======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Launched at 12:53:32 on 26/07/2011, Normal boot Microsoft Windows 7 Home Premium Service Pack 1 (X64) Madzia@MARCIN-KOMPUTER (Acer Aspire 5740) ============== SEARCH ============== File found: C:\Program Files (x86)\Mozilla FireFox\extensions\dealio@mybrowserbar.com File found: C:\Program Files (x86)\Mozilla Firefox\extensions\searchsettings@spigot.com Folder found: C:\Users\Madzia\AppData\LocalLow\AskToolbar Folder found: C:\Users\Madzia\AppData\LocalLow\Dealio Folder found: C:\Program Files (x86)\Dealio Toolbar Folder found: C:\Program Files (x86)\Application Updater Folder found: C:\Users\Madzia\AppData\Local\OpenCandy Folder found: C:\Users\Madzia\AppData\LocalLow\Search Settings Folder found: C:\Program Files (x86)\Search Settings Folder found: C:\ProgramData\Trymedia Key found: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key found: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key found: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Key found: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Key found: HKLM\Software\Classes\SearchSettings.BHO Key found: HKLM\Software\Classes\SearchSettings.BHO.1 Key found: HKLM\Software\Application Updater Key found: HKLM\Software\Dealio Key found: HKLM\Software\Search Settings Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\AutocompletePro Key found: HKCU\Software\AutocompleteProBHO Key found: HKCU\Software\Zugo Key found: HKCU\Software\AppDataLow\Software\Dealio Key found: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19 Key found: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91} Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0.1 (pl)] **** Plugins\npDivxPlayerPlugin.dll (DivX, Inc) Plugins\npwachk.dll (Nullsoft, Inc.) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) HKLM_Extensions|{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa HKCU_Extensions|{EB132DB0-A4CA-11DF-9732-0E29E0D72085} - C:\Program Files (x86)\profilinstylin\profilinstylin -- C:\Users\Madzia\AppData\Roaming\Mozilla\FireFox\Profiles\5nv3ngd3.default -- Extensions\nostmp (?) Extensions\{3a28245c-0db8-496b-9e54-3478518d9524} (Rozszerzenia Aukcjoner.pl) Prefs.js - browser.download.lastDir, C:\\Users\\Madzia\\Downloads\\pliki do reklam\\Nowy folder Prefs.js - browser.search.defaultenginename, Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official Prefs.js - browser.startup.homepage_override.buildID, 20110707182747 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0.1 ======================================== **** Google Chrome Version [12.0.742.122] **** Extension\dhkplhfnhceodhffomolpfigojocbpcb (C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx) (x) Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?) Extension\gfofmjijdndbbfdfchibahfdlhncfhne (C:\Program Files (x86)\profilinstylin\extension_2_5_1.crx) (?) Extension - jfmjfhklogoienhpfnppmbcbjfjnkonk (x) Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?) -- C:\Users\Madzia\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://search.babylon.com/home?AF=15627 Preferences - homepage_is_newtabpage: true Plugin - Windows Live\u0099 Photo Gallery (Enabled: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll) Plugin - "Windows Live\u0099 Photo Gallery" (Enabled: true) Plugin - "DivX Player" (Enabled: true) Plugin - "DivX Player Netscape Plugin" (Enabled: true) Plugin - "Picasa" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.7601.17514] **** HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5740&r=27360110l726l0318z1j5t59k1d749 HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5740&r=27360110l726l0318z1j5t59k1d749 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5740&r=27360110l726l0318z1j5t59k1d749 HKCU_SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "Web Search..." (hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp) HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerm...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} (x) HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (x) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?) HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (x) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) BHO\{21A88CB9-84D2-4020-A2D1-B25A21034884} - "HistoryTriggerBHO Class" (C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll) BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5