Solved Think I need a pros help with syswow64, zuyzk, dllhost *32 Com surrogate

[Volt-1]

This is well beyond my understanding of computers, any help I could get would be greatly appreciated. I first noticed a problem on November 8th. I noticed dos prompts appearing with syswow64 at the top. Additional dos prompts would appear by themselves whenever they were closed. Processes in the task manager showed dozens of things running and numerous dllhost *32Com surrogate appearing by themselves. I noticed the physical memory fluctuating between 25% and 98% and the CPU fluctuating between 1% and 98% with no applications running.

Currently the computer slows way down with most problems occurring during internet usage. IE often wont load a page, it changed my homepage, and 25-50% physical memory usage even though no applications are open. dllhost*32com surrogate, and zuyzk keeps appearing in processes tab in the task manager. Computer is still being attacked by malicious websites, Malwarebytes keeps blocking them including fffSee.com from IP 31.184.192.90, and my internet security settings keep changing on their own.

I tried, Norton 360, Malwarebytes, and Ad Aware. Each would find problems and either delete or quarantine them despite being run several times.

I also ran and uploaded the three scan logs. If anyone could take a look and help me out I would really appreciate it.
Thanks.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Volt-1]

Thank you very much for your help. I completed the instructions and attached the logs.

 

[Volt-1]

Since I ran the malwarebytes root kit on Tuesday and it located and delete two malwares, the problems have been much less severe. IE often acts funny with long delays and not accepting my input on online forms. When I play Call of Duty it will only occasionally minimize the game and send me to the desktop whereas before, it would constantly do it.
Because three days have passed, and my computer did an auto update on Wednesday, I went ahead and re-ran the tools and attached new logs. Any help I can get would be greatly appreciated.
Thanks

 

[Volt-1]

Bump, hoping to have this looked at. Thanks

 

[TwinHeadedEagle]

Sorry.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

[Volt-1]

Thank you for your help. I followed the instructions and here are the results:

 

[TwinHeadedEagle]

Press the

+ R on your keyboard at the same time. Type CMD and click OK.

Then type sfc /scannow and let it finish.

 

[Volt-1]

Thank you. I followed your instructions and it created a log. I tried to upload the log and the message board gave me an error stating the log was too big. I looked at the log and it has got to be at least 500 pages long.Would you like me to copy and paste into my next message?

 

[TwinHeadedEagle]

Can you attach CBS.log?

 

[Volt-1]

Can you attach CBS.log?

I attempted to upload the log, but the message board blocked it stating that the file was too big. The file is 4653KB. Do you want me to copy and paste the text into my next message? It is probably about 500 pages long.

 

[Volt-1]

I found that wikisend allows larger files. Here is the CBS.log file:
CBS.log
Thank you.

 

[TwinHeadedEagle]

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy explorer.exe into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[Volt-1]

FRST search
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy explorer.exe into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

I completed the instructions and attached the file. Thank you for your continued help.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Volt-1]

Thank you again for your continued help. I completed the instructions and a couple of strange things happened. When I ran the fix, The computer completed the fix instantly. It then said it was going to restart and I allowed it to restart. Now the computer does not fully boot. After my windows login screen, I get a black screen with a black dialoge box titled Explorer.exe and in the box it says "Class not registered". At that point the only thing it will allow me to do is cnt+ alt+ del and bring up the task manager. There are no applications running, and about half of the normal processes. I attempted to upload a photo of the processes but I can't get wikisend to work from my phone and the file is too large to attach here. Not sure if it matteres, but prior to running the tool, there was already a Fixlog.txt on the desktop.
I attempted to restart a second time and same thing happened. Black background with box that says class not registered and I can't do anything except the task manager.

 

[TwinHeadedEagle]

Yes, there is a problem with Explorer.exe file. We'll get your PC in working condition, do not worry. Can you start your PC in Safe Mode? If not, please follow these instructions:


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
• In the Choose Recovery Tool menu select Command Prompt.
• You will see a big black window with a blinking cursor (command prompt).
  
  
  
  
  
  Access the notepad and identify your USB drive
  
  In the Command Prompt please type in:
  

  notepad

  and press Enter.
• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.
  
  
  
  
  
  Scan with Farbar Recovery Scan Tool
  
  Once back in the command prompt window, please do the following:
• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.
  
  Transfer it to your clean machine and include it in your next reply.

 

[Volt-1]

Thank you again for your continued help. I completed the instructions and attached the file.

 

[TwinHeadedEagle]

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 the same way:

• Copy explorer.exe into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[Volt-1]

I completed the instructions and attached the file. Thank you.