======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org H:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 15:56:11 on 01/05/2011, Normal boot Microsoft Windows 7 Ultimate E Service Pack 1 (X86) Patryk@PATRYK-KOMPUTER ( ) ============== ACTION(S) ============== Folder deleted: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\conduit Folder deleted: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\ConduitEngine Folder deleted: H:\ProgramData\Viewpoint Folder deleted: H:\Program Files\Viewpoint (!) -- Temporary files deleted. -- File opened: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\Prefs.js -- Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 28 2011 20:21:01 GMT+0200"); Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 28 2011 20:21:01 GMT+0200"); Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "f936a326-d454-4095-b874-123b4d49317a"); -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key deleted: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key deleted: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key deleted: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2031308 Key deleted: HKLM\Software\Classes\Toolbar.CT2206084 Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\MetaStream Key deleted: HKLM\Software\Viewpoint Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\Toolbar Key deleted: HKLM\Software\Cheat Engine\OpenCandy Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.16 (pl)] **** Plugins\npdnu.dll (AOL LLC) Plugins\npdnupdater2.dll (AOL LLC) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms}) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\adapter@babylontc.com (Babylon Spelling and Proofreading) Extensions\arcabit@www.arcabit.pl (ArcaBit Ext.) Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension ) HKLM_Extensions|smartwebprinting@hp.com - H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKLM_Extensions|{EB132DB0-A4CA-11DF-9732-0E29E0D72085} - H:\Program Files\Object\facetheme HKCU_Extensions|smartwebprinting@hp.com - H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKCU_Extensions|{EB132DB0-A4CA-11DF-9732-0E29E0D72085} - H:\Program Files\Object\facetheme -- H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default -- Extensions\ffxtlbr@babylon.com (Babylon) Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} (AOL Toolbar) Searchplugins\aol-search.xml (?) Prefs.js - browser.download.lastDir, H:\\Users\\Patryk\\Music Prefs.js - browser.search.defaultenginename, Start Searcher Prefs.js - browser.search.defaulturl, hxxp://www.startsearcher.com/?q= Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.startsearcher.com Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16 Prefs.js - keyword.URL, hxxp://www.startsearcher.com/?src=kw&q= ======================================== **** Google Chrome Version [11.0.696.60] **** Extension\dhkplhfnhceodhffomolpfigojocbpcb (H:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx) (?) -- H:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default -- Plugin - Windows Genuine Advantage (Enabled: true) (H:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll) Plugin - "Windows Genuine Advantage" (Enabled: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ AboutUrls|Blank - hxxp://www.startsearcher.com/tab.php?src=blank HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=iron&s={searchTerms}&f=4) HKCU_SearchScopes\{C0C3B9B4-05E8-4CEB-B73E-ED133B3842A4} - "Search" (hxxp://www.startsearcher.com/?q={searchTerms}&src=IE) HKLM_SearchScopes\{C0C3B9B4-05E8-4CEB-B73E-ED133B3842A4} - "Search" (hxxp://www.startsearcher.com/?q={searchTerms}&src=IETB) HKCU_Toolbar\WebBrowser|{BA00B7B1-0351-477A-B948-23E3EE5A73D4} (H:\Program Files\AOL Toolbar\aoltb.dll) HKLM_Toolbar|{4064EA35-578D-4073-A834-C96D82CBCF40} (I:\Hax\Save Flash\SaveFlash.dll) HKLM_Toolbar|{ba00b7b1-0351-477a-b948-23e3ee5a73d4} (H:\Program Files\AOL Toolbar\aoltb.dll) HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (H:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll) HKLM_ElevationPolicy\${ELV_GUID} - H:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.) HKLM_ElevationPolicy\b4058623-8401-45b0-8369-0d7d7bb6b547 - H:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - H:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - H:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - H:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{7BD9A644-9DC6-42be-8872-CBF5524276BD} - H:\Program Files\Common Files\Software Update Utility\dnu.exe (AOL LLC) HKLM_ElevationPolicy\{d683a490-b78d-4345-b55e-be96b973cbb5} - h:\program files\aol toolbar\aoltbServer.exe (AOL Inc.) HKLM_Extensions\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} - "Sothink SWF Catcher" (H:\Program Files\Common Files\SourceTec\SWF Catcher\SWFCatcher.dll,128) HKLM_Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - "Translate this web page with Babylon" (H:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll,202) BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (H:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll) BHO\{3ef64538-8b54-4573-b48f-4d34b0238ab2} - "AOL Toolbar Loader" (H:\Program Files\AOL Toolbar\aoltb.dll) BHO\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} - "Facetheme" (H:\Program Files\Object\bho_project.dll) BHO\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - "Babylon IE plugin" (H:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll) ======================================== H:\Program Files\Ad-Remover\Quarantine: 49 File(s) H:\Program Files\Ad-Remover\Backup: 15 File(s) H:\Ad-Report-CLEAN[1].txt - 01/05/2011 15:56:21 (9477 Byte(s)) End at: 15:56:52, 01/05/2011 ============== E.O.F ==============