======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 16:46:05 on 25/10/2011, Safeboot mode Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) WWW@OK ( ) ============== SEARCH ============== File found: C:\WINDOWS\system32\ConduitEngine.tmp File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder found: C:\Documents and Settings\ka$ka\Dane aplikacji\Mozilla\FireFox\Profiles\3d9hp5a1.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Folder found: C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\FireFox\Profiles\8gny6day.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Folder found: C:\Program Files\Ask.com Folder found: C:\Documents and Settings\WWW\Ustawienia lokalne\Dane aplikacji\AskToolbar Folder found: C:\Documents and Settings\WWW\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Documents and Settings\WWW\Dane aplikacji\vShare Folder found: C:\Documents and Settings\All Users\Dane aplikacji\iMesh Folder found: C:\Documents and Settings\All Users\Menu Start\Programy\iMesh Folder found: C:\Program Files\iMesh Applications -- File opened: C:\Documents and Settings\WWW\Dane aplikacji\Mozilla\FireFox\Profiles\l8pxaxsz.default\Prefs.js -- Line found: user_pref("browser.search.selectedEngine", "qooqlle"); Line found: user_pref("browser.startup.homepage", "hxxp://www.qooqlle.com/"); -- File closed -- Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key found: HKLM\Software\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90} Key found: HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B} Key found: HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key found: HKLM\Software\Classes\CLSID\{24103041-884B-4772-B0D3-A600E7CBFEC7} Key found: HKLM\Software\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key found: HKLM\Software\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key found: HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key found: HKLM\Software\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Key found: HKLM\Software\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key found: HKLM\Software\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376} Key found: HKLM\Software\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key found: HKLM\Software\Classes\CLSID\{3C78B8E2-6C4D-11D1-AEE2-0000F7754B98} Key found: HKLM\Software\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Key found: HKLM\Software\Classes\CLSID\{3D446B6F-71DE-4437-BE15-8CE47174340F} Key found: HKLM\Software\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key found: HKLM\Software\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key found: HKLM\Software\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} Key found: HKLM\Software\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Key found: HKLM\Software\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key found: HKLM\Software\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key found: HKLM\Software\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703} Key found: HKLM\Software\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703} Key found: HKLM\Software\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key found: HKLM\Software\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key found: HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key found: HKLM\Software\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key found: HKLM\Software\Classes\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F} Key found: HKLM\Software\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9} Key found: HKLM\Software\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key found: HKLM\Software\Classes\CLSID\{A6A695A2-B1AD-49A2-AD6F-FFB82E2A7832} Key found: HKLM\Software\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44} Key found: HKLM\Software\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key found: HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key found: HKLM\Software\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key found: HKLM\Software\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key found: HKLM\Software\Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7} Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Key found: HKLM\Software\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key found: HKLM\Software\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Key found: HKLM\Software\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key found: HKLM\Software\Classes\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3} Key found: HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key found: HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key found: HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62} Key found: HKLM\Software\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key found: HKLM\Software\Classes\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF} Key found: HKLM\Software\Classes\CLSID\{FD675817-9EFE-40cd-A75E-E94D1C85D1FE} Key found: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393} Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key found: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key found: HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C} Key found: HKLM\Software\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key found: HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key found: HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key found: HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key found: HKLM\Software\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} Key found: HKLM\Software\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B} Key found: HKLM\Software\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery Key found: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1 Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key found: HKLM\Software\Classes\iMesh.AudioCD Key found: HKLM\Software\Classes\iMesh.Device Key found: HKLM\Software\Classes\iMesh.file Key found: HKLM\Software\Classes\Toolbar.CT1460988 Key found: HKLM\Software\Classes\Toolbar.CT1708250 Key found: HKLM\Software\Classes\Toolbar.CT2117678 Key found: HKLM\Software\Classes\Toolbar.CT2724386 Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key found: HKLM\Software\AskToolbar Key found: HKLM\Software\Conduit Key found: HKLM\Software\iMesh Key found: HKCU\Software\AskToolbar Key found: HKCU\Software\Toolbar Key found: HKCU\Software\vShare Key found: HKLM\Software\Cheat Engine\OpenCandy Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iMesh Key found: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.21 (pl)] **** Plugins\npBitCometAgent.dll (BitComet) Plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) HKLM_MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\SearchResults.xml ( hxxp://search.imesh.com//web?src=ffb&appid=393&systemid=1&sr=0&q={searchTerms}/) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\quickstores@quickstores.de (QuickStores-Toolbar) HKLM_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\SPFireFox (x) -- C:\Documents and Settings\WWW\Dane aplikacji\Mozilla\FireFox\Profiles\l8pxaxsz.default -- Extensions\staged-xpis (?) Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) (?) Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (?) Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} (?) Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} (?) Searchplugins\MyStart Search.xml (?) Searchplugins\search.xml (?) Searchplugins\SweetIM Search.xml (?) Searchplugins\sweetim.xml (?) Prefs.js - browser.search.selectedEngine, qooqlle Prefs.js - browser.startup.homepage, hxxp://www.qooqlle.com/ Prefs.js - browser.startup.homepage_override.mstone, false Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= -- C:\Documents and Settings\ka$ka\Dane aplikacji\Mozilla\FireFox\Profiles\3d9hp5a1.default -- Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar) Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Panda Security Toolbar) Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.8 -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\FireFox\Profiles\8gny6day.default -- Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar) Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Panda Security Toolbar) Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.5 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://www.google.pl/ig?hl=pl HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://startsear.ch HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKCU_Toolbar\WebBrowser|{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} (C:\Program Files\NCH\prxtbNC2.dll) HKCU_Toolbar\WebBrowser|{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} (x) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll) HKLM_Extensions\{5067A26B-1337-4436-8AFE-EE169C2DA79F} - "?" (?) HKLM_Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - "BitComet" (C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll,203) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - "QuickStores-Toolbar" (mscoree.dll) (x) BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll) BHO\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - "Panda Security Toolbar" (C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll) BHO\{c2db4fe6-8409-45ce-8010-189a7b5cce86} - "NCH Toolbar" (C:\Program Files\NCH\prxtbNC2.dll) BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "vShare Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll) BHO\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll) BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-SCAN[1].txt - 25/10/2011 16:46:10 (9752 Byte(s)) End at: 16:46:52, 25/10/2011 ============== E.O.F ==============