======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:36:10 on 30/10/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) nazwa@H-CBA775AAD1CE4 ( ) ============== SEARCH ============== Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\conduit Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\ConduitEngine Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\extensions\engine@conduit.com Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\extensions\vshare@toolbar File found: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\searchplugins\web-search.xml Folder found: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\PriceGong Folder found: C:\Documents and Settings\nazwa\Dane aplikacji\Toolbar4 -- File opened: C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default\Prefs.js -- Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line found: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Oct 30 2011 15:06:08 GMT+0100"); Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Oct 30 2011 15:06:08 GMT+0100"); Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "81c56fec-c0b6-48cb-afae-9f91fe96a27f"); Line found: user_pref("ConduitEngine.CTID", "ConduitEngine"); Line found: user_pref("ConduitEngine.FirstServerDate", "04/05/2011 17"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstalledDate", "Tue Apr 05 2011 16:46:49 GMT+0200"); Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Oct 29 2011 21:14:40 GMT+0200"); Line found: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Sun Oct 30 2011 19:56:39 GMT+0100"); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Oct 30 2011 19:56:39 GMT+0100"); Line found: user_pref("ConduitEngine.UserID", "UN67660997880929476"); Line found: user_pref("ConduitEngine.componentAlertEnabled", true); Line found: user_pref("ConduitEngine.engineLocale", "pl"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Oct 29 2011 21:14:40 GMT+0200"); Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("ConduitEngine.usagesFlag", 2); Line found: user_pref("extensions.enabledItems", "illimitux@illimitux.net:4.0,{CAFEEFAC-0016-0000-0021-ABCDEFFED... Line found: user_pref("extensions.vshare@toolbar.update.enabled", false); Line found: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="); Line found: user_pref("vshare.install.date", "1305072000000"); Line found: user_pref("vshare.install.dumpFileCount", 0); Line found: user_pref("vshare.install.dumpFileDisabled", false); Line found: user_pref("vshare.install.finished", "1.0.0"); Line found: user_pref("vshare.install.guid", "{4f8bdf2b-95c8-4c80-ba8a-f87e03fd9cad}"); Line found: user_pref("vshare.install.isHidden", true); Line found: user_pref("vshare.install.istoolbarhp", true); Line found: user_pref("vshare.install.istoolbarsearch", true); Line found: user_pref("vshare.install.laststatreq", "1319932800000"); Line found: user_pref("vshare.install.newtab", true); Line found: user_pref("vshare.install.overlayVersion", 1); Line found: user_pref("vshare.install.userHPSettings", "www.onet.pl"); Line found: user_pref("vshare.install.userSPSettings", "Google"); -- File closed -- Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2206084 Key found: HKLM\Software\Conduit Key found: HKCU\Software\PriceGong Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.23 (pl)] **** Plugins\npganymedenet.dll ( ) Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\FireFox\Profiles\ya8vh4mz.default -- Extensions\engine@conduit.com (Conduit Engine ) Extensions\illimitux@illimitux.net (Illimitux) Extensions\vshare@toolbar (vShare) Searchplugins\web-search.xml (?) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\nazwa\\Pulpit Prefs.js - browser.search.defaultenginename, Web Search... Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, www.onet.pl Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.23 Prefs.js - keyword.URL, hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Start Page - hxxp://vshare.toolbarhome.com/?hp=df HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic Deutsch FF Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\Hyperionics DB Toolbar\TbHelper2.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-SCAN[1].txt - 30/10/2011 20:36:14 (6228 Byte(s)) End at: 20:36:57, 30/10/2011 ============== E.O.F ==============