What's new

Trojan dofoil.ac giving BSOD

Xenocide

Member
Joined
Feb 2, 2017
Posts
10
My laptop has been infect with a trojan named dofoil.ac. Windows Defender detected and removed the threat. However, the virus has spread rapidly and has reach a point where it is preventing me from starting Windows by showing me random BSODs.

I am unable to boot up my laptop from the HDD or a USB.
The only thing I can do is boot it up in Safe Mode.

I am really at a lost right now and would appreciate any help I can get.
 

Attachments

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,320
Location
Upstate, NY
Hi, Xenocide.

Since you can boot to Safe Mode. please boot to Safe Mode with Networking. Then, please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
  • Please copy/paste both logs in your reply.
 

Xenocide

Member
Joined
Feb 2, 2017
Posts
10
Hi, Xenocide.

Since you can boot to Safe Mode. please boot to Safe Mode with Networking. Then, please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
  • Please copy/paste both logs in your reply.
Hi Corrine, thanks for reaching out. I have downloaded FRST onto my desktop but no matter what I do, the programme will not open. Anything else I can do?
I know I am running on a x64 system and I have clicked to run as administrator but to no avail.
I can open all other applications on my desktop except for FRST.
 

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,320
Location
Upstate, NY
In Safe Mode with Networking, please do the following:

Download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
    Note: You may deselect the option for a free trial of Malwayrebytes Premium if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
 

Xenocide

Member
Joined
Feb 2, 2017
Posts
10
In Safe Mode with Networking, please do the following:

Download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
    Note: You may deselect the option for a free trial of Malwayrebytes Premium if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
Hi Corrine, I have done all the above. Please refer to the attached logs. Please note that I cannot restart my computer normally as it will be stuck in a black screen. The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.

Malwarebytes
Malwarebytes | Free Cyber Security & Anti-Malware Software


-Log Details-
Scan Date: 2/20/17
Scan Time: 6:25 PM
Logfile: Malwarebytes Report.txt
Administrator: Yes


-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1306
License: Trial


-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: XENOCIDE\Aaron


-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419161
Time Elapsed: 26 min, 4 sec


-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled


-Scan Details-
Process: 0
(No malicious items detected)


Module: 0
(No malicious items detected)


Registry Key: 4
PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\WOW6432NODE\SmartPCFixer, Delete-on-Reboot, [2343], [344212],1.0.1306
PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\WOW6432NODE\SMARTPCFIXER\Param, Delete-on-Reboot, [2343], [344212],1.0.1306
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Delete-on-Reboot, [1676], [331708],1.0.1306
PUP.Optional.SmartPCPrivacyCleanerPro, HKLM\SOFTWARE\SMARTPCFIXER\Param, Delete-on-Reboot, [2343], [344212],1.0.1306


Registry Value: 2
PUP.Optional.AceWebExtension, HKU\S-1-5-21-1275131327-221026202-654622802-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AceWebException, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Delete-on-Reboot, [1676], [331708],1.0.1306


Registry Data: 0
(No malicious items detected)


Data Stream: 0
(No malicious items detected)


Folder: 4
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\.data, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\USERS\AARON\APPDATA\ROAMING\AceWebExtension, Delete-on-Reboot, [13932], [175309],1.0.1306


File: 29
PUP.Optional.AceWebExtension, C:\USERS\AARON\APPDATA\ROAMING\ACEWEBEXTENSION\UPDATER\ACE_WEB_EXTENSION.EXE, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\bz2.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\core.zip, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\ctools.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\LIBEAY32.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\library.zip, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\select.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\SSLEAY32.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32evtlog.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\win32ui.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\lib\_win32sysloader.pyd, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\awe.log, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\awe.port, Delete-on-Reboot, [13932], [175309],1.0.1306
PUP.Optional.AceWebExtension, C:\Users\Aaron\AppData\Roaming\AceWebExtension\updater\python27.dll, Delete-on-Reboot, [13932], [175309],1.0.1306
RiskWare.GameHack, C:\PROGRAM FILES (X86)\LEGO JURASSIC WORLD\STEAM_API64.DLL, Delete-on-Reboot, [556], [305544],1.0.1306
PUP.Optional.SpyHunter, C:\WINDOWS\SYSTEM32\DRIVERS\ESGSCANNER.SYS, Delete-on-Reboot, [1676], [331708],1.0.1306


Physical Sector: 0
(No malicious items detected)




(end)

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 19:02:22
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Aaron - XENOCIDE
# Running from : C:\Users\Aaron\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : Malwarebytes | Customer Support & Help Center






***** [ Services ] *****


No malicious services found.




***** [ Folders ] *****


Folder Found: C:\Users\Aaron\AppData\LocalLow\.acestream
Folder Found: C:\Users\Aaron\AppData\Roaming\.acestream
Folder Found: C:\Users\Aaron\AppData\Roaming\acestream
Folder Found: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Folder Found: C:\_acestream_cache_




***** [ Files ] *****


No malicious files found.




***** [ DLL ] *****


No malicious DLLs found.




***** [ WMI ] *****


No malicious keys found.




***** [ Shortcuts ] *****


No infected shortcut found.




***** [ Scheduled Tasks ] *****


No malicious task found.




***** [ Registry ] *****


Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acelive
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acemedia
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.acestream
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\.tslive
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\acestream
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.CDAudio
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.DVDMovie
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.file
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.OPENFolder
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.SVCDMovie
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Classes\AceStream.VCDMovie
Key Found: HKCU\Software\Classes\.acelive
Key Found: HKCU\Software\Classes\.acemedia
Key Found: HKCU\Software\Classes\.acestream
Key Found: HKCU\Software\Classes\.tslive
Key Found: HKCU\Software\Classes\acestream
Key Found: HKCU\Software\Classes\AceStream.CDAudio
Key Found: HKCU\Software\Classes\AceStream.DVDMovie
Key Found: HKCU\Software\Classes\AceStream.file
Key Found: HKCU\Software\Classes\AceStream.OPENFolder
Key Found: HKCU\Software\Classes\AceStream.SVCDMovie
Key Found: HKCU\Software\Classes\AceStream.VCDMovie
Key Found: HKLM\SOFTWARE\Classes\.acestream
Key Found: HKLM\SOFTWARE\Classes\AceStream.file
Key Found: HKLM\SOFTWARE\Classes\Baidu.BaiduMusic.9
Key Found: HKLM\SOFTWARE\Classes\baidumusic
Key Found: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Key Found: HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Key Found: HKLM\SOFTWARE\Classes\metnsd
Key Found: [x64] HKCU\Software\Classes\.acelive
Key Found: [x64] HKCU\Software\Classes\.acemedia
Key Found: [x64] HKCU\Software\Classes\.acestream
Key Found: [x64] HKCU\Software\Classes\.tslive
Key Found: [x64] HKCU\Software\Classes\acestream
Key Found: [x64] HKCU\Software\Classes\AceStream.CDAudio
Key Found: [x64] HKCU\Software\Classes\AceStream.DVDMovie
Key Found: [x64] HKCU\Software\Classes\AceStream.file
Key Found: [x64] HKCU\Software\Classes\AceStream.OPENFolder
Key Found: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
Key Found: [x64] HKCU\Software\Classes\AceStream.VCDMovie
Key Found: [x64] HKLM\SOFTWARE\Classes\.acestream
Key Found: [x64] HKLM\SOFTWARE\Classes\AceStream.file
Key Found: [x64] HKLM\SOFTWARE\Classes\Baidu.BaiduMusic.9
Key Found: [x64] HKLM\SOFTWARE\Classes\baidumusic
Key Found: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Key Found: [x64] HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Key Found: [x64] HKLM\SOFTWARE\Classes\metnsd
Key Found: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Key Found: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\AceStream
Key Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found: HKCU\Software\AceStream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found: [x64] HKCU\Software\AceStream
Key Found: [x64] HKLM\SOFTWARE\SmartPCFixer
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Value Found: HKU\S-1-5-21-1275131327-221026202-654622802-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [AceWebException]
Key Found: HKCU\Software\Classes\Applications\ace_player.exe
Key Found: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Key Found: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Key Found: HKCU\SOFTWARE\Classes\Applications\ace_player.exe




***** [ Web browsers ] *****


No malicious Firefox based browser items found.
No malicious Chromium based browser items found.


*************************


C:\AdwCleaner\AdwCleaner[S0].txt - [8827 Bytes] - [20/02/2017 19:02:22]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8900 Bytes] ##########
 

Corrine

Site Administrator, Microsoft MVP, Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
9,320
Location
Upstate, NY
Hi, Xenocide.

Xenocide said:
The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.
Malwarebytes and AdwCleaner found and removed PUPS (Potentially Unwanted Programs), nothing malicious. Based on the continuing issue with BSODs and Brian Drab's recommendation here, please follow the BSOD Posting Instructions and provide the requested information in the BSOD, Crashes, Kernel Debugging forum.
 

Xenocide

Member
Joined
Feb 2, 2017
Posts
10
Hi, Xenocide.

Xenocide said:
The only way for my computer to work is by force shutting down and power on until the Blue Screen allows me to choose startup settings by pressing F8, followed by Safe Mode with networking by pressing F5. Thank you for your help and I hope this issue can be resolved soon.
Hello Corrine, thank you so much for your help! I will proceed to seek help from the relevant section. Hope to be able to solve this with the help of you guys.
 
Last edited by a moderator:
Top