======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Launched at 21:07:39 on 09/01/2012, Normal boot Microsoft Windows 7 Home Premium Service Pack 1 (X64) Kwas@KWAS-KOMPUTER (Acer Aspire 5738) ============== SEARCH ============== Folder found: C:\Users\Kwas\AppData\LocalLow\Toolbar4 Key found: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key found: HKLM\Software\Conduit Key found: HKCU\Software\Conduit ============== ADDITIONNAL SCAN ============== **** Google Chrome Version [16.0.912.75] **** Extension\fheoggkfdfchfphceeifdbepaooicaho (C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx) (?) Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoods.crx) (?) Extension\pbiamblgmkgbcgbcgejjgebalncpmhnp (C:\Program Files (x86)\StartSearch plugin\vshareplg.crx) (x) -- C:\Users\Kwas\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://google.pl/ Preferences - homepage_is_newtabpage: false Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x) Plugin - Native Client (Enabled: true) (C:\Users\Kwas\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll) Plugin - Windows Live\u0099 Photo Gallery (Enabled: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll) Plugin - "Java" (Enabled: true) Plugin - "Silverlight" (Enabled: true) Plugin - "Remoting Viewer" (Enabled: true) Plugin - "Native Client" (Enabled: true) Plugin - "McAfee SiteAdvisor" (Enabled: true) Plugin - "Windows Live\u0099 Photo Gallery" (Enabled: true) Plugin - "Power Challenge Loader" (Enabled: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5738&r=27360510d316l0318z1h5t4711v719 HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://www.google.com HKLM_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5738&r=27360510d316l0318z1h5t4711v719 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://www.google.com HKCU_URLSearchHooks|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - "McAfee SiteAdvisor Toolbar" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll) HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=iron&s={searchTerms}&f=4) HKLM_SearchScopes\{40713263-D7D6-4292-A816-12EF0B40E6F8} - "Web Search" (hxxp://startsear.ch/?aff=2&src=sp&cf=6162fe83-1e09-11e1-acb0-001f16cfb0c9&q={sea...) HKLM_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "Web Search" (hxxp://startsear.ch/?aff=2&src=sp&cf=6162fe83-1e09-11e1-acb0-001f16cfb0c9&q={sea...) HKCU_Toolbar\WebBrowser|{338B4DFE-2E2C-4338-9E41-E176D497299E} (C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll) HKCU_Toolbar\WebBrowser|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll) HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll) HKLM_Toolbar|{338B4DFE-2E2C-4338-9E41-E176D497299E} (C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll) HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll) HKLM_Toolbar|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{81B3BF28-1A79-40aa-849D-CAA11AA60629} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addprinter.exe (?) HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com) BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~2\mcafee\msk\mskapbho.dll) BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll) BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik logowania za pomocą identyfikatora Windows Live" (C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll) BHO\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - "IEPluginBHO Class" (C:\Users\Kwas\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll) BHO\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - "SMTTB2009 Class" (C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 09/01/2012 21:08:02 (6057 Byte(s)) End at: 21:10:03, 09/01/2012 ============== E.O.F ==============