======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 18:16:22 on 07/07/2011, Normal boot Microsoft Windows 7 Home Premium (X86) x@X-KOMPUTER (Gigabyte Technology Co., Ltd. GA-MA78LM-S2) ============== SEARCH ============== Service: "Application Updater" Service found File found: C:\Users\x\AppData\Roaming\Mozilla\FireFox\Profiles\taxuqupi.default\searchplugins\askcom.xml File found: C:\Users\x\AppData\Roaming\Mozilla\FireFox\Profiles\taxuqupi.default\searchplugins\conduit.xml Folder found: C:\Program Files\Application Updater Folder found: C:\Users\x\AppData\LocalLow\Search Settings Folder found: C:\Program Files\Common Files\Spigot -- File opened: C:\Users\x\AppData\Roaming\Mozilla\FireFox\Profiles\taxuqupi.default\Prefs.js -- Line found: user_pref("browser.search.defaultengine", "Ask.com"); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea... -- File closed -- Key found: HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key found: HKLM\Software\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Key found: HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2233703 Key found: HKLM\Software\Classes\Toolbar.CT2304157 Key found: HKLM\Software\Application Updater Key found: HKLM\Software\Conduit Key found: HKLM\Software\DataMngr Key found: HKLM\Software\Search Settings Key found: HKCU\Software\Ask.com Key found: HKCU\Software\Conduit Key found: HKCU\Software\DataMngr Key found: HKCU\Software\AppDataLow\Software\AskToolbar Key found: HKCU\Software\AppDataLow\Software\Search Settings Key found: HKCU\Software\AppDataLow\Software\Toolbar Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (pl)] **** Plugins\npBitCometAgent.dll (BitComet) Plugins\npwachk.dll (Nullsoft, Inc.) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&systemid=2&q={searchTerms}/) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) -- C:\Users\x\AppData\Roaming\Mozilla\FireFox\Profiles\taxuqupi.default -- Extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} (XfireXO) Searchplugins\askcom.xml (?) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&systemid=2&q={searchTerms}/) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}/) Searchplugins\winamp-search.xml (?) Prefs.js - browser.download.lastDir, C:\\Users\\x\\Desktop Prefs.js - browser.search.defaultenginename, BearShare Web Search Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms} Prefs.js - browser.search.selectedEngine, BearShare Web Search Prefs.js - browser.startup.homepage, hxxp://search.bearshare.com/ Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - keyword.URL, hxxp://search.bearshare.com/web?src=ffb&systemid=2&q= ======================================== **** Google Chrome Version [12.0.742.112] **** Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?) -- C:\Users\x\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://search.bearshare.com/ Preferences - homepage_is_newtabpage: true Plugin - BitCometAgent (Enabled: true) (C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll) Plugin - "BitCometAgent" (Enabled: true) Plugin - "Picasa" (Enabled: true) Plugin - "Winamp Application Detector" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://search.bearshare.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 AboutUrls|Tabs - hxxp://toolbar.aol.com/browserpages/newtab-winamp-ie-en-us.html HKCU_URLSearchHooks|{F3FEE66E-E034-436a-86E4-9690573BEE8A} - "YouTube Downloader Toolbar" (C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll) HKCU_URLSearchHooks|{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - "Winamp Search Class" (C:\Program Files\Winamp Toolbar\winamptb.dll) HKCU_URLSearchHooks|{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} (x) HKCU_URLSearchHooks|{5e5ab302-7f65-44cd-8211-c1d4caaccea3} (x) HKLM_URLSearchHooks|{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - "Winamp Search Class" (C:\Program Files\Winamp Toolbar\winamptb.dll) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=PF&o=15180&src=crm&q={searchTerms...) HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} - "Web Search" (hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "XfireXO Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} - "Web Search" (hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}) HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "XfireXO Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_Toolbar\WebBrowser|{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} (C:\Program Files\Winamp Toolbar\winamptb.dll) HKCU_Toolbar\WebBrowser|{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} (x) HKLM_Toolbar|{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} (C:\Program Files\Winamp Toolbar\winamptb.dll) HKLM_Toolbar|{F3FEE66E-E034-436a-86E4-9690573BEE8A} (C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll) HKLM_Toolbar|{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} (C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{ADADAEE2-457A-4984-A57C-E01C3A2BA612} - c:\program files\winamp toolbar\WinampTbServer.exe (AOL LLC.) HKLM_ElevationPolicy\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\uninstall.exe (?) HKLM_Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - "BitComet" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll,203) BHO\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - "Winamp Toolbar Loader" (C:\Program Files\Winamp Toolbar\winamptb.dll) BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll) BHO\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - "UrlHelper Class" (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) BHO\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - "MediaBar" (C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll) BHO\{F3FEE66E-E034-436a-86E4-9690573BEE8A} - "YouTube Downloader Toolbar" (C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 07/07/2011 18:17:19 (10089 Byte(s)) End at: 18:17:53, 07/07/2011 ============== E.O.F ==============