======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:26:29 on 09/01/2012, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) xp@OEM-ADE59CFEB14 ( ) ============== SEARCH ============== File found: C:\WINDOWS\system32\ConduitEngine.tmp File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\extensions\toolbar@ask.com File found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\searchplugins\askcom.xml Folder found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\conduit Folder found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\ConduitEngine Folder found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\extensions\engine@conduit.com File found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\searchplugins\conduit.xml Folder found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\extensions\vshare@toolbar File found: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\searchplugins\web-search.xml Folder found: C:\Program Files\Ask.com Folder found: C:\Program Files\AskTBar Folder found: C:\Documents and Settings\xp\Dane aplikacji\AskToolbar Folder found: C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\AskToolbar Folder found: C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\ConduitEngine Folder found: C:\Program Files\ConduitEngine Folder found: C:\Documents and Settings\xp\Dane aplikacji\PriceGong -- File opened: C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default\Prefs.js -- Line found: user_pref("CT1098640.SavedHomepage", "hxxp://www.mydtzone.com/startpage|hxxp://search.conduit.com/?c... Line found: user_pref("CT1098640.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line found: user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT109... Line found: user_pref("CT2530240.SavedHomepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line found: user_pref("CT2530240.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253... Line found: user_pref("CT2680812.SavedHomepage", "hxxp://www.ask.com?o=15425&l=dis"); Line found: user_pref("CT2680812.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT268... Line found: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2530240"); Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1073242&fid=1068946", "\"0\... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=5747&fid=5719", "\"0\""); Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1073242/1068946/DEFAULT", "... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1073242/1068946/PL", "\"0\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/5747/5719/DEFAULT", "\"0\""... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/5747/5719/PL", "\"0\""); Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923243/919034/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1098640", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2530240", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680812", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2530240",... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2680812",... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=9/22/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1098640&octid=... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2680812&octid=... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2530240/CT2530240... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2680812/CT2680812... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pl-pl", "\"... Line found: user_pref("CommunityToolbar.EngineHiddenByUser", true); Line found: user_pref("CommunityToolbar.EngineOwner", "CT2680812"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utubebario"); Line found: user_pref("CommunityToolbar.IsEngineShown", false); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2680812"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utubebario"); Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client... Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2680812,CT1098640,CT2530240"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2680812,CT1098640,CT2530240"); Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Nov 01 2011 23:13:29 GMT+01... Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jan 09 2012 00:43:11 GMT+0100"); Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jan 09 2012 00:43:00 GMT+0100"); Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "fbd5bf2a-5c9f-490c-a2a3-73a41f35188a"); Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 05 2010 12:13:25 GMT+0100"); Line found: user_pref("CommunityToolbar.globalUserId", "ecd2414a-d330-43da-9f9d-1b7205e9aff0"); Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2530240"); Line found: user_pref("ConduitEngine.FirstServerDate", "11/04/2010 19"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstalledDate", "Thu Nov 04 2010 17:24:33 GMT+0100"); Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Dec 05 2010 13:47:46 GMT+0100"); Line found: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Sun Dec 05 2010 20:19:32 GMT+0100"); Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Dec 05 2010 20:19:32 GMT+0100"); Line found: user_pref("ConduitEngine.UserID", "UN39660569354920794"); Line found: user_pref("ConduitEngine.engineLocale", "pl"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Dec 05 2010 13:47:47 GMT+0100"); Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("browser.search.defaultengine", "Ask.com"); Line found: user_pref("browser.search.defaultenginename", "Ask.com"); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&Sea... Line found: user_pref("browser.search.order.1", "Ask.com"); Line found: user_pref("browser.search.selectedEngine", "Ask.com"); Line found: user_pref("browser.startup.homepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line found: user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Line found: user_pref("extensions.asktb.cbid", "NA"); Line found: user_pref("extensions.asktb.config-updated", false); Line found: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}... Line found: user_pref("extensions.asktb.dtid", "YYYYYYYYPL"); Line found: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s... Line found: user_pref("extensions.asktb.first-restart-after-config-update", true); Line found: user_pref("extensions.asktb.fresh-install", false); Line found: user_pref("extensions.asktb.guid", "2D9CF460-A65D-42ED-A1D0-F74CE92A2523"); Line found: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com... Line found: user_pref("extensions.asktb.if", "su"); Line found: user_pref("extensions.asktb.l", "dis"); Line found: user_pref("extensions.asktb.last-config-req", "1326114274354"); Line found: user_pref("extensions.asktb.last-v", "3.13.2.100009"); Line found: user_pref("extensions.asktb.locale", "en_US"); Line found: user_pref("extensions.asktb.nero.userName", ""); Line found: user_pref("extensions.asktb.o", "15422"); Line found: user_pref("extensions.asktb.options-lang", "en"); Line found: user_pref("extensions.asktb.options-locale", "UK"); Line found: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Line found: user_pref("extensions.asktb.qsrc", "2871"); Line found: user_pref("extensions.asktb.r", "2"); Line found: user_pref("extensions.asktb.sa", "YES"); Line found: user_pref("extensions.asktb.saguid", "40DBF97E-9845-4F9A-A655-DD601EB13D91"); Line found: user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=... Line found: user_pref("extensions.asktb.search-suggestions-enabled", true); Line found: user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li... Line found: user_pref("extensions.asktb.silent-upgrade", true); Line found: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true); Line found: user_pref("extensions.asktb.themeid", ""); Line found: user_pref("extensions.asktb.v", "3.13.2.100009"); Line found: user_pref("extensions.enabledItems", "{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5,{CAFEEFAC-0016-00... Line found: user_pref("extensions.vshare@toolbar.update.enabled", false); Line found: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO2&o=15422&locale=... Line found: user_pref("vshare.install.date", "1303862400000"); Line found: user_pref("vshare.install.dumpFileCount", 0); Line found: user_pref("vshare.install.dumpFileDisabled", false); Line found: user_pref("vshare.install.finished", "1.0.0"); Line found: user_pref("vshare.install.guardCount", 3); Line found: user_pref("vshare.install.guardPopupCount", 1); Line found: user_pref("vshare.install.guardSPCount", 6); Line found: user_pref("vshare.install.guardSPPopupCount", 1); Line found: user_pref("vshare.install.guid", "{6b682f67-bfbd-4995-977c-b6f424469b4d}"); Line found: user_pref("vshare.install.isHidden", true); Line found: user_pref("vshare.install.istoolbarhp", true); Line found: user_pref("vshare.install.istoolbarsearch", true); Line found: user_pref("vshare.install.laststatreq", "1326067200000"); Line found: user_pref("vshare.install.newtab", true); Line found: user_pref("vshare.install.overlayVersion", 1); Line found: user_pref("vshare.install.userHPSettings", ""); Line found: user_pref("vshare.install.userSPSettings", "Ask.com"); -- File closed -- Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key found: HKLM\Software\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key found: HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key found: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Key found: HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Key found: HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key found: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key found: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} Key found: HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870E} Key found: HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870E} Key found: HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7D} Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key found: HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery Key found: HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1 Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key found: HKLM\Software\Classes\Toolbar.CT1098640 Key found: HKLM\Software\Classes\Toolbar.CT2530240 Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key found: HKLM\Software\AskToolbar Key found: HKLM\Software\Conduit Key found: HKLM\Software\DataMngr Key found: HKCU\Software\Ask.com Key found: HKCU\Software\AskToolbar Key found: HKCU\Software\Conduit Key found: HKCU\Software\DataMngr Key found: HKCU\Software\PriceGong Key found: HKCU\Software\AppDataLow\AskToolbarInfo Key found: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84D42CA-64EB-11DE-A65F-8C3656D89593} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key found: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D} Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.25 (pl)] **** Plugins\NPBOARDS.dll (Ganymede Technologies) HKLM_MozillaPlugins\@idsoftware.com/QuakeLive (x) HKLM_MozillaPlugins\@nexon.com/NxGame (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\babylon.xml (hxxp://search.babylon.com/) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&q={searchTerms}/) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\arcabit@www.arcabit.pl (ArcaBit Ext.) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype Click to Call) -- C:\Documents and Settings\xp\Dane aplikacji\Mozilla\FireFox\Profiles\si5c82g8.default -- Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar) Extensions\engine@conduit.com (Conduit Engine ) Extensions\ffxtlbr@babylon.com (Babylon) Extensions\toolbar@ask.com (Nero Toolbar) Extensions\vshare@toolbar (vShare) Extensions\zacz3k@gmail.com (Twojanuta.pl) Extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a} (MovieBario Community Toolbar) Extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (Softonic-Polska Community Toolbar) Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey) Extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} (MediaBar) Extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}chrome (?) Extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} (free-downloads.net Community Toolbar) Searchplugins\askcom.xml (?) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&q={searchTerms}/) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms} /) Searchplugins\web-search.xml (?) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\xp\\Pulpit Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms} Prefs.js - browser.search.selectedEngine, Ask.com Prefs.js - browser.startup.homepage, hxxp://vshare.toolbarhome.com/?hp=df Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.25 Prefs.js - keyword.URL, hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO2&o=15422&locale=en_US&apn_uid=2D9CF460-A65D-42ED-... ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search bar - hxxp://search.bearshare.com/sidebar.html?src=ssb HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=73a7cba9000000000000005345000000 HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home AboutUrls|Tabs - hxxp://gg.blogpear.com/vscript/newTB.psc?&ub=_|0U0I0Dzu0DtDtDtDyBtA0AyB0C0B0AzytN0P1C0S1Czu0F0L0V0PtN0C0H0Nzu0S0R0C0Hzx0N1P2W0T0BtN0B0N0Dzu0B0B0N1VtCtAtDyDyEtN0C0Dzu0P0R0EtN0L0N0Tzu|_&cr=1341618784 HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} - "UrlSearchHook Class" (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKCU_URLSearchHooks|{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - "?" (C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL) HKCU_URLSearchHooks|{ecdee021-0d17-467f-a1ff-c7a115230949} - "free-downloads.net Toolbar" (C:\Program Files\free-downloads.net\prxtbfre2.dll) HKCU_URLSearchHooks|{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - "Softonic-Polska Toolbar" (C:\Program Files\Softonic-Polska\prxtbSof2.dll) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=15422&src=crm&q={searchTer...) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic-Polska Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\ShellBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} (C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKCU_Toolbar\WebBrowser|{ECDEE021-0D17-467F-A1FF-C7A115230949} (C:\Program Files\free-downloads.net\prxtbfre2.dll) HKCU_Toolbar\WebBrowser|{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} (C:\Program Files\Softonic-Polska\prxtbSof2.dll) HKCU_Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} (C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL) HKLM_Toolbar|{0974BA1E-64EC-11DE-B2A5-E43756D89593} (C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll) HKLM_Toolbar|{FE063DB9-4EC0-403e-8DD8-394C54984B2C} (C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL) HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKLM_Toolbar|{ecdee021-0d17-467f-a1ff-c7a115230949} (C:\Program Files\free-downloads.net\prxtbfre2.dll) HKLM_Toolbar|{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (C:\Program Files\Softonic-Polska\prxtbSof2.dll) HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\885efa9a-b05a-4a3f-80a7-aadf83ef8ba9 - C:\Program Files\free-downloads.net\free-downloads.netToolbarHelper.exe (?) HKLM_ElevationPolicy\{0E606E3E-23B0-41d2-B345-40920A43C8E6} - C:\Documents and Settings\All Users\Dane aplikacji\Nexon\Common\NMService.exe (Nexon Corp.) HKLM_ElevationPolicy\{48D6442D-7BD0-431E-9D0E-B7BFD9F608E0} - C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Conduit\CT2530240\Softonic-PolskaAutoUpdaterHelper.exe (?) HKLM_ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (Babylon Ltd.) HKLM_ElevationPolicy\{8B246C60-6DFD-4A2C-B09F-0C5BEE8A1693} - C:\Program Files\free-downloads.net\free-downloads.netToolbarHelper.exe (?) HKLM_ElevationPolicy\{90ABF3D2-84E5-44FB-85EE-A109F7762DA3} - C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Conduit\CT1098640\free-downloads.netAutoUpdaterHelper.exe (?) HKLM_ElevationPolicy\{9E3F55FD-322B-4BEC-B138-C0B235862A13} - C:\Program Files\Softonic-Polska\Softonic-PolskaToolbarHelper.exe (?) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{E84D42CA-64EB-11DE-A65F-8C3656D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\uninstall.exe (Musiclab, LLC.) HKLM_Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438} - "ArcaVir >>" (C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll,203) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{0974BA1E-64EC-11DE-B2A5-E43756D89593} - "MediaBar" (C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll) BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "Babylon toolbar helper" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll) BHO\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - "UrlHelper Class" (C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll) BHO\{9CB65201-89C4-402c-BA80-02D8C59F9B1D} - "Ask Search Assistant BHO" (C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) BHO\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - "Softonic-Polska Toolbar" (C:\Program Files\Softonic-Polska\prxtbSof2.dll) BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Nero Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll) BHO\{ecdee021-0d17-467f-a1ff-c7a115230949} - "free-downloads.net Toolbar" (C:\Program Files\free-downloads.net\prxtbfre2.dll) BHO\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - "IEPluginBHO Class" (C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll) (x) BHO\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} - "Ask Toolbar BHO" (C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 09/01/2012 20:27:02 (29132 Byte(s)) End at: 20:27:52, 09/01/2012 ============== E.O.F ==============