Operating System
Windows 7
Infection date and initial symptoms
Infection date was 10/29. It began with the dllhost.exe *32 COM Surrogate virus.
Current issues and symptoms
Can't open search engine or email websites (Google, yahoo, Gmail, Hotmail).
Steps taken in order to remove the infection
I ran Kaspersky's TDSS killer, but this didn't stop the problem.

sra85

New Member
I removed the surrogate virus via your tutorial here: http://malwaretips.com/blogs/dllhost-exe-32-com-surrogate-removal/ . Now when I open IE 11, I can't go to google.com, yahoo.com, Hotmail.com, or gmail.com. Also, the Google toolbar will not search when I type in something and hit enter. I can't download anything from a website, when I attempt to, it crashes the browser. MSN.com (Bing) is the only search engine website I can visit and this may be due to the fact that msn is my homepage. I was going to download Firefox to see if IE was the problem, but it won't let me open any links leading to Firefox download (blank page shows up).
I think what has happened is there is some remaining traces of the surrogate virus left or one of the scans run during the surrogate virus removal must have deleted a file that shouldn't have been deleted. The RogueKIller and Emsisoft Emergency Kit were the only scans to find any items that were deleted (RK found the actual surrogate Powelink!gm virus. Any website to do with email access or a search engine will not load, a blank page shows up. I'm not really sure if this is a malware problem or not. The FRST log is attached.
 

Attachments

sra85

New Member
Something I just noticed: before I removed the surrogate virus, there would be multiple dllhostexe.files running in the task manager. I thought all those had stopped. When I finished running all those scans to remove surrogate, I deleted all files in the %temp% folder. I just opened the temp folder and there is a folder there similar to what the surrogate virus was caching in the folder. Folder name is "1450". I opened the task manager, then click on the 1450 folder. As soon as I do this, the .dllhost runs again for a split second in the processes list on task manager. It quickly disappears though. There must still be some trace of that virus on the computer. Forgot to attach the addition log to the OP
 

Attachments