the last version 5030 unable to find pricefountain like malwarebytes:
C:\Users\user\AppData\Local\SceptresAlveoli\griefweighmen.dll
adwcleaner is a great software and it works! But from time to time I encounter a severe problem: adwcleaner says “adwcleaner_5.027.exe (or _5.030) has encounted a problem and needs to close”. And the file adwcleaner_x.xxx.exe disappears from its location!! When opened from ERD commander, it says “can't load SQLite3.dll, although that SQLite3.dll resides in WINDOWS directory!
you need to make sure to uninstall pricefountain also, for example:
c:/users/user/appdata/dogcacherdespatching/*.dll
URGENT -- Attn: AdWare Developer -- MAJOR Bug Report for v5.019
I just downloaded and attempted to run the current version...but AdWare fails to run and crashes before opening.
Here is what happens:
1. Open File window opens after clicking on the .exe file.
2. Clicking Run on Open File window results in a window opening with an error message.
3. The error message simply states AdWare Cleaner encountered an unknown problem, etc. The error window offers a Debug button. I simply closed it out.
4. I ran version 4.2xx. It opened and worked fine.
NEXT ISSUE: v4.2xx identified about 11 registry keys as a threat. After manually locating each registry key, all registry key were associated with variations of "Download.SwInstaller" and "NCTAudioFile2.DLL". Extensive Google searching didn't uncover any meaningful info about the nature of those two 'things'. So, I didn't let Adware delete them. DO YOU KNOW WHY ADWARE PEGGED THOSE REGISTRY KEYS AS THREATS?
*** Sir Xplode, I wish to profusely thank you for sharing Adware with the world. Your Adware saved my PC more than once over the years. Bless you!
Bonjour.
Peut-être un faux positif (5 clés de registre se rapportant à la même Application, (K-Lite codec pack pour ne pas la citer). Détection apparue avec la 5.010. A savoir :
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
correspondant à un" WORM_LOVGATE..." (dans vsfilter.dll sauf erreur)
Possible d'avoir confirmation faux positif ou pas ?
Merci d'avance, cordialement.
Here is the translation to English. I just used Google.
Then I took a screen shot of WinUpdateFix. The you can change the instruction boxes to English. Then print out the altered picture and use that for reference.
[Systeme]
[System]
OS : Microsoft Windows 7
SP : Pas de données
SP : No Data
Architecture : 64 bits
Session en cours : Corentin
Session : Current
[Windows Update]
Etat : Démarré
State : Started
Actif (2)
Active (2)
Dernière Maj effectuée le
Last Shift effected
Date time
Activer
Activate
[Services]
Mises á jour automatiques
Automatic Updates
Etat : Démarré
State : Started
Statut : Automatigue
Status : Automatic
[Bits]
Etat : Démarré
State : Started
Statut : Automatigue
Status : Automatic
[Service de cryptographie]
[Cryptographic Service]
Etat : Démarré
State : Started
Statut : Automatigue
Status : Automatic
[Actions]
Effacer le cataloque des mises á jour
Clear the catalog updates
Réinscrire les Dll
Regester the DLLs
Vider le dossier Software Distribution
Empty the Software Distribution folder
Réínitialíser les paramétres Winsock
Reset Winsock Settings
Supprimer les fichiers temporaires
Delete temporary files
Reinitialiser les descripteurs de securite
Reset security descriptors
Supprimer le proxy
Remove proxy
Restaurer les policies
Restore policies
Effacer la file d'attente BITS
Clear the BITS queue
[Sélection]
[Selection]
Tous Aucun
All No
Exécuter
Execute
[Diagnostic]
Créer un rapport de
diagnostic
Create a diagnostic
report
j avais téléchargé \Between Lines# que j ai supprimé dans les extensions sur firefox mais pour être tranquille j ai téléchargé Adw cleaner ,j aimerais savoir si je dois supprimer ce que Adw cleaner trouve ou pas car dans l ignorance je lui ai fait supprimer seulement between lines , inutile de vs dire que je n y comprends pas grand chose ! merci d avance Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
[x] Non Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz
Dossier Supprimé : C:\Program Files (x86)\Between Lines
[x] Non Supprimé : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\xb4g5o81.default\user.js
***** [ Tâches planifiées ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
[x] Non Supprimée : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[x] Non Supprimée : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
[x] Non Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[x] Non Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[x] Non Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[x] Non Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[x] Non Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[x] Non Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[x] Non Supprimée : HKCU\Software\eSupport.com
[x] Non Supprimée : HKCU\Software\DriverWhiz
[x] Non Supprimée : HKCU\Software\Local AppWizard-Generated Applications
[x] Non Supprimée : [x64] HKCU\Software\eSupport.com
[x] Non Supprimée : [x64] HKCU\Software\DriverWhiz
[x] Non Supprimée : [x64] HKCU\Software\Local AppWizard-Generated Applications
[x] Non Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride]
***** [ Navigateurs ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 fr)
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [2120 octets] - [27/04/2015 10:42:54]
AdwCleaner[S0].txt - [2100 octets] - [27/04/2015 10:45:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2160 octets] ##########
Hi
I have downloaded a newer version of adwcleaner 4.113, still it cannot detect and remove the infected Babylon registry keys...
secman.DLL\
HKLM\SOFTWARE\Classes\AppID\
secman.OutlookSecurityManager.1\
HKLM\SOFTWARE\Classes\
secman.OutlookSecurityManager\
HKLM\SOFTWARE\Classes\
secman.DLL\
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Download the latest version 4.113... still cannot remove the infected registry keys below....
secman.DLL\
HKLM\SOFTWARE\Classes\AppID\
secman.OutlookSecurityManager.1\
HKLM\SOFTWARE\Classes\
secman.OutlookSecurityManager\
HKLM\SOFTWARE\Classes\
secman.DLL\
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\