======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org E:\Programy\Ad-Remover\main.exe (SCAN [1]) -> Launched at 21:28:36 on 01/09/2011, Normal boot Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) tomekmateusz@REJ-5MT2P7ZEILT ( ) ============== SEARCH ============== File found: C:\Documents and Settings\tomekmateusz\Dane aplikacji\Readar_sl.exe Folder found: C:\Documents and Settings\tomekmateusz\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Documents and Settings\tomekmateusz\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\tomekmateusz\Ustawienia lokalne\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\tomekmateusz\Dane aplikacji\PriceGong -- File opened: C:\Documents and Settings\tomekmateusz\Dane aplikacji\Mozilla\FireFox\Profiles\m4k3stz3.default\Prefs.js -- Line found: user_pref("browser.search.selectedEngine", "qooqlle"); Line found: user_pref("browser.startup.homepage", "hxxp://www.qooqlle.com/"); -- File closed -- Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2031308 Key found: HKLM\Software\Classes\Toolbar.CT2475029 Key found: HKLM\Software\Classes\Toolbar.CT2786678 Key found: HKLM\Software\Classes\Toolbar.CT3031818 Key found: HKLM\Software\Conduit Key found: HKCU\Software\PriceGong Key found: HKCU\Software\Toolbar Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Readar_sl ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [6.0.1 (pl)] **** Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) HKLM_MozillaPlugins\Adobe Reader (x) HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\fcmdSrch.xml ( hxxp://start.facemoods.com/?a=ironto&f=4&q={searchTerms}/) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\tomekmateusz\Dane aplikacji\Mozilla\FireFox\Profiles\m4k3stz3.default -- Searchplugins\search.xml (?) Prefs.js - browser.search.selectedEngine, qooqlle Prefs.js - browser.startup.homepage, hxxp://www.qooqlle.com/ Prefs.js - browser.startup.homepage_override.mstone, false -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\4hhkn4gn.default -- Prefs.js - browser.startup.homepage_override.buildID, 20110830092941 Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.1 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://www.qooqlle.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4) HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic-Polska_ Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_ElevationPolicy\5089343b-37e0-4e82-9994-d18b788cb0a3 - C:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x) HKLM_ElevationPolicy\afeb88be-e343-4ca4-a565-5167d3afd27e - C:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x) HKLM_ElevationPolicy\c1c73736-e2cb-4c0b-8dcc-83697aa60cea - C:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x) HKLM_ElevationPolicy\da0ee874-2a11-4cee-b6d8-4d8b3e81e436 - C:\Program Files\MyAshampoo\MyAshampooToolbarHelper.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} - "Yahoo! Companion BHO" (C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) ======================================== E:\Programy\Ad-Remover\Quarantine: 0 File(s) E:\Programy\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-SCAN[1].txt - 01/09/2011 21:28:42 (1207 Byte(s)) End at: 21:28:58, 01/09/2011 ============== E.O.F ==============