======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Launched at 18:16:52 on 11/01/2012, Normal boot Microsoft Windows 7 Home Premium (X64) Karolina@KAROLINA-PC (SAMSUNG ELECTRONICS CO., LTD. R580/R590) ============== SEARCH ============== File found: C:\Users\Karolina\AppData\Roaming\Mozilla\FireFox\Profiles\nrvyz51o.default\searchplugins\web-search.xml Folder found: C:\Users\Karolina\AppData\Roaming\OpenCandy -- File opened: C:\Users\Karolina\AppData\Roaming\Mozilla\FireFox\Profiles\nrvyz51o.default\Prefs.js -- Line found: user_pref("extensions.enabledItems", "fastdial@telega.phpnet.us:3.4,{CAFEEFAC-0016-0000-0020-ABCDEFF... Line found: user_pref("extensions.vshare@toolbar.update.enabled", false); Line found: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="); Line found: user_pref("vshare.install.date", "1290988800000"); Line found: user_pref("vshare.install.finished", "1.0.0"); Line found: user_pref("vshare.install.guid", "{403193cb-d437-47d7-972b-f2bc1fb88ecf}"); Line found: user_pref("vshare.install.isHidden", true); Line found: user_pref("vshare.install.istoolbarhp", true); Line found: user_pref("vshare.install.istoolbarsearch", true); Line found: user_pref("vshare.install.laststatreq", "1320883200000"); Line found: user_pref("vshare.install.newtab", true); Line found: user_pref("vshare.install.overlayVersion", 1); -- File closed -- Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [9.0.1 (pl)] **** Plugins\npBitCometAgent.dll (BitComet) Plugins\NPCARDS.dll (Ganymede Technologies) Plugins\NPDARTS.dll (Ganymede Technologies) Plugins\npganymedenet.dll ( ) HKLM_MozillaPlugins\@ganymede/DARTS,version=1.0 (x) HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x) HKLM_MozillaPlugins\@nexon.net/NxGame (x) HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\fcmdSrch.xml ( hxxp://start.facemoods.com/?a=ddrnw&f=4&q={searchTerms}/) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension for Firefox ) -- C:\Users\Karolina\AppData\Roaming\Mozilla\FireFox\Profiles\nrvyz51o.default -- Extensions\DefaultManager@Microsoft (Default Manager) Extensions\fastdial@telega.phpnet.us (Fast Dial) Extensions\fastdialfx6@rouing3.addons.mozilla.org (Fast Dial Fx6) Extensions\IplextoALL@ALLPlayer.org (Iplex to ALLPlayer) Searchplugins\web-search.xml (?) Prefs.js - browser.download.lastDir, C:\\Users\\Karolina\\Desktop Prefs.js - browser.search.defaultenginename, Google Prefs.js - browser.startup.homepage, about:home Prefs.js - browser.startup.homepage_override.buildID, 20111220165912 Prefs.js - browser.startup.homepage_override.mstone, rv:9.0.1 Prefs.js - keyword.URL, hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= Prefs.js - privacy.popups.showBrowserMessage, false ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Default_Page_URL - hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search bar - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://www.gazeta.pl/0,0.html?p=125 HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "Web Search..." (hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp) HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4) HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKCU_Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788} - C:\Program Files\Microsoft Office\Office14\winproj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\windows\system32\TSWbPrxy.exe (x) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Wyślij do interfejsu Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik logowania za pomocą identyfikatora Windows Live" (C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~2\ALLPLA~1\Iplex\IplexToALLPlayer.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 11/01/2012 18:16:57 (6332 Byte(s)) End at: 18:17:41, 11/01/2012 ============== E.O.F ==============