1. #1

    Trojan dofoil.ac giving BSOD

    My laptop has been infect with a trojan named dofoil.ac. Windows Defender detected and removed the threat. However, the virus has spread rapidly and has reach a point where it is preventing me from starting Windows by showing me random BSODs.

    I am unable to boot up my laptop from the HDD or a USB.
    The only thing I can do is boot it up in Safe Mode.

    I am really at a lost right now and would appreciate any help I can get.
    Attached Thumbnails Attached Thumbnails Trojan dofoil.ac giving BSOD-image-jpg  


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    7,788

    Re: Trojan dofoil.ac giving BSOD

    Hi, Xenocide.

    Since you can boot to Safe Mode. please boot to Safe Mode with Networking. Then, please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
    • Please copy/paste both logs in your reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Trojan dofoil.ac giving BSOD

    Quote Originally Posted by Corrine View Post
    Hi, Xenocide.

    Since you can boot to Safe Mode. please boot to Safe Mode with Networking. Then, please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
    • Please copy/paste both logs in your reply.
    Hi Corrine, thanks for reaching out. I have downloaded FRST onto my desktop but no matter what I do, the programme will not open. Anything else I can do?
    I know I am running on a x64 system and I have clicked to run as administrator but to no avail.
    I can open all other applications on my desktop except for FRST.

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    7,788

    Re: Trojan dofoil.ac giving BSOD

    In Safe Mode with Networking, please do the following:

    Download Malwarebytes Anti-Malware from here
    • Right-click on the MBAM icon and select Run as administrator to run the tool.
    • Click Yes to accept any security warnings that may appear.
    • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
      Note: You may deselect the option for a free trial of Malwayrebytes Premium if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
    • Under the Scan Options, turn on the button Scan for rootkits.
    • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
    • Note: The scan may take some time to finish, so please be patient.
    • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
    • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
    • The log can also be viewed by clicking the log to select it, then clicking the View Report button.

    Please post the log for my review.

    Note: If asked to restart the computer, please do so immediately.
    ===

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the LogFile button and the report will open in Notepad.

    IMPORTANT
    • If you click the Clean button all items listed in the report will be removed.

    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Check off the element(s) you wish to keep.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleanerCx.txt (x is a number).


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Trojan dofoil.ac giving BSOD

    Quote Originally Posted by Corrine View Post
    In Safe Mode with Networking, please do the following:

    Download Malwarebytes Anti-Malware from here
    • Right-click on the MBAM icon and select Run as administrator to run the tool.
    • Click Yes to accept any security warnings that may appear.
    • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
      Note: You may deselect the option for a free trial of Malwayrebytes Premium if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
    • Under the Scan Options, turn on the button Scan for rootkits.
    • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
    • Note: The scan may take some time to finish, so please be patient.
    • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
    • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
    • The log can also be viewed by clicking the log to select it, then clicking the View Report button.

    Please post the log for my review.

    Note: If asked to restart the computer, please do so immediately.
    ===

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the LogFile button and the report will open in Notepad.

    IMPORTANT
    • If you click the Clean button all items listed in the report will be removed.

    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Check off the element(s) you wish to keep.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
    Hi Corrine, I have done all the above. Please refer to the attached logs. Please note that I cannot restart my computer normally as it will be stuck in a black screen. The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.

    Malwarebytes
    Malwarebytes | Free Cyber Security & Anti-Malware Software


    -Log Details-
    Scan Date: 2/20/17
    Scan Time: 6:25 PM
    Logfile: Malwarebytes Report.txt
    Administrator: Yes


    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.50
    Update Package Version: 1.0.1306
    License: Trial


    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: XENOCIDE\Aaron


    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 419161
    Time Elapsed: 26 min, 4 sec


    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled


    -Scan Details-
    Process: 0
    (No malicious items detected)


    Module: 0
    (No malicious items detected)


    Registry Key: 4
    PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\WOW6432NODE\SmartPCFixer, Delete-on-Reboot, [2343], [344212],1.0.1306
    PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\WOW6432NODE\SMARTPCFIXER\Param, Delete-on-Reboot, [2343], [344212],1.0.1306
    PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Delete-on-Reboot, [1676], [331708],1.0.1306
    PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\SMARTPCFIXER\Param, Delete-on-Reboot, [2343], [344212],1.0.1306


    Registry Value: 2
    PUP.Optional.AceWebExtension, HKU\S-1-5-21-1275131327-221026202-654622802-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AceWebException, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Delete-on-Reboot, [1676], [331708],1.0.1306


    Registry Data: 0
    (No malicious items detected)


    Data Stream: 0
    (No malicious items detected)


    Folder: 4
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\.data, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\USERS\AARON\APPDATA\ROAMING\AceWebExtension, Delete-on-Reboot, [13932], [175309],1.0.1306


    File: 29
    PUP.Optional.AceWebExtension, C:\USERS\AARON\APPDATA\ROAMING\ACEWEBEXTENSION\UPDATER\ACE_WEB_EXTENSION.EXE, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\bz2.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\core.zip, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\ctools.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\LIBEAY32.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\library.zip, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\select.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\SSLEAY32.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32evtlog.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32ui.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_win32sysloader.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\awe.log, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\awe.port, Delete-on-Reboot, [13932], [175309],1.0.1306
    PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\python27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
    RiskWare.GameHack, C:\PROGRAM FILES (X86)\LEGO JURASSIC WORLD\STEAM_API64.DLL, Delete-on-Reboot, [556], [305544],1.0.1306
    PUP.Optional.SpyHunter, C:\WINDOWS\SYSTEM32\DRIVERS\ESGSCANNER.SYS, Delete-on-Reboot, [1676], [331708],1.0.1306


    Physical Sector: 0
    (No malicious items detected)




    (end)

    # AdwCleaner v6.043 - Logfile created 20/02/2017 at 19:02:22
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-02-13.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Aaron - XENOCIDE
    # Running from : C:\Users\Aaron\Desktop\adwcleaner_6.043.exe
    # Mode: Scan
    # Support : Malwarebytes | Customer Support & Help Center






    ***** [ Services ] *****


    No malicious services found.




    ***** [ Folders ] *****


    Folder Found: C:\Users\Aaron\AppData\LocalLow\.acestream
    Folder Found: C:\Users\Aaron\AppData\Roaming\.acestream
    Folder Found: C:\Users\Aaron\AppData\Roaming\acestream
    Folder Found: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
    Folder Found: C:\_acestream_cache_




    ***** [ Files ] *****


    No malicious files found.




    ***** [ DLL ] *****


    No malicious DLLs found.




    ***** [ WMI ] *****


    No malicious keys found.




    ***** [ Shortcuts ] *****


    No infected shortcut found.




    ***** [ Scheduled Tasks ] *****


    No malicious task found.




    ***** [ Registry ] *****


    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acelive
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acemedia
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acestream
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.tslive
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\acestream
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.CDAudio
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.DVDMovie
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.file
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.OPENFolder
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.SVCDMovie
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.VCDMovie
    Key Found: HKCU\Software\Classes\.acelive
    Key Found: HKCU\Software\Classes\.acemedia
    Key Found: HKCU\Software\Classes\.acestream
    Key Found: HKCU\Software\Classes\.tslive
    Key Found: HKCU\Software\Classes\acestream
    Key Found: HKCU\Software\Classes\AceStream.CDAudio
    Key Found: HKCU\Software\Classes\AceStream.DVDMovie
    Key Found: HKCU\Software\Classes\AceStream.file
    Key Found: HKCU\Software\Classes\AceStream.OPENFolder
    Key Found: HKCU\Software\Classes\AceStream.SVCDMovie
    Key Found: HKCU\Software\Classes\AceStream.VCDMovie
    Key Found: HKLM\SOFTWARE\Classes\.acestream
    Key Found: HKLM\SOFTWARE\Classes\AceStream.file
    Key Found: HKLM\SOFTWARE\Classes\Baidu.BaiduMusic.9
    Key Found: HKLM\SOFTWARE\Classes\baidumusic
    Key Found: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
    Key Found: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
    Key Found: HKLM\SOFTWARE\Classes\metnsd
    Key Found: [x64] HKCU\Software\Classes\.acelive
    Key Found: [x64] HKCU\Software\Classes\.acemedia
    Key Found: [x64] HKCU\Software\Classes\.acestream
    Key Found: [x64] HKCU\Software\Classes\.tslive
    Key Found: [x64] HKCU\Software\Classes\acestream
    Key Found: [x64] HKCU\Software\Classes\AceStream.CDAudio
    Key Found: [x64] HKCU\Software\Classes\AceStream.DVDMovie
    Key Found: [x64] HKCU\Software\Classes\AceStream.file
    Key Found: [x64] HKCU\Software\Classes\AceStream.OPENFolder
    Key Found: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
    Key Found: [x64] HKCU\Software\Classes\AceStream.VCDMovie
    Key Found: [x64] HKLM\SOFTWARE\Classes\.acestream
    Key Found: [x64] HKLM\SOFTWARE\Classes\AceStream.file
    Key Found: [x64] HKLM\SOFTWARE\Classes\Baidu.BaiduMusic.9
    Key Found: [x64] HKLM\SOFTWARE\Classes\baidumusic
    Key Found: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
    Key Found: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\metnsd
    Key Found: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EEDB912-C5FA-486F-8334-57288578C627}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\AceStream
    Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Key Found: HKCU\Software\AceStream
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Key Found: [x64] HKCU\Software\AceStream
    Key Found: [x64] HKLM\SOFTWARE\SmartPCFixer
    Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
    Value Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [AceWebException]
    Key Found: HKCU\Software\Classes\Applications\ace_player.exe
    Key Found: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
    Key Found: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
    Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
    Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
    Key Found: HKCU\SOFTWARE\Classes\Applications\ace_player.exe




    ***** [ Web browsers ] *****


    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.


    *************************


    C:\AdwCleaner\AdwCleaner[S0].txt - [8827 Bytes] - [20/02/2017 19:02:22]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8900 Bytes] ##########

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    7,788

    Re: Trojan dofoil.ac giving BSOD

    Hi, Xenocide.

    Quote Originally Posted by Xenocide
    The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.
    Malwarebytes and AdwCleaner found and removed PUPS (Potentially Unwanted Programs), nothing malicious. Based on the continuing issue with BSODs and Brian Drab's recommendation here, please follow the BSOD Posting Instructions and provide the requested information in the BSOD, Crashes, Kernel Debugging forum.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Trojan dofoil.ac giving BSOD

    [QUOTE=Corrine;175953]Hi, Xenocide.

    Quote Originally Posted by Xenocide
    The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.
    Hello Corrine, thank you so much for your help! I will proceed to seek help from the relevant section. Hope to be able to solve this with the help of you guys.
    Last edited by xilolee; 02-21-2017 at 06:02 PM. Reason: Quotation fixed.

Similar Threads

  1. Replies: 0
    Last Post: 07-31-2016, 11:27 PM
  2. Replies: 1
    Last Post: 10-26-2014, 05:14 AM

Log in

Log in