False Detection by AdwCleaner

Hello,

Can you provide the full report please ?

Regards,

Here is report

# AdwCleaner v5.009 - Logfile created 28/09/2015 at 15:22:01
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : loewy - TESTWS-W7-1
# Running from : C:\Users\administrator\Downloads\AdwCleaner_2015-09-28.exe
# Option : Cleaning # Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [681 bytes] ##########

I confirm this false. Here how this task looks in RSIT log:

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hello,

Thank your for the feedback, we are handling it as soon as possible.

Regards,

One more false positive in Tasks section:

Задание Найдено : ASUS Splendid ColorU

And here line from RSIT log:

C:\WINDOWS\system32\tasks\ASUS Splendid ColorU - C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe 

And here from FRST log same system:

Task: {18BB4FA0-1AD7-4E4C-A06C-88D406A531A6} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-08] (ASUSTeK Computer Inc.) 

Hello,

All these FP are caused by a tasks generic detection. This detection will be fixed in v5.010.

Regards,

Hi, adwcleaner say that this firefox extension {b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi is Ad/Malware, but it is the orginal "Easy Youtube Video Downloader Express 9.02" from Addons Mozilla.org 

https://addons.mozilla.org/de/firefox/addon/easy-youtube-video-download/

So i think it is false positive. Please fix it. Thanks

Hi,

False positive fixed.

Regards,

Hi,

False positive fixed.

Regards,

---

Xplode, 2015-10-07 06:51:03 (UTC)

Xplode, thank you very much for really helpful software - AdwCleaner, it helped me a lot to save my nerves and bring back fine working my PC! You are great person!:)

Hello,

All these FP are caused by a tasks generic detection. This detection will be fixed in v5.010.

Regards,

---

Xplode, 2015-10-04 09:28:04 (UTC)

P.S And i signed up specially to express thanks!

Hello,

ADWCleaner 5.013 delete the service HealthAlertsSvc which is used by the Windows Home Server Connector.

Can you fix it please ?

Thanks

Hello,

Can you send me the content of this task file ?

Regards,

Hello,

here is the report

# AdwCleaner v5.013 - Rapport créé le 15/10/2015 à 09:18:04
# Mis à jour le 09/10/2015 par Xplode
# Base de données : 2015-10-13.2 [Serveur]
# Système d'exploitation : Windows 7 Professional Service Pack 1 (x86)
# Nom d'utilisateur : Alexandra - POSTE1-PC
# Exécuté depuis : C:\Users\Alexandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72S10JLW\adwcleaner_5.013.exe
# Option : Nettoyer
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Supprimé : HealthAlertsSvc

***** [ Dossiers ] *****

[-] Dossier Supprimé : C:\ProgramData\Ask

***** [ Fichiers ] *****


***** [ DLLs ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****

[-] Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MVS
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Navigateurs ] *****


*************************

:: Paramètres Winsock réinitialisés

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2846 octets] ##########

Thanks

Hello, can you please check if the following Firefox extensions are really Ad/Malware.

More Tools Menu 1.2.4.1-signed see also http://www.systemlookup.com/FF_Extensions/2151-9a7a67d3_3048_47fb_acde_d0f7ae51f86a_xpi.html

and

Super Drag 0.15.1-signed see also http://www.systemlookup.com/FF_Extensions/3197-superdrag_enjoyfreeware_org_xpi.html

Part of AdwCleaner Log

# AdwCleaner v5.023 - Bericht erstellt am 06/12/2015 um 10:41:12
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)

Datei Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03.frisch\Extensions\superdrag@enjoyfreeware.org.xpi
Datei Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03.frisch\Extensions\{9a7a67d3-3048-47fb-acde-d0f7ae51f86a}.xpi

Hello,

Both extensions have been removed from the database.

Regards,

Xplode.

hi

could you please take look at this LOG: i think it it a "false/positive"-detection. Im using "F-Secure internet security" and

this software is always installing plug-ins when the a browser is started for the first time after the installation. I created a new Windows-User Account and  F-Secure asked me (when i launched Firefox) if i want to install 2 plug-ins that are included with this f-secure-software. I installed this plug-ins. ADW-cleaner report is attached but i think its a false/positive-detection.

# AdwCleaner v5.032 - Bericht erstellt am 03/02/2016 um 21:45:49
# Aktualisiert am 31/01/2016 von Xplode
# Datenbank : 2016-02-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : NRG1 - NRG1TSX62
# Gestartet von : C:\_xSET\adw_cleaner_LTD\adwcleaner_5.032.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

[C:\Users\ONEzzzztsx62\AppData\Roaming\Mozilla\Firefox\Profiles\0m4z3rwu.default\prefs.js] [Preference] Gefunden : user_pref("extensions.enabledAddons", "safesearch%40f-secure.com:1.06.116,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.3");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [884 Bytes] ##########

Hello,

I added "f-secure" to the whitelist, it shouldn't be detected now. It was detected because of the keyword "safesearch" which is often used by adwares.

Regards.

Hi

i scanned my Laptop with the latest Version of ADW-cleaner: there were two detections.The detection

fvd_speed_dial didnt appear in any previous versions of Your software so i think again its a false/positive.

Reg-Key ".snapdoc" is possibly  a false/positive too.. i reported this F/P-detection already some months ago:

https://toolslib.net/forum/viewthread/1369-firefox-addon-super-drag-false-detection/

thanks a lot and see yahhhh....!

# AdwCleaner v5.105 - Bericht erstellt am 25/03/2016 um 17:32:13 # Aktualisiert am 21/03/2016 von Xplode # Datenbank : 2016-03-24.4 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : xxxxxxxxxxxx # Gestartet von : C:\_xSET\adw_cleaner_LTD\adwcleaner_5.105.exe # Option : Suchlauf # Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

***** [ DLL ] *****

***** [ Verknüpfungen ] *****

***** [ Aufgabenplanung ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc

***** [ Internetbrowser ] *****

[C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\prefs.js] [Preference] Gefunden : user_pref("extensions.fvd_speed_dial.__remotead.adcache", "{\"createDate\":1449021322345,\"data\":[{\"id\":\"android_nimbus_clipper_1\",\"newUserDelay\":24,\"frameUrl\":\"hxxps://everhelper.me/remotea[...]

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1050 Bytes] - [20/03/2016 23:30:23] C:\AdwCleaner\AdwCleaner[S2].txt - [1124 Bytes] - [20/03/2016 23:40:03] C:\AdwCleaner\AdwCleaner[S3].txt - [1198 Bytes] - [21/03/2016 09:09:29] C:\AdwCleaner\AdwCleaner[S4].txt - [1470 Bytes] - [24/03/2016 20:26:01] C:\AdwCleaner\AdwCleaner[S5].txt - [1543 Bytes] - [24/03/2016 20:29:03] C:\AdwCleaner\AdwCleaner[S6].txt - [1616 Bytes] - [25/03/2016 00:02:33] C:\AdwCleaner\AdwCleaner[S7].txt - [1537 Bytes] - [25/03/2016 17:32:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1610 Bytes] ##########

Hello,

Can you export the registry key detected and send me its content ? 

FP related to Firefox preferences is fixed now.

Regards,

Hi Xplode,

Sorry for that delay! I just (today 18:07 P.M.) sent to you the informations you wanted: i used your contacts

web page ( https://toolslib.net/contact/ ) to send you an eMail with exported reg-key. I exported

the Reg-Key to a simple text-file. If you need more informations just post here again or send me

an eMail. You can find my eMail-adress in the message i just sent to you....

thx a lot for your support an see yahh soon!!