Please help to remove Trojan.bitcoinminer - dwm.exe / wuaudit.exe file

Hi,

Please help me to remove the files. I have done the procedures and attached are the files:

Thanks!

do you still have the problem after running AdwCleaner and Malwarebytes ?

removal specialists are notified, it may take some time before they arrive…

Yes, I still get the same messages : Threat:Win32:BitCoinMiner-CA [Trj]

Thanks

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
IE - HKU\S-1-5-21-2420105064-827467762-2329407441-1000\..\SearchScopes\{D127BDD2-1B1B-41A4-844E-42653E9050E2}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112060&tt=120912_pcp_3912_5&babsrc=SP_ss&mntrId=42fe1d17000000000000f0bf97e2bc3e
[2012/10/04 14:00:25 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\racs\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
CHR - Extension: Skype Click to Call = C:\Users\racs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
O4 - HKU\S-1-5-21-2420105064-827467762-2329407441-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2420105064-827467762-2329407441-1000..\Run: [tsiVideo] C:\Users\racs\AppData\Local\Temp\tsiVi232.dll ()
O33 - MountPoints2\{23aac817-d399-11e2-b3cf-88532e864ccc}\Shell - "" = AutoRun
O33 - MountPoints2\{23aac817-d399-11e2-b3cf-88532e864ccc}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe
O33 - MountPoints2\{54235618-1a9f-11e2-ad7a-f0bf97e2bc3e}\Shell - "" = AutoRun
O33 - MountPoints2\{54235618-1a9f-11e2-ad7a-f0bf97e2bc3e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d6773ff4-af96-11e1-bfac-f0bf97e2bc3e}\Shell - "" = AutoRun
O33 - MountPoints2\{d6773ff4-af96-11e1-bfac-f0bf97e2bc3e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d677400c-af96-11e1-bfac-f0bf97e2bc3e}\Shell - "" = AutoRun
O33 - MountPoints2\{d677400c-af96-11e1-bfac-f0bf97e2bc3e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e1b1f5ec-e673-11e2-9bdd-e41b3dc7eddb}\Shell - "" = AutoRun
O33 - MountPoints2\{e1b1f5ec-e673-11e2-9bdd-e41b3dc7eddb}\Shell\AutoRun\command - "" = D:\.\StartModem.exe
O33 - MountPoints2\{f55a32b4-5ce6-11e1-b06c-88532e864ccc}\Shell - "" = AutoRun
O33 - MountPoints2\{f55a32b4-5ce6-11e1-b06c-88532e864ccc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

:files
C:\Users\racs\AppData\Local\Temp\tsiVi232.dll

:Commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

Hi, please see attached log file.

Thanks

Current Situation?

Rescanned my laptop, no threats found.

Thanks for the fast response!

Ok,

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.