AdwCleaner deletes acestream but it reappears after Windows start-up

I redacted the links to your logfiles in your precedent message since they contained some "sensitive"/"private" informations.

I analyze the logfile and come back to you with more informations.

Thank you very much.

Hello,

Great ! I reproduced the problem. It's due to Rox Player, which is really tendancious (showings random ads, not updated for a quite long time...).

I added the detections to AdwCleaner, and we'll remove it manually there.

Download the file fixlist.txt and save it as "fixlist.txt" to the Desktop or where FRST is located.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

I advise you VLC as media player to remplace Rox : http://www.videolan.org/vlc/

Regards,

Here is the log :

Résultats de correction de Farbar Recovery Scan Tool (x86) Version:18-04-2016
Exécuté par Paul (2016-04-19 20:58:21) Run:1
Exécuté depuis C:\Users\Paul\Desktop
Profils chargés: Paul (Profils disponibles: Paul)
Mode d'amorçage: Normal

==============================================

fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
C:\Users\Paul\AppData\Roaming\.ACEStream
ROX Player version 1.480 (HKLM\...\ROX Player_is1) (Version: 1.480 - )
FirewallRules: [UDP Query User{37458320-9D44-4481-965C-D7B5CB6C4A12}C:\users\paul\appdata\local\rox player\roxplayer.exe] => (Block) C:\users\paul\appdata\local\rox player\roxplayer.exe 
C:\users\paul\appdata\local\rox player\roxplayer.exe
*****************

Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
avchv => service supprimé(es) avec succès
EsgScanner => service supprimé(es) avec succès
C:\Users\Paul\AppData\Roaming\.ACEStream => déplacé(es) avec succès
ROX Player version 1.480 (HKLM\...\ROX Player_is1) (Version: 1.480 - ) => Erreur: Pas de correction automatique trouvée pour cet élément.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{37458320-9D44-4481-965C-D7B5CB6C4A12}C:\users\paul\appdata\local\rox player\roxplayer.exe => valeur supprimé(es) avec succès
C:\users\paul\appdata\local\rox player\roxplayer.exe => déplacé(es) avec succès
EmptyTemp: => 455.7 MB données temporaires supprimées.

Le système a dû redémarrer.

==== Fin de Fixlog 20:58:36 ====

I must admit I used Roxplayer _ and tried Acestream _ only to watch torrent videos without having to download them. I already have Media player classic-home cinema to watch downloaded videos.

Ok.

Can you manually uninstall "Rox Player" from the Windows Settings ?

Then,

1. Download CCleaner from here, and install it.
2. Start CCleaner (there should be a shortcut on your Desktop)
3. Go in Options tab > Advanced, untick Only delete Windows temporary files older than 24 hours.
4. Then in Options  tab > Surveillance, untick the both boxes.
5. In the Clean tab, click on "Clean".
6. When the cleaning is done, go in the "Registry" tab, click on "Find errors" and then "Fix".

Tell me if everything is ok now, before we finish.

I have done that and I have also run AdwCleaner to see if the acestream fle was definitely deleted. Everything seemds to be OK.

I was far from thinking that the Roxplayer application did use the Acestream technology. Maybe the Acestream software has no malware itself (although the Magicplayer Firefox plugin has got a malware) but the Roxplayer software does have a malware.

Anyway I will no longer install any of these softwares. It was difficult enough to get rid of the malware associated with those sofwares.

I must thank you very much for all the help and efforts you made to solve my problem.

Kind regards.

Hello,

Ok. You may use DelFix to remove the other tools we used, and then it's done for me.

If you have any questions, don't hesitate to ask !

Best regards,

Hello,

The problem is definitely solved thanks to your kind help. I ran AdwCleaner this morning after switching on my PC and ther was no malware at all. Thank you very much once again.