======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:07:31 on 27/10/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) qwe@STACJONARNY ( ) ============== SEARCH ============== Folder found: C:\Documents and Settings\qwe\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Documents and Settings\qwe\Ustawienia lokalne\Dane aplikacji\ConduitEngine Folder found: C:\Program Files\ConduitEngine Folder found: C:\Documents and Settings\qwe\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\qwe\Ustawienia lokalne\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\qwe\Dane aplikacji\PriceGong -- File opened: C:\Documents and Settings\qwe\Dane aplikacji\Mozilla\FireFox\Profiles\aq8k07fl.default\Prefs.js -- Line found: user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279... Line found: user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13"); Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/PL", "\"0\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a3a... Line found: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\qwe\\Dane aplikacj... Line found: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6"); Line found: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo... Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2790392"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2790392"); Line found: user_pref("CommunityToolbar.ToolbarsList4", "CT2790392"); Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 11 2011 18:39:27 GMT+0200"); Line found: user_pref("CommunityToolbar.globalUserId", "497133c6-2696-4f42-aba3-d745ff6ee68f"); Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 11 2011 18:39:2... Line found: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 11 2011 20:04:06 GMT+020... Line found: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.notifications.locale", "en"); Line found: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 11 2011 18:39:24 GMT+0200"); Line found: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Line found: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.notifications.showTrayIcon", false); Line found: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.notifications.userId", "bb90bd98-eda5-455c-bdc4-4b54527f945b"); Line found: user_pref("CommunityToolbar.originalHomepage", "www.google.pl"); Line found: user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties... -- File closed -- Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Classes\CLSID\{9065C555-3787-411B-A963-71EEA9A96B55} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9065C555-3787-411B-A963-71EEA9A96B55} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9065C555-3787-411B-A963-71EEA9A96B55} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT1098640 Key found: HKLM\Software\Classes\Toolbar.CT2269050 Key found: HKLM\Software\Classes\Toolbar.CT2790392 Key found: HKLM\Software\Conduit Key found: HKLM\Software\conduitEngine Key found: HKCU\Software\Conduit Key found: HKCU\Software\conduitEngine Key found: HKCU\Software\PriceGong Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A250C650-9919-48E3-9597-C3CBCCFF8A95} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [7.0.1 (pl)] **** HKLM_MozillaPlugins\@nexon.net/NxGame (x) HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) HKLM_MozillaPlugins\Adobe Reader (x) HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) HKLM_Extensions|virtualKeyboard@kaspersky.ru - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru (x) HKLM_Extensions|linkfilter@kaspersky.ru - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru (x) -- C:\Documents and Settings\qwe\Dane aplikacji\Mozilla\FireFox\Profiles\aq8k07fl.default -- Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} (BitTorrentBar Community Toolbar) Prefs.js - browser.download.dir, C:\\Documents and Settings\\qwe\\Pulpit Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\qwe\\Pulpit Prefs.js - browser.startup.homepage, www.google.pl Prefs.js - browser.startup.homepage_override.buildID, 20110928134238 Prefs.js - browser.startup.homepage_override.mstone, rv:7.0.1 ======================================== **** Google Chrome Version [14.0.835.202] **** Extension\mhfdcmehmjcclgopdodkjdicohagipid (C:\DOCUME~1\qwe\USTAWI~1\Temp\crx2DA.tmp) (x) Extension\plmlpkfpkijnlijgalnjaacllnjmoamo (C:\DOCUME~1\qwe\USTAWI~1\Temp\tbch.crx) (x) -- C:\Documents and Settings\qwe\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.gogle.pl/ Preferences - homepage_is_newtabpage: true Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x) Plugin - Native Client (Enabled: true) (C:\Documents and Settings\qwe\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll) Plugin - Pando Web Plugin (Enabled: true) (C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll) Plugin - "Java" (Enabled: true) Plugin - "Remoting Viewer" (Enabled: true) Plugin - "Native Client" (Enabled: true) Plugin - "Nexon Game Controller" (Enabled: true) Plugin - "Picasa" (Enabled: true) Plugin - "Pando Web Plugin" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://search.myheritage.com AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss&affID=100474&mntrId=ac62f9e200000000000000ff05eca53c HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=ac6...) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - " " (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} - "Private Search" (hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll) HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x) HKLM_ElevationPolicy\1511a586-d6fc-42a2-bd12-ff47e573bdf3 - C:\Program Files\free-downloads.net\free-downloads.netToolbarHelper.exe (x) HKLM_ElevationPolicy\{A250C650-9919-48E3-9597-C3CBCCFF8A95} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?) HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} - "Yahoo! Companion BHO" (C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll) BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll) BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x) BHO\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - "Hotspot Shield Class" (C:\Program Files\Hotspot Shield\HssIE\HssIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-SCAN[1].txt - 27/10/2011 22:08:18 (11362 Byte(s)) End at: 22:08:46, 27/10/2011 ============== E.O.F ==============