user_avatar****

Hello,

After I installed then uninstalled Ace Stream and its Firefox plugin, I ran a scan on my PC with AdwCleaner and found the following entry to delete :

C:/Users/MyName/AppData/Roaming/.acestream

I asked AdwCleaner to delete it, and it was indeed deleted after rebooting and the report said it was deleted. I ran a second scan and AdwCleaner found nothing to deleted, so I thought the problem was fixed.

However, after I restarted my PC and ran another scan, the faultry entry was there again! I deleted it again but the same problem reappeared again and again like an ugly phoenix rising from the ashes.

I deleted all instances of "acestream" in the registry and in C:/ but the problem remained unsolved.

I must add that my PC is working perfectly without any sign af adware and that no other antispyware, namely RogueKiller, MalwareBytes, Spybot and Ad-aware, found any trace of this acestream.

I would think it is a false positive if this problem had not appeared just after I installed Ace Stream on my PC. This bears evidence that, however minor, this problem is clearly linked to the installation of Ace Stream.

Perhaps I am too much of a perfectionist, but I would be very happy if this problem could be solved.

Thank you in advance.

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Can you provide us the whole logfile ? (from C:\AdwCleaner\)

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

I have just run a scan once again and here is the whole logfile :

# AdwCleaner v5.112 - Rapport créé le 18/04/2016 à 11:17:04
# Mis à jour le 17/04/2016 par Xplode
# Base de données : 2016-04-17.1 [Serveur]
# Système d'exploitation : Windows 10 Home  (X86)
# Nom d'utilisateur : Paul - DESKTOP-AQACG2A
# Exécuté depuis : C:\Users\Paul\AppData\Local\Temp\mozOpenDownload\adwcleaner_5.112.exe
# Option : Scanner
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Dossiers ] *****

Dossier trouvé : C:\Users\Paul\AppData\Roaming\.acestream

***** [ Fichiers ] *****

***** [ DLL ] *****

***** [ Raccourcis ] *****

***** [ Tâches planifiées ] *****

***** [ Registre ] *****

***** [ Navigateurs ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [740 octets] - [18/04/2016 11:17:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [813 octets] ##########

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Thanks for the report.

Can you generate a ZHPDiag logreport to get more informations on your system ?

  • Download ZHPDiag from Nicolas on his website
  • Then run it with administrator's rights (with right click)
  • Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
  • Then post the link in your reply

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

(Sorry for the repetitions, I do not know how to delete the repeated messages!)

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Can you create a zip archive of the folder

C:\Users\Paul\AppData\Roaming\.acestream

Then, host it on Up2Share and share the link here.

After that,

  • Please download ZHPFix - Go on the download page of ZhpFix, click on the blue button "Download Now".
  • Launch it with right click : "launch as administrator",
  • Follow the instructions during the installation.
  • Then click on the shortcut for ZhpFix on your desktop, and as usual, launch it as administrator.
  • Select "Import"
  • Copy & paste the following lines including "Script ZHPFix" to "EmptyPrefetch":
Script ZHPFix:


[MD5.00000000000000000000000000000000] [APT] [{FEBDF0AD-6C06-4A8E-A87E-E5666586B158}] (...) -- C:\Program Files\Lavasoft\Ad-aware 6\UNWISE.EXE (.not file.)   [0] (.Activate.)
HKCU\SOFTWARE\Caphyon
HKCU\SOFTWARE\SUPERAntiSpyware.com
O43 - CFD: 10/04/2016 - [] D -- C:\ProgramData\Ultra Adware Killer
O43 - CFD: 17/04/2016 - [] D -- C:\Users\Paul\AppData\Roaming\.ACEStream
O58 - SDL:2016/03/29 16:44:53 A . (...) -- C:\WINDOWS\System32\drivers\EsgScanner.sys   [19984]
EmptyTemp
EmptyFlash
EmptyPrefetch
  • Then click on Go (3) to launch the tool.
  • It will ask you to confirm, just do it !
  • At the end, a report named ZHPFixReport.txt will be created and saved on your desktop. Please copy/paste it in your answer here.

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Here is the link to the .zip file :

https://up2sha.re/file?f=BLFpne1nlGSI

And here is the ZHPFix report :

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Paul at 18/04/2016 17:56:04
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 32-bit Service Pack 1 (10586)

Corbeille vidée (00mn 06s) Dossier Prefetcher vidé

========== Clés du Registre ==========
SUPPRIMÉ: HKCU\SOFTWARE\Caphyon
SUPPRIMÉ: HKCU\SOFTWARE\SUPERAntiSpyware.com

========== Dossiers ==========
SUPPRIMÉ: C:\ProgramData\Ultra Adware Killer
SUPPRIMÉ: C:\Users\Paul\AppData\Roaming\.ACEStream
SUPPRIMÉS Temporaires Windows (10)
SUPPRIMÉS Flash Cookies (0)

========== Fichiers ==========
SUPPRIMÉ: c:\windows\system32\drivers\esgscanner.sys
SUPPRIMÉS Temporaires Windows (145) (208 843 093 octets)
SUPPRIMÉS Flash Cookies (0) (0 octets)

========== Tache planifiée ==========
SUPPRIMÉ: {FEBDF0AD-6C06-4A8E-A87E-E5666586B158}

========== Récapitulatif ==========
2 : Clés du Registre
4 : Dossiers
3 : Fichiers
1 : Tache planifiée

End of clean in 00mn 12s

========== Chemin de fichier rapport ==========
C:\Users\Paul\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/04/2016 17:56:11 [1077]

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Does the folder still appears when you reboot your computer ?

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

The folder does not appear after rebooting any longer. The problem seems to be fixed.

Thank you very much!

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Ok. It was a strange behaviour (and the first case like this) but it's solved.

Otherwise, your computer is clean.

You may use Delfix to remove every tools we used from your computer :

  • Download DelFix from Xplode on your desktop.
  • Launch it with administrator rights.
  • Select all the option except the one proposing to save the registry.
  • Then click on the "Execute" button.
  • When everything is finish, the software will close itself.
  • Then a report appear on the notepad, please copy paste it's content in your answer.

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

I had already launched Delfix before you asked me to do it : so the desinfection tools were deleted on that instance. I have just launched it once again and here is the report :

# DelFix v1.013 - Rapport créé le 18/04/2016 à 21:42:50
# Mis à jour le 17/04/2016 par Xplode
# Nom d'utilisateur : Paul - DESKTOP-AQACG2A
# Système d'exploitation : Windows 10 Home  (32 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

~ Purge de la restauration système ...

Supprimé : RP #1 [AA11 | 04/16/2016 20:25:40]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Ok, great !

If you have any questions, don't hesitate to ask.

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Thank  you very much once again for your help. AdwCleaner is really a wonderful tool to eradicate malwares, and I have helped several friends to decontaminate their much-infected PCs with thiqs sofware whose scan is so fast and efficient.

Now I wonder if my problem with AceStream was purely individual or if I should report the presence of a malware, however mild it may be, on this download site for example :

http://www.softpedia.com/get/Multimedia/Video/Other-VIDEO-Tools/Torrent-Stream.shtml

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Yes, please prefer the official download website or a trusted source to get your software.. It may avoid you some troubles !

Regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Some bad news. I started my PC, ran AdwCleaner and here is the report :

# AdwCleaner v5.112 - Rapport créé le 19/04/2016 à 11:00:43 # Mis à jour le 17/04/2016 par Xplode # Base de données : 2016-04-17.1 [Serveur] # Système d'exploitation : Windows 10 Home  (X86) # Nom d'utilisateur : Paul - DESKTOP-AQACG2A # Exécuté depuis : C:\Users\Paul\AppData\Local\Temp\mozOpenDownload\adwcleaner_5.112.exe # Option : Scanner # Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Dossiers ] *****

Dossier trouvé : C:\Users\Paul\AppData\Roaming\.acestream

***** [ Fichiers ] *****

***** [ DLL ] *****

***** [ Raccourcis ] *****

***** [ Tâches planifiées ] *****

***** [ Registre ] *****

***** [ Navigateurs ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [740 octets] - [19/04/2016 11:00:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [813 octets] ##########

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

Hm, did you start any other software before AdwCleaner ?

It really seems to be related to this, but I can't see any trace of it in your computer..

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Hello,

No, I had just opened Firefox and Thunderbird. This acestream malware really seems difficult to get rid of. Have you already had problems after installing this software?

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Apparently I am not the only one to have this problem of Acestream reappearance :

https://www.google.fr/search?q=acestream+disinfection&ie=utf-8&oe=utf-8&gws_rd=cr&ei=uwUWV8LoLImwatLzhogB

 

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Yes, but your computer doesn't seem to have some remainings, so we need to spot what is re-creating this folder at each reboot.

Since I didn't see it with ZHPDiag, we'll try with FRST :

  1. Download FRST
  2. Right-click on the file -> "Execute as Administrator"
  3. Click on the "Scan" button
  4. The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
  5. Please host them on Up2Share and share the generated links.

Best regards,

Re: AdwCleaner deletes acestream but it reappears after Windows start-up

Here are the logfiles (sorry for the delay to answer) :

https://up2sha.re/file?f=XXXXXX

https://up2sha.re/file?f=XXXXX