Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner question/ammendment?


  • Please log in to reply
7 replies to this topic

#1 RobinHoodSnr

RobinHoodSnr

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:10:39 PM

Posted 21 October 2013 - 12:17 PM

Hi Folks...I tried the latest AdwCleaner, and it detected "VUZE" as a threat...I use VUSE with great success ( its a torrend downloader though ). How can i get in touch with the AdwCleaner-Developers? Thing is, as its NOT a threat, it might delete Vuze and i doubt folks using it, will be happy when they realize their Torrend Downloader is gone....just a thought...

 

Regards

Robin


...We all know something...but we will NEVER know everything :grinner:

 

Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )

 

("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 21 October 2013 - 03:06 PM

I will let the developer know.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Xplode

Xplode

  • Security Colleague
  • 74 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 21 October 2013 - 04:16 PM

Hi,

 

AdwCleaner detects Vuze toolbar, not the program itself. Can you post your AdwCleaner's logfile please ?

 

Regards.



#4 RobinHoodSnr

RobinHoodSnr
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:10:39 PM

Posted 22 October 2013 - 12:12 AM

Hi,

 

AdwCleaner detects Vuze toolbar, not the program itself. Can you post your AdwCleaner's logfile please ?

 

Regards.

I see it also detects "Toolbar Cleaner"...which as far as i know, is also Legit... --->

***** [ Files / Folders ] *****
Folder Found C:\Program Files\Toolbar Cleaner
Folder Found C:\Program Files\Vuze

***** [ Shortcuts ] *****


***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]

Edited by RobinHoodSnr, 22 October 2013 - 12:34 AM.

...We all know something...but we will NEVER know everything :grinner:

 

Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )

 

("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)


#5 hilarleo

hilarleo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 22 October 2013 - 07:21 AM

I just used AdwCleaner on my Windows7 machine and now I cant find my Vuze /Azureus program either.

It seems as if the folder the torrent client lived in got targeted.

("Folder Deleted : C:\Program Files (x86)\Vuze")
Here's the log below. Thanks for all your help.

-Leo

*  *  *

# AdwCleaner v3.010 - Report created 22/10/2013 at 04:21:54
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : LeoSafeT - OWNER-PC
# Running from : C:\Users\LeoSafeT\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Users\Owner\AppData\Local\apn
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Owner\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Owner\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\LeoSafeT\AppData\Local\apn
Folder Deleted : C:\Users\LeoSafeT\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\LeoSafeT\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\LeoSafeT\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\Babylon
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\Systweak
Folder Deleted : C:\Users\LeoSafeT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\LeoSafeT\Documents\optimizer pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rv8sv8mg.Leo,2012,627\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\LeoSafeT\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\LeoSafeT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\Extensions\torntv2@torntv.com.xpi
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\invalidprefs.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ein2xj8s.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ein2xj8s.default\searchplugins\Web Search.xml
File Deleted : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ein2xj8s.default\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rv8sv8mg.Leo,2012,627\user.js
File Deleted : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\user.js
File Deleted : C:\Users\LeoSafeT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\536df8cbc69ef46
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emule-plus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emule-plus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_java-runtime-environment_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_java-runtime-environment_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_shareaza_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_shareaza_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSysControl
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ein2xj8s.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "801e8e3700000000000064d4da22c8c1");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15563");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110795&tt=090812_bab_3212_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:59:48");
Line Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Line Deleted : user_pref("extensions.mmsearch.mmsearch-freesearchengines", "4050f_vWeb Search Pro - Search Enginesf_vhxxp://websearchpro.captaincaveman.nl/?id=search_engines&subid=search&q=f_vcompuf_vdata:image/png;[...]
Line Deleted : user_pref("extensions.mmsearch.mmsearch-freesearchgroups", "businf_vBusinessf_vchrome://websearchpro/skin/websearchpro_toolbar_free_business.pngf_gcompuf_vComputer / Technologyf_vchrome://websearchpro[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "BestVideoDownloader,BestVideoDownloader,");
Line Deleted : user_pref("extentions.y2layers.installId", "75e581a5-06b0-4e20-af72-508f95f9479c");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rv8sv8mg.Leo,2012,627\prefs.js ]


[ File : C:\Users\LeoSafeT\AppData\Roaming\Mozilla\Firefox\Profiles\s1irsf6z.default\prefs.js ]

Line Deleted : user_pref("CT3227981.FF19Solved", "true");
Line Deleted : user_pref("CT3227981.UserID", "UN25644646868306295");
Line Deleted : user_pref("CT3227981.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3227981.fullUserID", "UN25644646868306295.IN.20130803165959");
Line Deleted : user_pref("CT3227981.installDate", "03/08/2013 16:59:58");
Line Deleted : user_pref("CT3227981.installSessionId", "{5B8D8E4E-43F0-4725-AD39-E0554C6CC453}");
Line Deleted : user_pref("CT3227981.installSp", "true");
Line Deleted : user_pref("CT3227981.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3227981.keyword", "true");
Line Deleted : user_pref("CT3227981.originalHomepage", "hxxp://www.google.com/");
Line Deleted : user_pref("CT3227981.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3227981.originalSearchEngine", "");
Line Deleted : user_pref("CT3227981.originalSearchEngineName", "");
Line Deleted : user_pref("CT3227981.searchRevert", "false");
Line Deleted : user_pref("CT3227981.searchUserMode", "2");
Line Deleted : user_pref("CT3227981.smartbar.homepage", "true");
Line Deleted : user_pref("CT3227981.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3227981.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227981&octid=CT3227981&SearchSource=61&CUI=UN25644646868306295&UM=2&UP=SP5B3D24CB-46F4-44AE-9891-94C14B638ACD");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario7 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&CUI=UN25644646868306295&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.google.com/|hxxp://piratestation.net/site/|hxxp://piratestation.net/webplayer/128k-b/");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.id", "801e8e3700000000000064d4da22c8c1");
Line Deleted : user_pref("extensions.delta.instlDay", "15792");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.010:04:23");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22981172);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tuguu");
Line Deleted : user_pref("extensions.helperbar.installationid", "a6d0fe77-735c-814e-9e50-ef39fe6430fd");
Line Deleted : user_pref("extensions.helperbar.installdate", "10/09/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "tuguu");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D7E3A917-4533-4B23-BA0F-E001743DCEC0&n=77fce256&p2=^XP^xdm589^S05999^ca&si=9158");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013061718");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm589^S05999^ca");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "9158");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "D7E3A917-4533-4B23-BA0F-E001743DCEC0");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1371628494020");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "hxxp://video.citytv.com/video/detail/2472332784001.000000/auditions/");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "91754");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3227981");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN25644646868306295&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3227981&octid=CT3227981&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&CUI=UN25644646868306295&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3227981");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3227981");
Line Deleted : user_pref("smartbar.machineId", "FNEMJCDR8VCUI1BMYZCVWEQOUAXXRXXPHRATSUPEWOLMTK5RJ+DKDQZJCMH8EDDX8MRZFXOFVOT/CJJWLHOY/W");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN25644646868306295&UM=2&SearchSource=13");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

[ File : C:\Users\LeoSafeT\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [26708 octets] - [21/10/2013 09:55:31]
AdwCleaner[S0].txt - [26464 octets] - [22/10/2013 04:21:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26525 octets] ##########
 



#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:03:39 PM

Posted 23 October 2013 - 02:06 PM

IMHO, they should give option to choose which adware/PUP the user wants to remove. Some people like the software which others may think is adware. Just a difference of opinion :)



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:39 PM

Posted 23 October 2013 - 02:16 PM

IMHO, they should give option to choose which adware/PUP the user wants to remove. Some people like the software which others may think is adware. Just a difference of opinion :)

In the latest versions of Adwcleaner, you should be able uncheck the items you don't want to remove. Still, false positives of items which are not adware and the like should be removed which the developers work to do :)

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 23 October 2013 - 03:14 PM

A search should always be performed first so the detections can be reviewed. When first run AdwCleaner includes options under the tabs to show what was found and to allow disabling detections you want to keep. The only things you can't uncheck is Chrome and Firefox preferences lines but you still can view them in the "Chrome" and "Firefox" tab.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users