We need to use tool with more power.

Step#1

[*] Please download BlitzBlank by emsisoft and save it to your desktop.

[*] Open Blitzblank.exe by double click on it.

[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).

[*] Click the Script tab and copy/paste the following text there:

DeleteFile:
f:\usuarios\Javier V\AppData\Local\Temp\iswizard\dwm.exe
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard\dwm.exe
DeleteFolder:
f:\usuarios\Javier V\AppData\Local\Temp\iswizard
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard

[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\

Step#2

Open notepad and copy/paste the text present inside the code box below:

Folder::
f:\usuarios\Javier V\AppData\Local\Temp\iswizard
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard
c:\program files (x86)\Bit Coin Miner Removal Tool
f:\usuarios\Javier V\AppData\Roaming\PlusWinks

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Step#3

1. Delete old zoek.exe and download new, fresh one.
2. Re-run zoek.exe as you did before but use this script:

f:\usuarios\Javier V\AppData\Local\Temp\iswizard;f
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard;f
C:\Program Files (x86)\Bit Coin Miner Removal Tool;f
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft;v
C:\ProgramData\Anvisoft;v
C:\ProgramData\RegRun;v
dwm.exe;z
dwm.exe;a
iswizard;z
iswizard;a
Torntv;ff
F:\Usuarios\Javier V\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\torntv@torntv.com.xpi;f
bfcpnihmbfoaeoakalclfalkdepgiaje;chr
F:\Usuarios\Javier V\AppData\Roaming\SpecialSavings;fs
doicodjkmhpcdodnbhbcpocidcdlolgk;chr
iibmmjhgclhlahmjniokmhleigemjpbh;chr
F:\Usuarios\Javier V\AppData\Local\CRE\iibmmjhgclhlahmjniokmhleigemjpbh.crx;f
mocblcnaofikinigmceddfghppkkjbog;chr
F:\Usuarios\Javier V\AppData\Roaming\PlusWinks;fs
nbmafkdmkkckhggblphicnnhlgljnoje;chr
apdfllckaahabafndbhieahigkjlhalf;chr
F:\Usuarios\JAVIER~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx;f
iibmmjhgclhlahmjniokmhleigemjpbh;chr
F:\Usuarios\Javier V\AppData\Local\CRE\iibmmjhgclhlahmjniokmhleigemjpbh.crx;f
niapdbllcanepiiimjjndipklodoedlc;chr
FFdefaults;
chrdefaults;
emptyclsid;
emptyrecycle.bin;
emptyalltemp;
autoclean;

Click on RunScript button and attach here fresh zoek.exe log.

some stuff:
before running this solution:
i needed to reinstall cutepdf writer, now running well.
internet explorer: when you call a site: blank screen. it doesn´t work.
chrome: running well.

could be some of the scripts you fixed in the last phases?
thanks.

MAGNA:
At the first step, Blitz Blank returns: Syntax error in line 5, Invalid folder path.
f:\usuarios\Javier V\AppData\Local\Temp\iswizard

F:\Usuarios\Javier V\AppData\Local\Temp\iswizard (pasted from the explorer) it´s the same!!! Not case sensitive, because, in line 2 and 3, the path for the deleting files seems ok.

Hi,
BB tool and his script is very sensitive. In case of BB script error, BB wants to say that the file or folder doesn’t exist.

Try to run this BB script:

DeleteFile:
f:\usuarios\Javier V\AppData\Local\Temp\iswizard\dwm.exe
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard\dwm.exe
DeleteFolder:
f:\usuarios\Javier V\AppData\Local\Temp\iswizard

or just this one:

DeleteFile:
f:\usuarios\Javier V\AppData\Local\Temp\iswizard\dwm.exe
f:\usuarios\JAVIER~1\AppData\Local\Temp\iswizard\dwm.exe

If you fail again, run Combofix via created CFScript.

Combofix report:
Impossible with BB

Ok, run zoek script too.

Second Step, combofix report

zoek report

Magna:
it looks like nothing works
I backed up all my files
do you want to take more risk? it´s the moment, preserving off course my hardware!!!
i´m ready for a full formating of c and f this week end

Hi,
This is new & fresh malware, if you have will, stay little bit on. I just need to find sources …

1. Read guide for running RogueKiller from >> here << and attach here all RK reports.

2. Delete all zoek logs ( delete all C:\zoek-results.log ). I don’t want to mix with fresh logs.

3. Then run this zoek script:

{41525333-0076-A76A-76A7-7A786E7484D7};c
c:\program files (x86)\AskPartnerNetwork\Toolbar;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar];r
"{41525333-0076-A76A-76A7-7A786E7484D7}"=-;r
wuaudit.exe;z
wuaudit.exe;a
dwm.exe;z
dwm.exe;a
iswizard;z
startupall;
filesrcm;
firefoxlook;
chromelook;

Rogue Killer Reports
Zoek log.
I found that the zoek results goes to f:
It is possible that were mixed this report with the old ones inside the file…
tell me if I must rerun zoek. Now i´m deleting the zoek-result in F
sorry.

Leave for now zoek logs, we will delete them later if need be.

Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

[*] Unzip/unrar MBAR in a folder to your Desktop
[*] Open the folder where the contents were unzipped to run mbar.exe

[*] Click on Next > then on Update button to download fresh definitions.
[*] When database updates click Next
[*] In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”

[*] If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

[*] The Clean up procedure will be Scheduled for process.
[*] When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

2.Now you need to delete old ComboFix (drag&drop Combofix icon into recycle bin) and download fresh copy from here:
http://www.bleepingcomputer.com/download/combofix/
Run Combofix as you did before and attach here fresh Combofix.txt log

Tell me now, how is your computer running now?

First MBAR scan.
sustem log and mbar log.

Second mbar scan:
scan finished: no malware found!

ComboFix Report

Finally powerfull MBAR got him … ;D Let’s have check that just to be sure.

Delete now all old zoek logs ( delete all C:\zoek-results.log ) and Re-run zoek.exe using this script:

dwm.exe;z
wuaudit.exe;z
iswizard;z

Attach here fresh zoek log.

Tell me how is your computer running now?

all running well
no avast banners at this moment
there was a system crash when I opened a large cad file. This is not the first time during all this process after each cleaning.
I´m going with your next instruction.

zoek results:
Come on, Magna, it seems you have it!!!

I tested the pc and no more virus messages!!! Good job, Magna!!!
I think you must run some final scripts. Don´t you?
I needed to repair-reinstall Revit (cad soft), due to some instabilities. Now seems to work fine.
Internet Explorer now working fine after a configuration restore.
BUT:
Skype, Skydrive, and google drive, don´t start at the windows startup.
In all these cases I check “start with windows startup”, I close the dialog box, I open again the dialog box, and it´s uncheked again.
I tried updating skype, and gets this error:

(I hope you understand my english)

there was a system crash when I opened a large cad file.

Skype, Skydrive, and google drive, don´t start at the windows startup.

…
Re-run zoek.exe as you did before with this scrpt:

C:\Windows\Prefetch\DWM.EXE-7C5D1E43.pf;f
autoclean;

Then,

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.

Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

Try to repair windows with this tool;

Please download Windows Repair (all in one) from here:
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

[*] Install the program then run.

[*] Go to Step 2 and allow it to run Disk check
[*] Once that is done then go to Step 3 and allow it to run SFC
[*] Go to Step4 and create registry backup and system restore point.

[*] On the Start Repairs tab => Click the Start

• Click on the Select all button and then click on Start
• Don’t use the computer while each scan is in progress!!!

[*] Restart may be needed to finish the repair procedure.

How’s your computer running now? 8)