# AdwCleaner v4.200 - Logfile created 30/03/2015 at 18:46:50 # Updated 29/03/2015 by Xplode # Database : 2015-03-29.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : krzysztof - LENOVO # Running from : C:\Users\krzysztof\Downloads\adwcleaner_4.200.exe # Option : Scan ***** [ Services ] ***** Service Found : IHProtect Service Service Found : WindowsMangerProtect ***** [ Files / Folders ] ***** File Found : C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\bprotector web data File Found : C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Found : C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage File Found : C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage-journal File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\bprotector_extensions.sqlite File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\bprotector_prefs.js File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\searchplugins\Askcom.xml File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\searchplugins\bingp.xml File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\searchplugins\claro.xml File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\searchplugins\do-search.xml File Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\user.js File Found : C:\windows\System32\roboot64.exe Folder Found : C:\Program Files (x86)\Play Folder Found : C:\Program Files (x86)\XTab Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\IBUpdaterService Folder Found : C:\ProgramData\IHProtectUpDate Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\WindowsMangerProtect Folder Found : C:\Users\KRZYSZ~1\AppData\Local\Temp\mt_ffx Folder Found : C:\Users\krzysztof\AppData\LocalLow\Claro LTD Folder Found : C:\Users\krzysztof\AppData\Roaming\Babylon Folder Found : C:\Users\krzysztof\AppData\Roaming\Claro Folder Found : C:\Users\krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Folder Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\Extensions\fftoolbar2014@etech.com Folder Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\Extensions\istart_ffnt@gmail.com Folder Found : C:\Users\krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\hyp8xk8j.default\Extensions\searchengine@gmail.com Folder Found : C:\Users\krzysztof\AppData\Roaming\PerformerSoft Folder Found : C:\Users\krzysztof\SupTab ***** [ Scheduled tasks ] ***** Task Found : BrowserProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll Key Found : HKCU\Software\52538ad9bc3cbe41 Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found : HKCU\Software\Microsoft\ClaroDirectory Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4316752A-F501-4CC4-8A75-43C38A65DA89} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\1AFADF79F38E4316A02C3BB0DF5E43F9 Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKCU\Software\Mozilla\Extends Key Found : HKCU\Software\Softonic Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\DataMngr_Toolbar Key Found : [x64] HKCU\Software\Microsoft\ClaroDirectory Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4316752A-F501-4CC4-8A75-43C38A65DA89} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\1AFADF79F38E4316A02C3BB0DF5E43F9 Key Found : [x64] HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\52538ad9bc3cbe41 Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B Key Found : HKLM\SOFTWARE\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\do-searchSoftware Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\SOFTWARE\IHProtect Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{069b290f-5398-4629-a009-85b4bcb4b1b9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall Key Found : HKLM\SOFTWARE\SupDp Key Found : HKLM\SOFTWARE\SupTab Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com] ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17689 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://do-search.com/web/?type=dspp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms} Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://do-search.com/web/?type=ds&ts=1427307464&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms} Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://do-search.com/web/?type=ds&ts=1427307464&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms} Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://do-search.com/web/?type=ds&ts=1427307464&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms} -\\ Mozilla Firefox v36.0.4 (x86 pl) [hyp8xk8j.default] - Line Found : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [hyp8xk8j.default] - Line Found : user_pref("browser.search.searchengine.iconURL", "hxxp://do-search.com/web/favicon.ico"); [hyp8xk8j.default] - Line Found : user_pref("browser.search.searchengine.url", "hxxp://do-search.com/web/?type=dspp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms}"); [hyp8xk8j.default] - Line Found : user_pref("browser.search.selectedEngine", "do-search"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.admin", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.aflt", "babsst"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.autoRvrt", "false"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.dfltLng", "en"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.excTlbr", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.id", "9ed080b000000000000060d8199cfb4c"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.instlDay", "15701"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.instlRef", "sst"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.prdct", "claro"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.prtnrId", "claro"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.rvrt", "false"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.tlbrId", "claro"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.tlbrSrchUrl", ""); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.vrsn", "1.8.8.5"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro.vrsni", "1.8.8.5"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro_i.excTlbr", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro_i.newTab", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro_i.smplGrp", "none"); [hyp8xk8j.default] - Line Found : user_pref("extensions.claro_i.vrsnTs", "1.8.8.514:14:36"); [hyp8xk8j.default] - Line Found : user_pref("extensions.enabledAddons", "fftoolbar2014%40etech.com:1.0.0.1025,istart_ffnt%40gmail.com:5.3.7,searchengine%40gmail.com:1.0.0.1027,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4"); [hyp8xk8j.default] - Line Found : user_pref("extensions.quick_start.enable_search1", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [hyp8xk8j.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"bingsearch.full@microsoft.com\":{\"d\":\"C:\\\\Users\\\\krzysztof\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hyp8xk8j.default\\\\e[...] -\\ Google Chrome v41.0.2272.101 [C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://do-search.com/web/?type=dspp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX&q={searchTerms} [C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh [C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : fcfenmboojpjinhpgggodefccipikbpd [C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX [C:\Users\krzysztof\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://do-search.com/?type=hppp&ts=1427307525&from=cor&uid=HITACHIXHTS547550A9E384_J2150050HRAYBCHRAYBCX ************************* AdwCleaner[R0].txt - [15064 bytes] - [30/03/2015 18:46:50] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15124 bytes] ##########