======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 18:19:23 on 10/10/2011, Normal boot Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Rafa莆A-HKL02E8FY3CFB ( ) ============== ACTION(S) ============== Folder deleted: C:\Documents and Settings\Rafa許Dane aplikacji\Mozilla\FireFox\Profiles\w6ucdgao.default\conduit Folder deleted: C:\Program Files\Ask.com Folder deleted: C:\Documents and Settings\Rafa許Ustawienia lokalne\Dane aplikacji\AskToolbar Folder deleted: C:\Documents and Settings\Rafa許Dane aplikacji\OpenCandy Folder deleted: C:\Documents and Settings\Rafa許Ustawienia lokalne\Dane aplikacji\OpenCandy (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\Rafa許Dane aplikacji\Mozilla\FireFox\Profiles\w6ucdgao.default\Prefs.js -- /!\ Unable to open the file, cleaning interrupted /!\ -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key deleted: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKLM\Software\AskToolbar Key deleted: HKLM\Software\Conduit Key deleted: HKCU\Software\AskToolbar Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [7.0.1 (pl)] **** Plugins\npVividasPlayer.dll ( ) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Rafa許Dane aplikacji\Mozilla\FireFox\Profiles\w6ucdgao.default -- Extensions\belle.starr.colt@gmx(2).com (The Saloon Bar) Extensions\foxyproxy@eric.h.jung (FoxyProxy Standard) Extensions\saloonbar@ligny.org(2).uk (The Saloon Bar) Extensions\selectionlinks@floriangilles.com (Selection Links) Extensions\translator@zoli(2).bod (Google Translator for Firefox) Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) (Microsoft .NET Framework Assistant) Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) (NoScript) Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (Free YouTube Download (Free Studio) Menu) Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Rafa許\Pulpit Prefs.js - browser.startup.homepage, hxxp://google.com Prefs.js - browser.startup.homepage_override.buildID, 20110928134238 Prefs.js - browser.startup.homepage_override.mstone, rv:7.0.1 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL) ======================================== C:\Program Files\Ad-Remover\Quarantine: 27 File(s) C:\Program Files\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 10/10/2011 18:20:12 (5616 Byte(s)) End at: 18:21:32, 10/10/2011 ============== E.O.F ==============