======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 19:44:40 on 16/07/2011, Normal boot Microsoft Windows 7 Ultimate (X86) Pawel@LAP-PAWEL (Acer Aspire 5741G) ============== SEARCH ============== Folder found: C:\Users\Pawel\AppData\Roaming\Mozilla\FireFox\Profiles\cvppffsx.default\conduit Folder found: C:\Users\Pawel\AppData\Roaming\Mozilla\FireFox\Profiles\cvppffsx.default\ConduitEngine Folder found: C:\Users\Pawel\AppData\LocalLow\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Program Files\ConduitEngine Folder found: C:\Users\Pawel\AppData\LocalLow\PriceGong File found: C:\Users\Pawel\Downloads\vshare-plugin-v3.exe -- File opened: C:\Users\Pawel\AppData\Roaming\Mozilla\FireFox\Profiles\cvppffsx.default\Prefs.js -- Line found: user_pref("browser.search.selectedEngine", "qooqlle"); Line found: user_pref("browser.startup.homepage", "hxxp://www.qooqlle.com/"); -- File closed -- Key found: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key found: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2312123 Key found: HKLM\Software\Classes\Toolbar.CT2786678 Key found: HKLM\Software\Conduit Key found: HKCU\Software\AppDataLow\Software\PriceGong Key found: HKCU\Software\AppDataLow\Software\Toolbar Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (pl)] **** HKLM_MozillaPlugins\@idsoftware.com/QuakeLive (x) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\search.xml (hxxp://search.yahoo.com/search) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} (vShare Add-On) -- C:\Users\Pawel\AppData\Roaming\Mozilla\FireFox\Profiles\cvppffsx.default -- Searchplugins\qooqlle.xml (?) Prefs.js - browser.search.selectedEngine, qooqlle Prefs.js - browser.startup.homepage, hxxp://www.qooqlle.com/ Prefs.js - browser.startup.homepage_override.mstone, false ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://www.qooqlle.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_URLSearchHooks|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (x) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTer...) HKLM_SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E} - "Web Search" (hxxp://startsear.ch/?q={searchTerms}) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKCU_Toolbar\WebBrowser|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} (x) HKLM_ElevationPolicy\f913f9f0-8880-49d6-bf7a-d1639da80eac - C:\Program Files\HiGames\HiGamesToolbarHelper.exe (x) HKLM_ElevationPolicy\fd202e31-c08d-4082-b5c7-7e62bcf81815 - C:\Program Files\HiGames\HiGamesToolbarHelper.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.) HKLM_Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - "PokerStars" (C:\Program Files\PokerStars\main.ico) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 16/07/2011 19:44:50 (5623 Byte(s)) End at: 19:45:25, 16/07/2011 ============== E.O.F ==============