Well I would suggest using virustotal as there are more scanners (39) and it uses the windows versions of AVs. VirusTotal - Multi engine on-line virus scanner and report the findings here.
I also get zero hits for this file name (wrapped in quotes) on a google search and for me that is suspicious in its own right for a file in the windows folder.
The fact that MalwareBytes AntiMalware (MBAM) also keeps finding it supports the avast detection, what does MBAM call the malware ?
Normally for a file that keeps coming back it indicates there are other undetected/hidden elements and normally I would suggest downloading, updating and running MBAM (from safe mode) to try and find the undetected or hidden element that is recreating it.
I would also suggest SUPERantispyware On-Demand only in free version (also run from safe mode).
Avast eventually found this : “Win32:Daonol-D [Rtk]” has been found in “C:\System Volume Information_restore{6F9F0E57-BCA3-42B9-B219-473057A47A4F}\RP716\A0074931.sys” file.
Moved to Chest and so far “qtuolt.wos” seems to be gone.
First as it is a C:\System Volume Information restore point, it was previously deleted or moved from a system folder (probably the drivers folder) by system restore.
The strange thing is it shouldn’t be active in the C:\System Volume Information folder a windows protected area, so it is a bit strange that you report the original detected file isn’t coming back.
I would still recommend running the two applications from safe mode and report their findings, don’t worry about tracking cookies in SAS (allow it to delete them though).