need help (iswizard/wuaudit.exe)

hello, can someone help me with this problem… here i attach the logs

I’m on it …

oh, thank you :slight_smile:

@meister
Hello and welcome to avast. :wink:

You have been run AdwCleaner 4 time. You have been run even OTL twice.

AdwCleaner[S0].txt - [5313 octets] - [16/09/2013 21:24:39]
AdwCleaner[S1].txt - [1161 octets] - [16/09/2013 21:35:52]
AdwCleaner[S2].txt - [1247 octets] - [17/09/2013 12:34:44]
AdwCleaner[S3].txt - [1189 octets] - [17/09/2013 19:21:09]

I see nothing in latest AdwCleaner log. You need to attach AdwCleaner[S0].txt log.

========================================================

This fix should fix your problem.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
O2:[b]64bit:[/b] - BHO: (no name) - {DEDAF650-12B8-48f5-A843-BBA100716106} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1609435747-1270121337-1236690094-1001..\Run: [tsiVideo] C:\Users\Meister\AppData\Local\Temp\tsiVi132.dll ()

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

----- next -----

Let’s check USB storage devices / removable drives for any malware.

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that MCShield has created.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

When you finish scan with OTL and MCShield i would like to re-check something.

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:


iswizard;a
iswizard;z
wuaudit.exe;a
wuaudit.exe;z

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

thanks, here the logs

here the zoek log

Ok, there are some leftovers. We will remove that to. Re-run zoek as you did before with this script and post me fresh created log.

emptyclsid;
C:\Users\Meister\AppData\Local\Temp\iswizard;f
[HKEY_USERS\S-1-5-21-1609435747-1270121337-1236690094-1001\Software\WinRAR\ArcHistory];r
"1"="";r
autoclean;

Tell me how’s your computer running now?

magna86, i think it is okay now. there is no more avast pop up. here is the zoek log. is my computer free from that virus??

Is my computer free from that virus??

What do you think. 8) ;D

Yes you are. :wink: We kill&remove malware loading point and after that we delete malware leftovers (junk files if you will).

We need to preform some post cleaning stuff.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.


----- next -----

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

----- suggestions -----

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

[ edit: corrected typo ]

magna86, thank you. you are relly helpful remove this virus… ;D

You’re Welcome