======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 15:14:07 on 18/07/2011, Normal boot Microsoft Windows 7 Ultimate Service Pack 1 (X86) Piotrek@PIOTR (Gigabyte Technology Co., Ltd. P35C-DS3R) ============== SEARCH ============== File found: C:\Users\Piotrek\AppData\Roaming\Mozilla\FireFox\Profiles\0rlp8b07.default\searchplugins\conduit.xml Folder found: C:\Users\Piotrek\AppData\Local\Conduit Folder found: C:\Users\Piotrek\AppData\LocalLow\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Users\Piotrek\AppData\LocalLow\PriceGong -- File opened: C:\Users\Piotrek\AppData\Roaming\Mozilla\FireFox\Profiles\0rlp8b07.default\Prefs.js -- Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2771935&Sea... Line found: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2771935&q="); -- File closed -- Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2589491 Key found: HKLM\Software\Classes\Toolbar.CT2786678 Key found: HKLM\Software\Conduit Key found: HKCU\Software\AppDataLow\Software\PriceGong Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{541BD924-F1C1-43B9-8C08-902E71865B00} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ============== ADDITIONNAL SCAN ============== -- C:\Users\Piotrek\AppData\Roaming\Mozilla\FireFox\Profiles\0rlp8b07.default -- Extensions\staged (?) Extensions\{481f306a-420c-4673-be90-543b7d62a78e} (LogiTool Community Toolbar) Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (uTorrentBar Community Toolbar) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2771935&SearchSource=3&q={searchTerms} /) Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2771935&SearchSource=3&q={searchTerms} Prefs.js - browser.search.selectedEngine, LogiTool Customized Web Search Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2771935&q= ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://ayuwage.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_URLSearchHooks|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (x) HKCU_URLSearchHooks|{ee4c73ff-7a1b-4330-acec-45e409118cc1} (x) HKCU_SearchScopes\{541BD924-F1C1-43B9-8C08-902E71865B00} - "AyuWage Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - " " (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} (x) HKCU_Toolbar\WebBrowser|{EE4C73FF-7A1B-4330-ACEC-45E409118CC1} (x) HKLM_Toolbar|{265EEE8E-3228-44D3-AEA5-F7FDF5860049} (D:\Programy\Zainstalowane\F-secure\F-Secure\NRS\iescript\baselitmus.dll) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{8D2A5716-2205-4EB2-8443-03AB6B9F4B3B} - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSIX.exe (Futuremark Corporation) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{C6867EB7-8350-4856-877F-93CF8AE3DC9C} - "Browsing Protection Class" (D:\Programy\Zainstalowane\F-secure\F-Secure\NRS\iescript\baselitmus.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 18/07/2011 15:14:46 (4494 Byte(s)) End at: 15:15:10, 18/07/2011 ============== E.O.F ==============