======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Launched at 01:12:03 on 18/02/2012, Normal boot Microsoft Windows 7 Home Premium Service Pack 1 (X64) oem@MICHAL-KOMPUTER (Dell Inc. Studio 1749) ============== SEARCH ============== File found: C:\Users\oem\AppData\Roaming\Mozilla\FireFox\Profiles\oskxa2wh.default\searchplugins\askcom.xml Folder found: C:\Users\oem\AppData\Roaming\OpenCandy Folder found: C:\Users\oem\AppData\Local\OpenCandy -- File opened: C:\Users\oem\AppData\Roaming\Mozilla\FireFox\Profiles\oskxa2wh.default\Prefs.js -- Line found: user_pref("browser.search.order.1", "Ask.com"); -- File closed -- Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [10.0.1 (pl)] **** Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\KavAntiBanner@kaspersky.ru_bak (Blokowanie banerów ) Extensions\linkfilter@kaspersky.ru_bak (Kaspersky URL Advisor ) HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKLM_Extensions|virtualKeyboard@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru HKLM_Extensions|KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru HKLM_Extensions|linkfilter@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 -- C:\Users\oem\AppData\Roaming\Mozilla\FireFox\Profiles\oskxa2wh.default -- Searchplugins\askcom.xml (?) Searchplugins\startsear.xml (?) Prefs.js - browser.download.dir, C:\\Users\\oem\\Videos\\death note Prefs.js - browser.download.lastDir, C:\\Users\\oem\\Downloads Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ Prefs.js - browser.startup.homepage_override.buildID, 20120208060813 Prefs.js - browser.startup.homepage_override.mstone, rv:10.0.1 Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= ======================================== **** Google Chrome Version [17.0.963.56] **** -- C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.google.pl/ Preferences - homepage_is_newtabpage: false Plugin - Shockwave Flash (Enabled: false) (C:\Users\oem\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll) Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x) Plugin - "Remoting Viewer" (Enabled: true) Plugin - Native Client (Enabled: true) (C:\Users\oem\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll) Plugin - "Native Client" (Enabled: true) Plugin - "Java" (Enabled: true) Plugin - "Winamp Application Detector" (Enabled: true) Plugin - "Silverlight" (Enabled: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://www.google.pl/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerm...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Wyślij do interfejsu Bluetooth" (c:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik rejestrowania za pomocą identyfikatora Windows Live" (C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 18/02/2012 01:12:08 (5960 Byte(s)) End at: 01:12:57, 18/02/2012 ============== E.O.F ==============