======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org D:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 16:48:44 on 30/09/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Roberto@DOMOWY ( ) ============== SEARCH ============== File found: D:\Program Files\Mozilla FireFox\Components\AskSearch.js Folder found: D:\Documents and Settings\Roberto\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: D:\Program Files\Conduit Folder found: D:\Documents and Settings\All Users\Dane aplikacji\Trymedia -- File opened: D:\Documents and Settings\Roberto\Dane aplikacji\Mozilla\FireFox\Profiles\4bd03v5y.default\Prefs.js -- Line found: user_pref("CT2417076.SearchEngine", "Szukaj||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line found: user_pref("CT2417076.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241... Line found: user_pref("CT2417076.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E... Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2417076"); Line found: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea... Line found: user_pref("extensions.mywebsearch.prevKwdEnabled", true); Line found: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties"); -- File closed -- Key found: HKLM\Software\Classes\Toolbar.CT2417076 Key found: HKLM\Software\AskBarDis Key found: HKLM\Software\Conduit Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\Conduit Key found: HKCU\Software\PopCap Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [6.0.2 (pl)] **** Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@unity3d.com/UnityPlayer (x) HKLM_MozillaPlugins\Adobe Reader (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\AskSearch.js Components\browsercomps.dll (Mozilla Foundation) -- D:\Documents and Settings\Roberto\Dane aplikacji\Mozilla\FireFox\Profiles\4bd03v5y.default -- Extensions\es-AR@dictionaries.addons.mozilla.org (Diccionario espanol Argentina) Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox) Extensions\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}(2) (gry Community Toolbar) Prefs.js - browser.download.lastDir, D:\\Documents and Settings\\Roberto\\Pulpit\\Basia Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ig Prefs.js - browser.startup.homepage_override.buildID, 20110902133214 Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2 -- D:\Documents and Settings\antek i Adi\Dane aplikacji\Mozilla\FireFox\Profiles\xyptf34w.default -- Prefs.js - browser.download.lastDir, D:\\Documents and Settings\\antek i Adi\\Pulpit\\Antek\\Little Big Planet Prefs.js - browser.startup.homepage_override.buildID, 20110902133214 Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2 Prefs.js - keyword.URL, hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= -- D:\Documents and Settings\Gość\Dane aplikacji\Mozilla\FireFox\Profiles\9qiq32pf.default -- Prefs.js - browser.startup.homepage_override.buildID, 20110811165603 Prefs.js - browser.startup.homepage_override.mstone, rv:6.0 Prefs.js - keyword.URL, hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= ======================================== **** Internet Explorer Version [7.0.5730.13] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} - "Ask Search" (hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q={searchTerms}&cr...) HKLM_SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} - "Ask Search" (hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q={searchTerms}&cr...) HKLM_ElevationPolicy\9ef18c91-d814-4d41-88ae-7729f3077c83 - D:\Program Files\gry\gryToolbarHelper.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (?) ======================================== D:\Program Files\Ad-Remover\Quarantine: 0 File(s) D:\Program Files\Ad-Remover\Backup: 0 File(s) D:\Ad-Report-SCAN[1].txt - 30/09/2011 16:48:48 (2115 Byte(s)) End at: 16:49:34, 30/09/2011 ============== E.O.F ==============