bluesteftward

addition: additive scan with Malwarebytes (v3.5.1.2522): detected threats 0! => screen attached

sorry - that's wrong again! just using hide.me-VPNClient 1.3.5 with connection NL-free - and Adwcleaner is moaning the same. No change at all. and it's every time only IP-range "95.211. ...", if another IP (of NL) is chosen by hide.me-Client, the log of adwcleaner is 0 ("Detected: 0"). I'll give you (third time) the relevant log attached. AdwCleaner[S07].txt

Hi, (late reply, sorry) no fixing recognizable (actual scan AdwCleaner 7.2.1.0): ***** [ Registry ] ***** PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{851FC484-4221-459A-B8BE-7A3FB32BD8E9}|NameServer - "95.211.101.197" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{851FC484-4221-459A-B8BE-7A3FB32BD8E9}|NameServer - "95.211.101.196" ***** [ Chromium (and derivatives) ] ***** (...) => can't confirm! (actual log attached) -- AdwCleaner[S03].txt

delay here ditto - sorry. the whole logfile attached. AdwCleaner[S01].txt

adwcleaner (v7.2.0.0) running on win7 and 8.1, nagged on following 'PUP.Optional.Legacy': PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76044BAA-96EA-4BAE-8915-E7CCE2B7646B}|NameServer - "95.211.171.161" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76044BAA-96EA-4BAE-8915-E7CCE2B7646B}|NameServer - "95.211.171.160" these IPs are Leaseweb and part of VPN-hide.me (NL), since years! No reason - at all, to mention it as suspect in adwcleaner! => that's nonsense! other IPs from hide.me-NL weren't mention from this 'adwcleaner', only range "95.211."...

No! "add this detection to exclusions" - is not the problem. If you you've read a little bit more careful, ;) you've recognized, that the mentioned site ("www.privacy-handbuch.de"), even it's a german site, first of all deals with questions of security in internet! One of the authors has been part of JonDoNym, next to torbrowser one of the only projects dealing explicitly with security in internet! And that's source of the given file "user.js". It's (only) an addition(!) to a normal mozilla-firefox-profile! This addition is totally harmless - that's not difficult to detect. The addition is only a collection of configuration-steps to get a privacy-friendly firefox-profile (https://www.privacy-handbuch.de/handbuch_21u.htm)!! To avoid that a user has to add these steps manual via 'about:config' he/she can copy the file 'user.js' into the wanted firefox-profile. That's it! => so the alert of your program is redundant and in the end it's wrong.

file "user.js" from Privacy-Handbuch (= just an config-addition to a firefox-profile) https://www.privacy-handbuch.de/handbuch_21u.htm result virustotal.com: 0/52 https://www.virustotal.com/de/file/b94bf848d9ee3d1d2e13ac2dfa9bf32af47d31207a29e9a5484bb5ea3b03ab72/analysis/1486621004/ file + mbam-log attached. false_.zip