[sabusamra88]

Hi guys i was searching online for ways to remove this nasty virus from my system. Ive tried with malware removal tools, going into the registry and manually trying to delete it, but in the end nothing happened. It kept coming back. As i was searching i came across this site. Ive already downloaded the tool and did a scan. Any advice is helpful. Thank you

Attached Files

•  Addition.txt   44.63KB   407 downloads
•  FRST.txt   97.6KB   276 downloads

[Advertisements]

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

• It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
• Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
• Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep these in mind. Before anything else, kindly accomplish the below.

• 'Enable System Restore (Steps 1-7)'

Please only proceed after the above has been done.

• Step 1
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  CloseProcesses:
  EmptyTemp:
  CreateRestorePoint:
  
  HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00036295&OHP=http%3A%2F%2Fwww%2Dsearching.com%2F%3Fpid%3Ds%26s%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26vp%3Dch%26prd%3Dset&OSP=http%3A%2F%2Fwww%2Dsearching.com%2Fsearch.aspx%3Fs%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26site%3Dshyosie%26prd%3Dset%26q%3D%7BsearchTerms%7D
  SearchScopes: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  FF DefaultSearchEngine.US: Search Module
  FF NetworkProxy: "type", 0
  FF SearchPlugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\olwpkw64.default\searchplugins\smod.xml [2015-08-15]
  CHR HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
  CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
  R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-15] ()
  C:\WINDOWS\system32\drivers\bsdriver.sys 
  S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
  2015-08-18 21:08 - 2010-03-08 06:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
  2015-08-18 21:04 - 2015-08-18 21:05 - 02666167 _____ (Kephyr) C:\Users\Samuel\Downloads\freefixersetup.exe
  2015-08-18 20:40 - 2015-08-18 20:48 - 00000000 ____D C:\Users\Samuel\Downloads\WindowexeAllkiller
  2015-08-18 20:40 - 2015-08-18 20:40 - 00162397 _____ C:\Users\Samuel\Downloads\WindowexeAllkiller.zip
  2015-08-18 07:39 - 2015-08-18 07:39 - 00000000 _____ C:\autoexec.bat
  2015-08-15 17:00 - 2015-08-15 17:05 - 00001769 _____ C:\ProgramData\tempimage.bmp
  2015-08-15 10:50 - 2015-08-15 10:50 - 00004752 _____ C:\WINDOWS\SysWOW64\Uiviuuj.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\SysWOW64\UiviuujOff.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\system32\UiviuujOff.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00000000 ____D C:\WINDOWS\system32\mec
  2015-08-15 10:50 - 2015-08-12 04:45 - 00353608 _____ C:\WINDOWS\system32\Uiviuuj64.dll
  2015-08-15 10:50 - 2015-08-12 04:45 - 00283464 _____ C:\WINDOWS\SysWOW64\Uiviuuj.dll
  2015-08-15 10:48 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
  2015-08-14 22:46 - 2015-08-14 22:46 - 00003226 _____ C:\WINDOWS\System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50}
  2015-08-14 22:45 - 2015-08-14 22:45 - 00003270 _____ C:\WINDOWS\System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8}
  2015-08-14 22:43 - 2015-08-19 15:39 - 00000346 _____ C:\WINDOWS\Tasks\JKRXFGIV1.job
  2015-08-14 22:43 - 2015-08-18 08:24 - 00000000 ____D C:\ProgramData\Service1198
  2015-08-14 22:43 - 2015-08-14 22:45 - 00000000 ____D C:\Users\Samuel\AppData\Local\BrowserAir
  2015-08-14 22:43 - 2015-08-14 22:43 - 00002914 _____ C:\WINDOWS\System32\Tasks\JKRXFGIV1
  2015-08-14 22:43 - 2015-08-14 22:43 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
  2015-08-01 12:14 - 2015-08-19 15:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
  2015-07-24 14:04 - 2015-07-24 14:05 - 21511608 _____ (KeepSolid Inc. ) C:\Users\Samuel\Downloads\vpn-unlimited_2.11.0.exe
  Task: {02F07688-F9D4-4F9D-8424-0E7355A062D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
  Task: {093286AE-F782-4AAA-B46C-33D40CC3C667} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
  Task: {0BD640B4-00E6-4550-9B42-2D9A9EF8B82A} - System32\Tasks\JKRXFGIV1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION
  Task: {0C9CE355-1324-4966-885C-058450D15F7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
  Task: {1FE592E4-3C8F-4933-A356-A178CED12BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
  Task: {4972D29D-8341-4B9F-84FB-2276F221F552} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
  Task: {9DBF1E06-0EC0-4160-AB0D-BDE846B915DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
  Task: {B6C674AE-D493-4058-B264-076E8735452A} - System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} => pcalua.exe -a C:\ProgramData\EpsanDrive\SoftConfigTest.exe
  Task: {C2059E7C-71DF-4ECF-8E3F-E4BE0DB3FC73} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
  Task: {CAA046D5-922C-4A74-AC4C-432A3616D89C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
  Task: {DA7E794B-53EE-47F8-8517-4F065BE71383} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION)
  Task: {EB7140B0-4A5D-433F-9CB6-44C9CE4A6BF1} - System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} => pcalua.exe -a C:\Users\Samuel\AppData\Local\BrowserAir\Application\Uninstall.exe
  Task: {ED7C4068-89F3-4660-827E-450E13EEA862} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
  Task: {F8F03F0C-D56F-428E-8F0E-A2D5DA1BE562} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
  Task: C:\WINDOWS\Tasks\JKRXFGIV1.job => 0x000A0100C9A6B4E72AC44C4F8DE1DCBC095E2AF44600F800000000003C000A0020000000FEFFFFFF0B0107800013040000008021DF070800030013000F0027001C00C6010000290043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E00440072006900760065005C0045007000730061006E00440072006900760065002E00650078006500000000001A0043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E004400720069007600650000000B00530041004D005C00530061006D00750065006C0000000000000008000000000000000000020030000000DF0708000E00000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF0708000E0000000000000016002C0000000000000000000000000000000000010000000000000000000000
  C:\ProgramData\ZigsNad
  C:\Program Files (x86)\Max Driver Updater
  File: C:\Windows\System32\drivers\udecx.sys
  
  RemoveProxy:
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state ON
  CMD: bitsadmin /reset /allusers

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 2
  
  Download 'AdwCleaner by Xplode' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Read the Terms of Use and click I Agree.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)
  • AdwCleaner[S*].txt (AdwCleaner)

[Pyxis]

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

• It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
• Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
• Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep these in mind. Before anything else, kindly accomplish the below.

• 'Enable System Restore (Steps 1-7)'

Please only proceed after the above has been done.

• Step 1
  
  Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
  

  CloseProcesses:
  EmptyTemp:
  CreateRestorePoint:
  
  HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00036295&OHP=http%3A%2F%2Fwww%2Dsearching.com%2F%3Fpid%3Ds%26s%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26vp%3Dch%26prd%3Dset&OSP=http%3A%2F%2Fwww%2Dsearching.com%2Fsearch.aspx%3Fs%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26site%3Dshyosie%26prd%3Dset%26q%3D%7BsearchTerms%7D
  SearchScopes: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  FF DefaultSearchEngine.US: Search Module
  FF NetworkProxy: "type", 0
  FF SearchPlugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\olwpkw64.default\searchplugins\smod.xml [2015-08-15]
  CHR HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
  CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
  R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-15] ()
  C:\WINDOWS\system32\drivers\bsdriver.sys 
  S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
  2015-08-18 21:08 - 2010-03-08 06:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
  2015-08-18 21:04 - 2015-08-18 21:05 - 02666167 _____ (Kephyr) C:\Users\Samuel\Downloads\freefixersetup.exe
  2015-08-18 20:40 - 2015-08-18 20:48 - 00000000 ____D C:\Users\Samuel\Downloads\WindowexeAllkiller
  2015-08-18 20:40 - 2015-08-18 20:40 - 00162397 _____ C:\Users\Samuel\Downloads\WindowexeAllkiller.zip
  2015-08-18 07:39 - 2015-08-18 07:39 - 00000000 _____ C:\autoexec.bat
  2015-08-15 17:00 - 2015-08-15 17:05 - 00001769 _____ C:\ProgramData\tempimage.bmp
  2015-08-15 10:50 - 2015-08-15 10:50 - 00004752 _____ C:\WINDOWS\SysWOW64\Uiviuuj.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\SysWOW64\UiviuujOff.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\system32\UiviuujOff.ini
  2015-08-15 10:50 - 2015-08-15 10:50 - 00000000 ____D C:\WINDOWS\system32\mec
  2015-08-15 10:50 - 2015-08-12 04:45 - 00353608 _____ C:\WINDOWS\system32\Uiviuuj64.dll
  2015-08-15 10:50 - 2015-08-12 04:45 - 00283464 _____ C:\WINDOWS\SysWOW64\Uiviuuj.dll
  2015-08-15 10:48 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
  2015-08-14 22:46 - 2015-08-14 22:46 - 00003226 _____ C:\WINDOWS\System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50}
  2015-08-14 22:45 - 2015-08-14 22:45 - 00003270 _____ C:\WINDOWS\System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8}
  2015-08-14 22:43 - 2015-08-19 15:39 - 00000346 _____ C:\WINDOWS\Tasks\JKRXFGIV1.job
  2015-08-14 22:43 - 2015-08-18 08:24 - 00000000 ____D C:\ProgramData\Service1198
  2015-08-14 22:43 - 2015-08-14 22:45 - 00000000 ____D C:\Users\Samuel\AppData\Local\BrowserAir
  2015-08-14 22:43 - 2015-08-14 22:43 - 00002914 _____ C:\WINDOWS\System32\Tasks\JKRXFGIV1
  2015-08-14 22:43 - 2015-08-14 22:43 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
  2015-08-01 12:14 - 2015-08-19 15:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
  2015-07-24 14:04 - 2015-07-24 14:05 - 21511608 _____ (KeepSolid Inc. ) C:\Users\Samuel\Downloads\vpn-unlimited_2.11.0.exe
  Task: {02F07688-F9D4-4F9D-8424-0E7355A062D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
  Task: {093286AE-F782-4AAA-B46C-33D40CC3C667} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
  Task: {0BD640B4-00E6-4550-9B42-2D9A9EF8B82A} - System32\Tasks\JKRXFGIV1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION
  Task: {0C9CE355-1324-4966-885C-058450D15F7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
  Task: {1FE592E4-3C8F-4933-A356-A178CED12BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
  Task: {4972D29D-8341-4B9F-84FB-2276F221F552} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
  Task: {9DBF1E06-0EC0-4160-AB0D-BDE846B915DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
  Task: {B6C674AE-D493-4058-B264-076E8735452A} - System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} => pcalua.exe -a C:\ProgramData\EpsanDrive\SoftConfigTest.exe
  Task: {C2059E7C-71DF-4ECF-8E3F-E4BE0DB3FC73} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
  Task: {CAA046D5-922C-4A74-AC4C-432A3616D89C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
  Task: {DA7E794B-53EE-47F8-8517-4F065BE71383} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION)
  Task: {EB7140B0-4A5D-433F-9CB6-44C9CE4A6BF1} - System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} => pcalua.exe -a C:\Users\Samuel\AppData\Local\BrowserAir\Application\Uninstall.exe
  Task: {ED7C4068-89F3-4660-827E-450E13EEA862} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
  Task: {F8F03F0C-D56F-428E-8F0E-A2D5DA1BE562} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
  Task: C:\WINDOWS\Tasks\JKRXFGIV1.job => 0x000A0100C9A6B4E72AC44C4F8DE1DCBC095E2AF44600F800000000003C000A0020000000FEFFFFFF0B0107800013040000008021DF070800030013000F0027001C00C6010000290043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E00440072006900760065005C0045007000730061006E00440072006900760065002E00650078006500000000001A0043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E004400720069007600650000000B00530041004D005C00530061006D00750065006C0000000000000008000000000000000000020030000000DF0708000E00000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF0708000E0000000000000016002C0000000000000000000000000000000000010000000000000000000000
  C:\ProgramData\ZigsNad
  C:\Program Files (x86)\Max Driver Updater
  File: C:\Windows\System32\drivers\udecx.sys
  
  RemoveProxy:
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state ON
  CMD: bitsadmin /reset /allusers

  • Run your copy of FRST. It is important to ensure it is located in your desktop.
  • Press the Fix button.
  • It will produce a log (fixlog.txt) once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Step 2
  
  Download 'AdwCleaner by Xplode' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Read the Terms of Use and click I Agree.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • fixlog.txt (Farbar Recovery Scan Tool)
  • AdwCleaner[S*].txt (AdwCleaner)

[sabusamra88]

Hi, for the system restore steps one through seven, i am on windows 10. Also do you want me to turn system protection on or off?

[Pyxis]

Turn it on, please.

[sabusamra88]

 Fixlog.txt   17.9KB   331 downloadsDone, as requested 

Edited by sabusamra88, 21 August 2015 - 06:01 PM.

[sabusamra88]

this is the second file

Attached Files

•  AdwCleanerS9.txt   988bytes   238 downloads

Edited by sabusamra88, 21 August 2015 - 06:02 PM.

[Pyxis]

For AdwCleaner, you need to press Clean after Scan. Do you have a spare flash drive? Looks like we might need it to remove persistent files if this one does not do so.

• Step 1
  
  Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
  • Double-click mbam-setup-*.exe and proceed to installing the program.
    • Accept the License Agreement.
    • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
    • Click Finish after.
  • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
    • Tick the Scan For Rootkits box.
  • Go back to the Dashboard and select Update Now. Click Scan Now after.
    • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
    • Once the scan is complete, click Apply Actions.
    • If you are prompted to reboot, allow it by pressing Yes.
  • Navigate to the program's History tab to retrieve the log.
    • Click Application Logs and double-click on the most recent Scan Log.
    • Export the log to your desktop as a .TXT file.
    • You can also choose to directly copy the log by selecting Copy to Clipboard.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • AdwCleaner[S*].txt (AdwCleaner)
  • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

[sabusamra88]

I do have a usb, here are the logs. One protection log, named mal 1 and the other 2 scans i did, mal 2 and mal 3

 

 

Attached Files

•  mal 1.txt   1.41KB   246 downloads
•  mal 2.txt   1.01KB   221 downloads
•  mal 3.txt   1.04KB   222 downloads
•  AdwCleanerC9.txt   973bytes   201 downloads
•  AdwCleanerS10.txt   877bytes   220 downloads

[Pyxis]

That seems to have removed it--let's verify.

• Step 1
  
  Run your copy of FRST by double-clicking it.
  • Put a check on Addition.
  • Press the Scan button after.
  • It will produce FRST.txt and Addition.txt on your desktop once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • Addition.txt (Farbar Recovery Scan Tool)
  • FRST.txt (Farbar Recovery Scan Tool)

[sabusamra88]

Here you go

Attached Files

•  FRST.txt   102.2KB   244 downloads
•  Addition.txt   32.51KB   327 downloads

[Pyxis]

How is your computer? The logs look good.

• Step 1
  
  You do not seem to have an anti-virus installed in your system. Choosing a good program is crucial as without it you will be easily infected. Please choose only one from the list below and install it. Note that the names lead to the respective sites.
  • avast! Free Antivirus
    • Spoiler

      Download 'Avast Free Antivirus by AVAST Software' and save it to your desktop.

      • Run the installer.
        • Untick the two checkboxes. Select Custom installation > Continue.
        • Choose components that you would like to install--I recommend unticking Mail Shield (unless you have an email client like Microsoft Outlook or Mozilla Thunderbird) and everything underneath Tools.
        • Press Continue for the next prompts.
        • Click Done and wait for the initial scan to complete.
        • You can navigate to the Account tab in order to register your copy.
      • Additionally, you can add the program to your System Tray (lower right corner with icons).
        • Click the arrow icon. Drag Avast's icon onto the area with existing icons.
  • Avira Free Antivirus
    • Spoiler

      Download 'Avira Free Antivirus by Avira Operations GmbH & Co. KG' and save it to your desktop.

      • Run the installer.
        • Choose Custom and untick the first box. Read and accept the EULA.
        • Press Next twice. Choose components that you would like to install--I recommend unticking Mail Protection (unless you have an email client like Microsoft Outlook or Mozilla Thunderbird), Windows Firewall, ProActiv, and Web Protection.
        • Press Next for the next prompts. You may or may not choose to register.
        • Click Finish and wait for the initial scan to complete.
        • Once done, click Fix all to update the database.
      • Go back to Control Panel > Programs and Features > Uninstall a Program.
        • Uninstall Avira (not Avira Antivirus).
      • Additionally, you can add the program to your System Tray (lower right corner with icons).
        • Click the arrow icon. Drag Avira's icon onto the area with existing icons.
  Note: Disable Windows Defender before or after the process by following Option One ('Windows 7' | 'Windows 8' | 'Windows 10').

• Step 2
  
  Download 'SecurityCheck by screen317' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  Note: If you get an error about an unsupported operating system, please reboot your computer and try again.

• Logs to Post
  
  In summary of the above, I will need you to post the following log(s):
  • checkup.txt (SecurityCheck)

[sabusamra88]

Im still getting this 

Attached Thumbnails

• 

[Pyxis]

You mean this was the infection to begin with and not the driver mentioned in your topic title?  Does this also appear in all of your browsers or just Microsoft Edge? Your logs do not indicate Mozilla Firefox or Google Chrome to be infected with this... do confirm.

[sabusamra88]

You mean this was the infection to begin with and not the driver mentioned in your topic title?  Does this also appear in all of your browsers or just Microsoft Edge? Your logs do not indicate Mozilla Firefox or Google Chrome to be infected with this... do confirm.

It happens with edge and sometimes in chrome. Mostly edge

[sabusamra88]

I had adwcleaner before and when I ran the scan it would always give me bs driver.system so I assumed that was the problem.