wuaudit.exe/iswizard removal

Viruses and worms
1

Avast keeps blocking c:users/name/appdata/local/temp/iswizard/wuaudit.exe, also my graphic card driver stops every 1-2 minutes and restores itself.

Please help me remove this virus!

2

Hi,

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

---- Next ----

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
O4 - HKU\S-1-5-21-4183714209-3405757367-3475637347-1000..\Run: [tsiVideo] C:\Users\Tim\AppData\Local\Temp\tsiVi132.dll ()
O4 - HKU\S-1-5-21-4183714209-3405757367-3475637347-1006..\Run: [ooVoo] C\ooVoo.exe /minimized File not found

:FILES
C:\Users\Tim\AppData\Local\Temp\iswizard

:COMMANDS
[CREATERESTOREPOINT]
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

---- Next ----

Re-Check:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

3

here are the 3 new logs

4

sorry forgot the adwcleaner

5

It looks like the virus is completely gone now, my virus scanners do not find it anyware and my graphicscard seems okay too.
Thank you very much!

(Or maybe it’s still there and I just can’t find it?)

6

It is gone but we still need to remove some leftovers.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


START
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [97280 2009-07-14] ()
C:\PROGRA~2\SearchProtect
SearchScopes: HKCU - URL http://isearch.babylon.com/?q={searchTerms}&affID=121124&babsrc=SP_ss_Btisdt5&mntrId=8A176470021B1D01
SearchScopes: HKCU - {1FA7861D-72AC-4706-87E1-80D3FCD60AC7} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKCU - {61561203-4296-4C0D-921C-DB4DC697C122} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkimjglpminbnhcedkcegkenknhn
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll No File
CHR Plugin: (registryAccess) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkimjglpminbnhcedkcegkenknhn\7.17.2.0_0\background/registryAccess.dll No File
CHR Plugin: (SweetIM GC Helper) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll No File
CHR Plugin: (SweetIM GC Helper) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Tim\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
C:\ProgramData\AskPartnerNetwork\Toolbar
C:\Users\Tim\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
END

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

7

here it is