Hi guys i was searching online for ways to remove this nasty virus from my system. Ive tried with malware removal tools, going into the registry and manually trying to delete it, but in the end nothing happened. It kept coming back. As i was searching i came across this site. Ive already downloaded the tool and did a scan. Any advice is helpful. Thank you
bsdriver.sys [Solved]
#1
Posted 19 August 2015 - 01:55 PM
#2
Posted 20 August 2015 - 07:57 AM
Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
- It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
- Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
- Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
- Step 1
Copy and paste the following into Notepad and save as fixlist.txt to your desktop:CloseProcesses: EmptyTemp: CreateRestorePoint: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00036295&OHP=http%3A%2F%2Fwww%2Dsearching.com%2F%3Fpid%3Ds%26s%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26vp%3Dch%26prd%3Dset&OSP=http%3A%2F%2Fwww%2Dsearching.com%2Fsearch.aspx%3Fs%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26site%3Dshyosie%26prd%3Dset%26q%3D%7BsearchTerms%7D SearchScopes: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF DefaultSearchEngine.US: Search Module FF NetworkProxy: "type", 0 FF SearchPlugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\olwpkw64.default\searchplugins\smod.xml [2015-08-15] CHR HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-15] () C:\WINDOWS\system32\drivers\bsdriver.sys S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] 2015-08-18 21:08 - 2010-03-08 06:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe 2015-08-18 21:04 - 2015-08-18 21:05 - 02666167 _____ (Kephyr) C:\Users\Samuel\Downloads\freefixersetup.exe 2015-08-18 20:40 - 2015-08-18 20:48 - 00000000 ____D C:\Users\Samuel\Downloads\WindowexeAllkiller 2015-08-18 20:40 - 2015-08-18 20:40 - 00162397 _____ C:\Users\Samuel\Downloads\WindowexeAllkiller.zip 2015-08-18 07:39 - 2015-08-18 07:39 - 00000000 _____ C:\autoexec.bat 2015-08-15 17:00 - 2015-08-15 17:05 - 00001769 _____ C:\ProgramData\tempimage.bmp 2015-08-15 10:50 - 2015-08-15 10:50 - 00004752 _____ C:\WINDOWS\SysWOW64\Uiviuuj.ini 2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\SysWOW64\UiviuujOff.ini 2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\system32\UiviuujOff.ini 2015-08-15 10:50 - 2015-08-15 10:50 - 00000000 ____D C:\WINDOWS\system32\mec 2015-08-15 10:50 - 2015-08-12 04:45 - 00353608 _____ C:\WINDOWS\system32\Uiviuuj64.dll 2015-08-15 10:50 - 2015-08-12 04:45 - 00283464 _____ C:\WINDOWS\SysWOW64\Uiviuuj.dll 2015-08-15 10:48 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys 2015-08-14 22:46 - 2015-08-14 22:46 - 00003226 _____ C:\WINDOWS\System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} 2015-08-14 22:45 - 2015-08-14 22:45 - 00003270 _____ C:\WINDOWS\System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} 2015-08-14 22:43 - 2015-08-19 15:39 - 00000346 _____ C:\WINDOWS\Tasks\JKRXFGIV1.job 2015-08-14 22:43 - 2015-08-18 08:24 - 00000000 ____D C:\ProgramData\Service1198 2015-08-14 22:43 - 2015-08-14 22:45 - 00000000 ____D C:\Users\Samuel\AppData\Local\BrowserAir 2015-08-14 22:43 - 2015-08-14 22:43 - 00002914 _____ C:\WINDOWS\System32\Tasks\JKRXFGIV1 2015-08-14 22:43 - 2015-08-14 22:43 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2015-08-01 12:14 - 2015-08-19 15:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-07-24 14:04 - 2015-07-24 14:05 - 21511608 _____ (KeepSolid Inc. ) C:\Users\Samuel\Downloads\vpn-unlimited_2.11.0.exe Task: {02F07688-F9D4-4F9D-8424-0E7355A062D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {093286AE-F782-4AAA-B46C-33D40CC3C667} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {0BD640B4-00E6-4550-9B42-2D9A9EF8B82A} - System32\Tasks\JKRXFGIV1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION Task: {0C9CE355-1324-4966-885C-058450D15F7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1FE592E4-3C8F-4933-A356-A178CED12BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4972D29D-8341-4B9F-84FB-2276F221F552} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {9DBF1E06-0EC0-4160-AB0D-BDE846B915DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B6C674AE-D493-4058-B264-076E8735452A} - System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} => pcalua.exe -a C:\ProgramData\EpsanDrive\SoftConfigTest.exe Task: {C2059E7C-71DF-4ECF-8E3F-E4BE0DB3FC73} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {CAA046D5-922C-4A74-AC4C-432A3616D89C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {DA7E794B-53EE-47F8-8517-4F065BE71383} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION) Task: {EB7140B0-4A5D-433F-9CB6-44C9CE4A6BF1} - System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} => pcalua.exe -a C:\Users\Samuel\AppData\Local\BrowserAir\Application\Uninstall.exe Task: {ED7C4068-89F3-4660-827E-450E13EEA862} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F8F03F0C-D56F-428E-8F0E-A2D5DA1BE562} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\JKRXFGIV1.job => 0x000A0100C9A6B4E72AC44C4F8DE1DCBC095E2AF44600F800000000003C000A0020000000FEFFFFFF0B0107800013040000008021DF070800030013000F0027001C00C6010000290043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E00440072006900760065005C0045007000730061006E00440072006900760065002E00650078006500000000001A0043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E004400720069007600650000000B00530041004D005C00530061006D00750065006C0000000000000008000000000000000000020030000000DF0708000E00000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF0708000E0000000000000016002C0000000000000000000000000000000000010000000000000000000000 C:\ProgramData\ZigsNad C:\Program Files (x86)\Max Driver Updater File: C:\Windows\System32\drivers\udecx.sys RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: bitsadmin /reset /allusers
- Run your copy of FRST. It is important to ensure it is located in your desktop.
- Press the Fix button.
- It will produce a log (fixlog.txt) once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Step 2
Download 'AdwCleaner by Xplode' and save it to your desktop.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Read the Terms of Use and click I Agree.
- Click Scan and choose Clean after.
- Wait for it to finish. It won't take long.
- Click OK for the next prompts. Your system will automatically reboot.
- A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- fixlog.txt (Farbar Recovery Scan Tool)
- AdwCleaner[S*].txt (AdwCleaner)
#3
Posted 21 August 2015 - 05:36 AM
Hi, for the system restore steps one through seven, i am on windows 10. Also do you want me to turn system protection on or off?
#4
Posted 21 August 2015 - 08:57 AM
#5
Posted 21 August 2015 - 06:00 PM
#6
Posted 21 August 2015 - 06:01 PM
this is the second file
Attached Files
Edited by sabusamra88, 21 August 2015 - 06:02 PM.
#7
Posted 22 August 2015 - 03:24 AM
- Step 1
Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.- Double-click mbam-setup-*.exe and proceed to installing the program.
- Accept the License Agreement.
- At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
- Click Finish after.
- Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
- Tick the Scan For Rootkits box.
- Go back to the Dashboard and select Update Now. Click Scan Now after.
- Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
- Once the scan is complete, click Apply Actions.
- If you are prompted to reboot, allow it by pressing Yes.
- Navigate to the program's History tab to retrieve the log.
- Click Application Logs and double-click on the most recent Scan Log.
- Export the log to your desktop as a .TXT file.
- You can also choose to directly copy the log by selecting Copy to Clipboard.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Double-click mbam-setup-*.exe and proceed to installing the program.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- AdwCleaner[S*].txt (AdwCleaner)
- mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)
#8
Posted 22 August 2015 - 06:13 AM
I do have a usb, here are the logs. One protection log, named mal 1 and the other 2 scans i did, mal 2 and mal 3
Attached Files
#9
Posted 22 August 2015 - 07:34 AM
- Step 1
Run your copy of FRST by double-clicking it.- Put a check on Addition.
- Press the Scan button after.
- It will produce FRST.txt and Addition.txt on your desktop once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- Addition.txt (Farbar Recovery Scan Tool)
- FRST.txt (Farbar Recovery Scan Tool)
#10
Posted 22 August 2015 - 02:18 PM
Here you go
Attached Files
#11
Posted 23 August 2015 - 03:06 AM
- Step 1
You do not seem to have an anti-virus installed in your system. Choosing a good program is crucial as without it you will be easily infected. Please choose only one from the list below and install it. Note that the names lead to the respective sites.- avast! Free Antivirus
- Spoiler
- Avira Free Antivirus
- Spoiler
- avast! Free Antivirus
- Step 2
Download 'SecurityCheck by screen317' and save it to your desktop.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up after once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- checkup.txt (SecurityCheck)
#12
Posted 23 August 2015 - 07:48 AM
#13
Posted 24 August 2015 - 07:53 AM
#14
Posted 25 August 2015 - 05:28 AM
You mean this was the infection to begin with and not the driver mentioned in your topic title? Does this also appear in all of your browsers or just Microsoft Edge? Your logs do not indicate Mozilla Firefox or Google Chrome to be infected with this... do confirm.
It happens with edge and sometimes in chrome. Mostly edge
#15
Posted 25 August 2015 - 05:29 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users