run FRST.exe as you did before ...

• Download fixlist.txt that you find attached at the bottom of this post and save it same place you
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.

> Attach here fixlog.txt logreport.




==========================




Scan with Combofix:

• Please download ComboFix by sUBs and save it to your Desktop.
  You may read how Combofix works here.
  
• Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
  If you are unsure how to do this please read this or this Instruction.
  
• Run ComboFix. Click on I Agree! & follow the prompts.
  Note: If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
  
• When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
  (typical log location: C:\ComboFix.txt )

 

[elokk]

Thanks for the help! Here is the fixlog.txt log report. I am currently working on running combofix.

 

[elokk]

Here is the log from combofix. Thanks again for all the help.

 

[argus]

How is the situation now?

 

[elokk]

We are still seeing COM surrogates running in the background. Not sure if there is something else to do about them. I saw three running at one time when I last looked at it.

 

[argus]

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe


When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.

Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.

 

[elokk]

Thanks for the help again! It detected the virus and removed. I restarted the computer and it seems that all the COM surrogates are gone and things are actually running quite smoothly. Is there anything else I should be doing?

Once again, thanks for the help!

 

[argus]

Super



Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.


Cheers.

 

[elokk]

Great! I am doing that right now! Thanks again for all the help, you've been superb, and I really appreciate you helping me see it through!