Help deleting wuaudit.exe urgent

Hello there, I need you assistance on deleting wuaudit.exe please can anyone help

Hi,

If you need help before we proceed I need to see system state.

Please download Farbar Recovery Scan Tool and DDS and save bouth tool to your desktop.

[color=green]FRST note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  1. Run DDS Scan:
    Double click on dds icon run the tool.

    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

  1. Run FRST Scan:

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

all the attachments

Hi,

Please attach here AdwCleaner S1 log for review.
C:\AdwCleaner[S1].txt

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


START
HKCU\...\Run: [tsiVideo] - rundll32.exe C:\DOCUME~1\Freeze\LOCALS~1\Temp\\tsiVi132.dll,start [x] <===== ATTENTION
CMD: attrib /d /s -s -h F:\*
CMD: attrib /d /s -s -h H:\*
CMD: rd /s /q F:\$RECYCLE.BIN
CMD: rd /s /q F:\RECYCLER
CMD: rd /s /q H:\$RECYCLE.BIN
CMD: rd /s /q H:\RECYCLER
MountPoints2: H - H:\AutoRun.exe
MountPoints2: {141d4db8-098e-11df-913d-001fd0532981} - F:\AutoRun.exe
MountPoints2: {141d4dbc-098e-11df-913d-001fd0532981} - F:\AutoRun.exe
MountPoints2: {141d4dbe-098e-11df-913d-001fd0532981} - F:\AutoRun.exe
MountPoints2: {18080350-13de-11df-915b-001fd0532981} - F:\AutoRun.exe
MountPoints2: {36ecce98-16f8-11df-916c-001fd0532981} - F:\AutoRun.exe
MountPoints2: {7ff0689c-098c-11df-913c-001fd0532981} - F:\AutoRun.exe
MountPoints2: {7ff068a0-098c-11df-913c-001fd0532981} - F:\AutoRun.exe
MountPoints2: {8585ec0c-098a-11df-913b-001fd0532981} - F:\AutoRun.exe
MountPoints2: {870b364d-d341-11de-9083-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {870b3650-d341-11de-9083-001fd0532981} - F:\AutoRun.exe
MountPoints2: {870b3652-d341-11de-9083-001fd0532981} - F:\AutoRun.exe
MountPoints2: {870b3653-d341-11de-9083-001fd0532981} - F:\AutoRun.exe
MountPoints2: {895bac3a-13db-11df-915a-001fd0532981} - F:\AutoRun.exe
MountPoints2: {8dfa273e-34a0-11e1-a718-001fd0532981} - G:\AutoRun.exe
MountPoints2: {baf50938-8d88-11df-a2b5-001fd0532981} - F:\AutoRun.exe
MountPoints2: {d8c12b2c-0980-11df-913a-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {d8c12b31-0980-11df-913a-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {d8c12b33-0980-11df-913a-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {d8c12b37-0980-11df-913a-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {d92148cc-fb87-11de-910e-001cf018c37d} - F:\AutoRun.exe
MountPoints2: {f10f2a9e-acd5-11df-a322-001fd0532981} - I:\Windows\CHECK\DriveNavigator.exe
MountPoints2: {f6917c98-fba3-11df-a417-001fd0532981} - F:\AutoRun.exe
MountPoints2: {f6917c99-fba3-11df-a417-001fd0532981} - F:\AutoRun.exe
H:\AutoRun.exe
F:\AutoRun.exe
BHO: No Name - {1FD79A59-37B1-459B-9097-09F9FAB8A523} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
CHR Extension: () - C:\DOCUME~1\Freeze\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0
C:\DOCUME~1\Freeze\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm
Folder: C:\Autoruns
File: c:\windows\system32\V0530Pin.dll
c:\program files\babylon
CMD: ipconfig /flushdns
END

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

========= NEXT ==========

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.

========= NEXT ==========

  1. Re-run FRST click on Scan button and attach here fresh FRST.txt logreport.

Type iswizard.7z into the Search: field in FRST then click the Search File(s) button.
FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
Exit FRST.

All flies has been attached

One more attachment

Hi,

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.

========== next ==========

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


START
C:\Documents and Settings\Freeze\Local Settings\Temp\iswizard
END

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

======= final =======

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

hey there,
here is all the files

Hi,

FRST’s script and MCShield did a good job. We still need to remove some inactive malicious rootkit partitions … TDL4 leftovers.

Re-run TDSSKiller as before (with change parametres ) and use Delete option for this entry:
\Device\Harddisk0\DR0 ( TDSS File System )

How’s your computer runnign now?

it is running better, avast has not detected the wuaudit.exe anymore.
thanks so much for the help.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

I recommended to you to keep MCShield.
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD