======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Launched at 21:44:05 on 20/02/2012, Normal boot Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Właściciel@PTYLLO-RSA ( ) ============== SEARCH ============== File found: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\ywwsqrof.default\searchplugins\conduit.xml Folder found: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Conduit -- File opened: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\ywwsqrof.default\Prefs.js -- Line found: user_pref("CT2481033.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT248... Line found: user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2481033&Search... Line found: user_pref("CommunityToolbar.ConduitSearchList", "Ashampoo PO Customized Web Search"); Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2481033", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481033", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2481033",... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2481033&octid=... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2481033&octid=... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pl-pl", "\"... Line found: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\WBa[ciciel\\Dane a... Line found: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10"); Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2481033"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2481033"); Line found: user_pref("CommunityToolbar.ToolbarsList4", "CT2481033"); Line found: user_pref("CommunityToolbar.globalUserId", "a38d11d1-5cf4-4760-b36f-b805f7a37536"); Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2481033"); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&Sea... -- File closed -- Key found: HKLM\Software\Classes\Interface\{144940B1-F191-11D0-A8E2-00A0C90F29FC} Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2481033 Key found: HKLM\Software\Conduit Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.23 (pl)] **** HKLM_MozillaPlugins\Adobe Reader (x) HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms}) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype Click to Call) HKCU_Extensions|mozilla_cc@internetdownloadmanager.com - C:\Documents and Settings\Właściciel\Dane aplikacji\IDM\idmmzcc5 -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\ywwsqrof.default -- Extensions\anycolor.pavlos256@gmail.com (AnyColor) Extensions\bejeweledblitz3cheat@thecybershadow.net (CyberShadow's Bejeweled Blitz 3 Cheat) Extensions\change@c-est-simple.com (Change) Extensions\ctrl-tab@design-noir.de (Ctrl-Tab) Extensions\exif_viewer@mozilla.doslash.org (Exif Viewer) Extensions\fastdial@telega.phpnet.us (Fast Dial) Extensions\ffxtlbr@babylon.com (?) Extensions\FoxdieGraphite@tanjihay.com (Foxdie (Graphite)) Extensions\foxdie_ext_ocelot@foxdie.us (Foxdie for Firefox) Extensions\pl@dictionaries.addons.mozilla.org (Polski slownik poprawnej pisowni) Extensions\tabkit@jomel.me.uk (Tab Kit) Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} (Vista-aero) Extensions\{07b2a769-ed19-4483-87ce-c643914c9626} (ANTHEM) Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} (Image Zoom) Extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996} (ChromaTabs Plus) Extensions\{2832ABCD-4444-1012-2D45-132D5447C445} (Rapidlibrary Search ToolBar) Extensions\{3474c305-9dad-11d8-9207-00055d74c2e4} (Bookmark Backup) Extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66} (Alienware Invader v1.2) Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} (IE View) Extensions\{6FF4E2E4-FB2E-4f50-8F65-CFF2777413D5} (Opanda IExif) Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} (Aquatint Black Gloss) Extensions\{85929d10-da2b-11dd-ad8b-0800200c9a66} (Brushed Alloy Fusion - Black) Extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5} (Currency Converter) Extensions\{b7ffb3f0-faf6-11dd-87af-0800200c9a66} (?) Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} (BetterPrivacy) Extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} (Ashampoo PO Community Toolbar) Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar) Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} (BlockSite) Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} (Torbutton) Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey) Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} (FoxTab) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms} /) Searchplugins\google-images.xml (?) Prefs.js - browser.download.lastDir, D:\\! ! ! COREL\\Loga Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms} Prefs.js - browser.search.selectedEngine, Bing Prefs.js - browser.startup.homepage, hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.23 ======================================== **** Google Chrome Version [13.0.782.215] **** Extension\jinihaffgdhejchgkogpfkdmpldnmnji (C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\tbch.crx) (x) Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?) -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=acc9b344000000000000001fd0219c11 Preferences - homepage_is_newtabpage: false Preferences - urls_to_restore_on_startup: hxxp://search.conduit.com/?ctid=CT2481033&SearchSource=48 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://www.google.pl/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss&affID=100474&mntrId=acc9b344000000000000001fd0219c11 HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=acc...) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?) HKCU_SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} - "Ashampoo PO Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll) HKLM_Toolbar|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll) HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited) HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.) HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbws.exe (Kaspersky Lab) HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited) HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) HKLM_ElevationPolicy\{F3D86ACD-0298-4626-B81E-056653067D8E} - C:\Program Files\Dassault Systemes\Virtual Earth - 3DVIA\intel_a\code\bin\VirtualEarth3DVIA.exe (x) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{0055C089-8582-441B-A0BF-17B458C2A3A8} - "IDM integration (IDMIEHlprObj Class)" (C:\Program Files\Internet Download Manager\IDMIECC.dll) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll) BHO\{AE7CD045-E861-484f-8273-0445EE161910} - "AcroIEToolbarHelper Class" (C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 5 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[2].txt - 15/09/2003 13:35:45 (6846 Byte(s)) C:\Ad-Report-SCAN[3].txt - 20/02/2012 21:44:18 (12086 Byte(s)) End at: 21:47:42, 20/02/2012 ============== E.O.F ==============