Search

Here are the logfiles (sorry for the delay to answer) :

https://up2sha.re/file?f=XXXXXX

https://up2sha.re/file?f=XXXXX

Hello,

Something else seems to recreate the key. I'll look with a ZHPDiag report :

• Download ZHPDiag from Nicolas on his website
• Then run it with administrator's rights (with right click)
• Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
• Then post the link in your reply

Best regards,

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysWOW64\h@tkeysh@@k.dll

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Web browsers ] *****

*************...

The file which has been opened by Edge is the BlueScreenView report (you can see the path to the file in the adressbar on the top).

Can you copy this file to your Desktop : C:\WINDOWS\Minidump\041916-112203-01.dmp and create a zip archive from this file ?

Then, host it on https://up2sha.re, and paste here the generated link.

Best regards,

Yes, but your computer doesn't seem to have some remainings, so we need to spot what is re-creating this folder at each reboot.

Since I didn't see it with ZHPDiag, we'll try with FRST :

1. Download FRST
2. Right-click on the file -> "Execute as Administrator"
3. Click on the "Scan" button
4. The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
5. Please host them on Up2Sha...

Apparently I am not the only one to have this problem of Acestream reappearance :

https://www.google.fr/search?q=acestream+disinfection&ie=utf-8&oe=utf-8&gws_rd=cr&ei=uwUWV8LoLImwatLzhogB

OK Here it is:

# AdwCleaner v5.112 - Logfile created 19/04/2016 at 05:34:03
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Steve - STEVESPC
# Running from : C:\Users\Steve\Downloads\adwcleaner_5.112.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Fo...

Hello,

No, I had just opened Firefox and Thunderbird. This acestream malware really seems difficult to get rid of. Have you already had problems after installing this software?

OK here it is:

Windows PowerShell Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\Users\Steve> Get-Process

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id  SI ProcessName
 -------  ------    -----      ----- -----   ------     --  -- -----------
    659      41    88744      20340   483    31.63   7860   1 Adguard
    1230      65   173272      44460   514    ...

Hello,

Hm, did you start any other software before AdwCleaner ?

It really seems to be related to this, but I can't see any trace of it in your computer..