Jump to content

infected with Iswizrd...please help

hana_fawzy

By hana_fawzy
in Resolved Malware Removal Logs

 Share

Recommended Posts

hana_fawzy

hana_fawzy

Posted
Posted

I already did what was sugested here

https://forums.malwarebytes.org/index.php?showtopic=9573

 

the DDs file contains

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Hanan at 3:56:09 on 2013-12-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.3969.1696 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\Supercopier\supercopier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wps.exe
C:\PROGRA~2\THEKMP~1\KMPlayer.exe
C:\Users\Hanan\AppData\Local\Temp\iswizard\dwm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [ultracopier] "C:\Program Files\Supercopier\supercopier.exe"
uRun: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\Hanan\AppData\Local\Temp\\tsiVi132.dll,startme
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{488BD556-751E-4C78-B8D0-C3BF219B3B88} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{488BD556-751E-4C78-B8D0-C3BF219B3B88}\5447963716C61647D215432547 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{488BD556-751E-4C78-B8D0-C3BF219B3B88}\5447963716C61647D295273663 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{488BD556-751E-4C78-B8D0-C3BF219B3B88}\E4F65727 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hanan\AppData\Roaming\Mozilla\Firefox\Profiles\pt80zu31.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-12-18 12:28; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-15 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-15 27456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-15 16152]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-16 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-16 28600]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2013-8-20 26024]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-8-15 98208]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2013-8-16 1012280]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-8-16 896056]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-16 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-16 440376]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-16 1011768]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-11-8 166352]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-10-16 219776]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-16 108440]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-8-6 172920]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-10-16 36480]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-16 114608]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-10-16 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-10-16 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-10-16 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-10-16 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-10-16 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-10-16 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-10-16 551040]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-15 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-15 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-15 788760]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-8-15 315536]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-8-15 43832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-12-19 01:31:01    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-18 10:56:31    --------    d-----w-    C:\Users\Hanan\AppData\Roaming\TeamViewer
2013-12-18 10:52:32    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-12-18 10:26:57    --------    d-----r-    C:\Program Files (x86)\Skype
2013-12-18 01:18:02    --------    d-----w-    C:\Users\Hanan\AppData\Roaming\Malwarebytes
2013-12-18 01:17:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-18 01:17:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 00:37:07    --------    d-----w-    C:\Users\Hanan\AppData\Local\ElevatedDiagnostics
2013-12-04 19:54:22    --------    d-----w-    C:\Users\Hanan\AppData\Roaming\LibreOffice
2013-12-04 19:49:30    --------    d-----w-    C:\Program Files (x86)\LibreOffice 4
.
==================== Find3M  ====================
.
2013-12-12 10:31:41    84720    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-12-12 10:31:41    108440    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-11-26 09:48:50    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-10-24 15:05:06    773968    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-10-24 15:05:06    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
.
============= FINISH:  3:57:18.22 ===============
 

 

 

 

dds.txt

 

the  attach file contains

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15/08/2013 05:32:08 م
System Uptime: 19/12/2013 02:18:05 ص (1 hours ago)
.
Motherboard: Dell Inc. |  | 0G26GT
Processor: Intel® Core i3-2375M CPU @ 1.50GHz | U3E1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 60.592 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 98 GiB total, 96.735 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 87.643 GiB free.
I: is FIXED (NTFS) - 169 GiB total, 124.753 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&20FB744E&0&00EB2D8CA24A_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&20FB744E&0&00EB2D8CA24A_C00000000
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_05971028&REV_05\4&6521971&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_05971028&REV_05\4&6521971&0&00E0
Service:
.
==== System Restore Points ===================
.
RP38: 13/12/2013 03:19:31 ص - Scheduled Checkpoint
RP39: 18/12/2013 04:54:27 ص - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Atheros Bluetooth Suite (64)
Avira Internet Security
Avira SearchFree Toolbar
Cisco LEAP Module
Cisco PEAP Module
DDR - Memory Card Recovery(Demo)
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
FormatFactory 3.2.0.1
Foxit Reader
fTalk
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® USB 3.0 eXtensible Host Controller Driver
Internet Download Manager
Kingsoft Office 2013 (9.1.0.4246)
KMP Media Toolbar
LibreOffice 4.1 Help Pack (English (United States))
LibreOffice 4.1.3.2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Quickset64
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remo Recover 4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Click to Call
Skype™ 6.11
Sony Ericsson Update Engine
Sony PC Companion 2.10.181
Supercopier 4.0.1.4
TeamViewer 9
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
WinRAR 5.00 beta 8 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
19/12/2013 02:18:28 ص, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
18/12/2013 10:56:27 ص, Error: Service Control Manager [7024]  - The Avira Mail Protection service terminated with service-specific error Incorrect function..
18/12/2013 10:56:26 ص, Error: Service Control Manager [7024]  - The Avira Web Protection service terminated with service-specific error Incorrect function..
18/12/2013 10:56:12 ص, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
18/12/2013 09:19:34 م, Error: Service Control Manager [7031]  - The Avira Web Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
18/12/2013 08:42:58 م, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
18/12/2013 08:42:51 م, Error: EventLog [6008]  - The previous system shutdown at 8:41:26 PM on ‎12/‎18/‎2013 was unexpected.
18/12/2013 06:14:57 م, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Ask Update Service service to connect.
18/12/2013 06:14:26 م, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
18/12/2013 05:08:57 ص, Error: Service Control Manager [7024]  - The Avira Web Protection service terminated with service-specific error Incorrect function..
18/12/2013 05:08:57 ص, Error: Service Control Manager [7024]  - The Avira Mail Protection service terminated with service-specific error Incorrect function..
18/12/2013 05:08:47 ص, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:02 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
18/12/2013 05:00:02 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
18/12/2013 05:00:01 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 05:00:01 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/12/2013 05:00:01 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/12/2013 04:59:58 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:57 ص, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:57 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
18/12/2013 04:59:57 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
18/12/2013 04:59:56 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/12/2013 04:59:49 ص, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
18/12/2013 04:59:40 ص, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avfwot avipbb avkmgr CSC DfsC discache ElRawDisk NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:39 ص, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/12/2013 04:59:38 ص, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
18/12/2013 04:59:38 ص, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
18/12/2013 04:59:38 ص, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
18/12/2013 04:59:38 ص, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
18/12/2013 04:59:24 ص, Error: sptd [4]  - Driver detected an internal error in its data structures for .
18/12/2013 04:57:45 ص, Error: Service Control Manager [7024]  - The Avira Mail Protection service terminated with service-specific error Incorrect function..
18/12/2013 04:57:43 ص, Error: Service Control Manager [7024]  - The Avira Web Protection service terminated with service-specific error Incorrect function..
18/12/2013 04:57:35 ص, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
17/12/2013 10:27:49 م, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
17/12/2013 10:27:46 م, Error: EventLog [6008]  - The previous system shutdown at 10:01:46 PM on ‎12/‎17/‎2013 was unexpected.
17/12/2013 06:02:04 م, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.
13/12/2013 09:39:17 م, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
13/12/2013 09:39:10 م, Error: EventLog [6008]  - The previous system shutdown at 9:35:02 PM on ‎12/‎13/‎2013 was unexpected.
13/12/2013 09:35:39 م, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.
12/12/2013 12:29:34 م, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

 

attach.txt
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello hana_fawzy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
What is is this lswizrd and why do you think you are infected with it? Detection from your antivirus?
Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.