Adwcleaner cannot remove bsdriver.sys and cherimoya.sys

Hello,

We'll look deeper:

1. Download FRST
2. Right-click on the file -> "Execute as Administrator"
3. Click on the "Scan" button
4. The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
5. Please host them on Up2Share and share the generated links.

Best regards,

Thanks for your answer, here are the links :

FRST.txt  : https://up2sha.re/file?f=KLAbqoDluZ5b

Addition.txt : https://up2sha.re/file?f=UKwSMByQaFg2

Regards,

Hello,

Ok. I think that AdwCleaner has cleaned most of the elements I found in the FRST log since it has been created before, but we'll see what it gives:

• Download the file fixlist.txt and save it as "fixlist.txt" to the Desktop or where FRST is located.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

• Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Best regards,  

first, thank you for your advices. Here is the fixlog.txt :

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Exécuté par Charles-Etienne (2016-08-02 21:55:36) Run:1
Exécuté depuis C:\Users\Charles-Etienne\Downloads
Profils chargés: Charles-Etienne (Profils disponibles: Charles-Etienne)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
HKLM-x32\...\Run: [mpck_en_004090136] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
HKU\S-1-5-21-1640064849-153033860-4055649523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1640064849-153033860-4055649523-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446655502&z=8694b22cebf6c61dbe0616ag2z7zfqdqdwew4w2e7o&from=tug1&uid=axns381e-128gm-b_2f2520040741&q={searchTerms}
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-11-05] () [Fichier non signé]
R1 cherimoya C:\WINDOWS\SysNative\drivers\cherimoya.sys
C:\Users\Public\ASR.dat
C:\Users\Charles-Etienne\AppData\Local\Temp\6135.exe 
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mpck_en_004090136 => valeur supprimé(es) avec succès
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valeur restauré(es) avec succès
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valeur restauré(es) avec succès
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valeur restauré(es) avec succès
HKU\S-1-5-21-1640064849-153033860-4055649523-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => clé supprimé(es) avec succès
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => clé non trouvé(e). 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => clé supprimé(es) avec succès
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => clé non trouvé(e). 
"HKU\S-1-5-21-1640064849-153033860-4055649523-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => clé supprimé(es) avec succès
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => clé non trouvé(e). 
bsdriver => Impossible d'arrêter le service.
bsdriver => service impossible à supprimer
R1 cherimoya C:\WINDOWS\SysNative\drivers\cherimoya.sys => Erreur: Pas de correction automatique trouvée pour cet élément.
C:\Users\Public\ASR.dat => déplacé(es) avec succès
C:\Users\Charles-Etienne\AppData\Local\Temp\6135.exe => déplacé(es) avec succès

==== Fin de Fixlog 21:55:41 ====

If you need, I can translate it to english. What I can see is that bsdriver and cherimoya seems impossible to remove. All the rest is "success". 

Btw, I have McAfee on this machine (he didn't detect any bugs... :C), do I need to deactivate while fixing?

Hello,

Hm... We'll try with MBAM to remove Shopperz:

• Download MalwareBytes Anti Malware here.
• Launch MalwareByte's Anti Malware from your desktop
• Click on the tab Settings -> Detection & Protection -> PUP/PUM and check "Treat these detections like malware".
• Tab Exam choose Threats, click on Scan now, and click on Launch the exam.
• If something is detected, choose to Quarantine everything. If it asks you to reboot the computer, do it.
• After the reboot (or at the end of the exam), launch Malwarebytes -> click on History -> Application logs -> Select the last exam log -> Show.
• Click on Export -> text file (*.txt) -> Choose the desktop as destination, name the file "report-mbam" for example, and click on Save.
• Paste the logfile in your next answer.

Regards,

okay, Mbam removed 80 items. Adwcleaner still founds bsdriver service after that, but was able to remove it. the last scan with adwcleaner says "all clear" !

Mbam log :

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 03/08/2016 17:19, SYSTEM, PERICLES, Protection, Malware Protection, Starting, 
Protection, 03/08/2016 17:19, SYSTEM, PERICLES, Protection, Malware Protection, Started, 
Protection, 03/08/2016 17:19, SYSTEM, PERICLES, Protection, Malicious Website Protection, Starting, 
Protection, 03/08/2016 17:19, SYSTEM, PERICLES, Protection, Malicious Website Protection, Started, 
Update, 03/08/2016 17:19, SYSTEM, PERICLES, Manual, Remediation Database, 2016.2.12.1, 2016.8.2.1, 
Update, 03/08/2016 17:19, SYSTEM, PERICLES, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1, 
Update, 03/08/2016 17:19, SYSTEM, PERICLES, Manual, IP Database, 2016.2.8.1, 2016.8.3.2, 
Update, 03/08/2016 17:20, SYSTEM, PERICLES, Manual, Domain Database, 2016.2.16.8, 2016.8.3.7, 
Update, 03/08/2016 17:20, SYSTEM, PERICLES, Manual, Malware Database, 2016.2.16.6, 2016.8.3.8, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Refresh, Starting, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Malicious Website Protection, Stopping, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Malicious Website Protection, Stopped, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Refresh, Success, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Malicious Website Protection, Starting, 
Protection, 03/08/2016 17:20, SYSTEM, PERICLES, Protection, Malicious Website Protection, Started, 
Scan, 03/08/2016 17:26, SYSTEM, PERICLES, Manual, Départ : 03/08/2016 17:20, Durée : 5 min 40 s, Analyse des menaces, Terminé, 72 détections de programmes malveillants, 18 détections de programmes non malveillants, 
Protection, 03/08/2016 17:27, SYSTEM, PERICLES, Protection, Malware Protection, Starting, 
Protection, 03/08/2016 17:27, SYSTEM, PERICLES, Protection, Malware Protection, Started, 
Protection, 03/08/2016 17:27, SYSTEM, PERICLES, Protection, Malicious Website Protection, Starting, 
Protection, 03/08/2016 17:27, SYSTEM, PERICLES, Protection, Malicious Website Protection, Started, 
Protection, 03/08/2016 17:28, SYSTEM, PERICLES, Protection, Malware Protection, Starting, 
Protection, 03/08/2016 17:28, SYSTEM, PERICLES, Protection, Malware Protection, Started, 
Protection, 03/08/2016 17:28, SYSTEM, PERICLES, Protection, Malicious Website Protection, Starting, 
Protection, 03/08/2016 17:28, SYSTEM, PERICLES, Protection, Malicious Website Protection, Started, 

(end)

adw log when removing bsdriver : 

# AdwCleaner v5.201 - Rapport créé le 03/08/2016 à 21:03:21
# Mis à jour le 30/06/2016 par ToolsLib
# Base de données : 2016-08-02.3 [Serveur]
# Système d'exploitation : Windows 10 Home  (X64)
# Nom d'utilisateur : Charles-Etienne - PERICLES
# Exécuté depuis : C:\Users\Charles-Etienne\Documents\8-CEP administratif\adwcleaner_5.201.exe
# Option : Nettoyer
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service supprimé : bsdriver

***** [ Dossiers ] *****


***** [ Fichiers ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****


*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [12348 octets] - [01/08/2016 14:35:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [1370 octets] - [01/08/2016 14:44:59]
C:\AdwCleaner\AdwCleaner[C3].txt - [1780 octets] - [01/08/2016 15:06:28]
C:\AdwCleaner\AdwCleaner[C4].txt - [1080 octets] - [03/08/2016 21:03:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [13575 octets] - [01/08/2016 14:33:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [1173 octets] - [01/08/2016 14:42:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [1563 octets] - [01/08/2016 14:48:06]
C:\AdwCleaner\AdwCleaner[S4].txt - [1711 octets] - [01/08/2016 15:08:24]
C:\AdwCleaner\AdwCleaner[S5].txt - [1420 octets] - [03/08/2016 21:01:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1525 octets] ##########

Thanks a lot for your support and wise advices. I will recommend your services.

regards,

Hello,

Great !

If you have any issues in the future, please come back and we'll try to help.

Best regards,

I know there is an advanced anti-malware program that can deal with browser hijackers, adware and potentially unwanted programs. Download it here.

@Kyle9494: The issue is solved, and there's definitely no need of SpyHunter.