Can't delete wuaudit.exe

My avast keeps having a trojan notification appearing and I can’t get rid of the file.

C:\User\Name\AppData\Local\Temp\iswizard folder
wuaudit.exe Win32:BitCoinMiner-CA[Trj]

Then while getting the logs, Malwarebytes Anti-Malware keeps having another notification then appears at the same time as the avast notification

Same folder as the above
dwm.exe Trojan.BitcoinMiner

Help please

Forgot to attach the logs

Been trying to post with the attachments of the remaining logs but keep showing “page cannot be displayed”

I can’t attach the OTL.txt log cause its crazy huge (2.40MB)

Upload it to a file sharing site and post the link here.

http://www.fileconvoy.com/dfl.php?id=gfd4e0b55c0983bc599934581642b9ff389229fae2

OTL.txt download site. Will be there for the next 7 days.

Monitoring.

Hi Ascia, follow the instructions:

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
IE - HKU\S-1-5-21-1098666409-127794178-2535673665-1001\..\SearchScopes\{2DB083CC-C1A9-40A7-BBB9-178E5FBD4698}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
CHR - homepage: http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=a06c3664000000000000742f68f854d7
CHR - homepage: http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=a06c3664000000000000742f68f854d7
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1098666409-127794178-2535673665-1001..\Run: [tsiVideo] C:\Users\Isaac\AppData\Local\Temp\tsiVi232.dll ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autoinst.exe

:files
C:\Users\Isaac\AppData\Local\Temp\tsiVi232.dll

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

.

Please download Farbar Recovery Scan Tool and save it to your desktop.

[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.

Here are the logs

Re-run FRST
Type a2uzlhy2.sys into the Search: field in FRST then click the Search File(s) button.
FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
Exit FRST.

and attach here fresh Search.txt logrepor

The Search.txt log.

Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

[*] Unzip/unrar MBAR in a folder to your Desktop
[*]Open the folder where the contents were unzipped to run mbar.exe

[*]Click on Next > then on Update button to download fresh definitions.
[*]When database updates click Next
[*]In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”

[*]If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

[*]The Clean up procedure will be Scheduled for process.
[*]When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


Please download zoek.exe and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



process;
srinfo;
systemscpecs;
installedprogs;
dwm.exe;z
iswizard;z
filesrcm;
startupall;
C:\Windows\System32\services.exe;i
skipfix-iedefaults;
firefoxlook;
chromelook;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

Logs here.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


U3 a2uzlhy2; C:\Windows\System32\Drivers\a2uzlhy2.sys [0 ] (Intel Corporation)
C:\Windows\System32\Drivers\a2uzlhy2.sys

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Fixlog

How’s your computer behaving now?

It’s working fine now. The notifications have seemed to stop appearing. Thanks.

Re-run zoek with this script:

emptyclsid; 
Torntv;ff 
torntv@torntv.com.xpi;ff 
C:\Users\Isaac\AppData\Local\Temp\ccex.crx;f 
mhfdcmehmjcclgopdodkjdicohagipid;chr 
emptyalltemp;
autoclean; 

Do you still need the log?

Good is, any problems?