======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:30:10 on 21/07/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Uzytkownik@KOMPUTEREK ( ) ============== SEARCH ============== File found: C:\WINDOWS\system32\ConduitEngine.tmp File found: C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Dane aplikacji\Mozilla\FireFox\Profiles\pytgn3fk.default\searchplugins\conduit.xml Folder found: C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\ConduitEngine Folder found: C:\Program Files\ConduitEngine Folder found: C:\Program Files\SmileyCentral_1v -- File opened: C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Dane aplikacji\Mozilla\FireFox\Profiles\pytgn3fk.default\Prefs.js -- Line found: user_pref("CT1708250.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT170... Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line found: user_pref("CommunityToolbar.ToolbarsList", "CT1708250"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT1708250"); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&Sea... Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1708250&SearchSource=13"); Line found: user_pref("extensions.SmileyCentral_1v.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/op... Line found: user_pref("extensions.SmileyCentral_1v.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=... Line found: user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYpl_ZNz... -- File closed -- -- File opened: C:\Documents and Settings\PATRYSIA.KOMPUTEREK\Dane aplikacji\Mozilla\FireFox\Profiles\b9g1gj9o.default\Prefs.js -- Line found: user_pref("extensions.SmileyCentral_1v.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/op... Line found: user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYpl_ZNz... -- File closed -- Key found: HKLM\Software\Classes\CLSID\{474E192B-29EA-42F0-92E0-FE25DC8CEDC1} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{474E192B-29EA-42F0-92E0-FE25DC8CEDC1} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474E192B-29EA-42F0-92E0-FE25DC8CEDC1} Key found: HKLM\Software\Classes\Interface\{27F9316B-880A-47D2-951D-98A8E14A968E} Key found: HKLM\Software\Classes\Interface\{321B6AFD-7096-46D4-BF7C-228047F64224} Key found: HKLM\Software\Classes\Interface\{4E007095-02D1-440C-B344-7752B4305DBD} Key found: HKLM\Software\Classes\Interface\{8781A209-052E-4B78-9BDC-3646B67BB22D} Key found: HKLM\Software\Classes\Interface\{885623FE-8561-4528-AB88-F36FA792C911} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT1708250 Key found: HKLM\Software\Conduit Key found: HKLM\Software\conduitEngine Key found: HKLM\Software\PopCap Key found: HKCU\Software\Conduit Key found: HKCU\Software\conduitEngine Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB40C433-925E-4E71-BCA7-A3B7C7F29035} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key found: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [4.0.1 (pl)] **** HKLM_MozillaPlugins\@SmileyCentral_1v.com/Plugin (x) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension ) HKLM_Extensions|1vffxtbr@SmileyCentral_1v.com - C:\Program Files\SmileyCentral_1v\bar\2.bin -- C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Dane aplikacji\Mozilla\FireFox\Profiles\pytgn3fk.default -- Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} (Free Lunch Design Toolbar) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} /) Searchplugins\SmileyCentral_1v.xml (hxxp://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml) Searchplugins\wrzuta.xml (?) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Uzytkownik.KOMPUTEREK\\Moje dokumenty Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT1708250&SearchSource=13 Prefs.js - browser.startup.homepage_override.buildID, 20110707182747 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0.1 Prefs.js - keyword.URL, hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYpl_ZNzfb015&ptb=135113A3-6D2B-4483-873E... -- C:\Documents and Settings\PATRYSIA.KOMPUTEREK\Dane aplikacji\Mozilla\FireFox\Profiles\b9g1gj9o.default -- Searchplugins\SmileyCentral_1v.xml (hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml) Prefs.js - browser.search.selectedEngine, My Way Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.18 Prefs.js - keyword.URL, hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYpl_ZNzfb015&ptb=135113A3-6D2B-4483-873E... ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://www.google.pl/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_URLSearchHooks|{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} (x) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Free Lunch Design Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} (x) HKCU_Toolbar\WebBrowser|{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} (x) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKLM_ElevationPolicy\{06a4d833-ee14-4551-ae73-f42598d97629} - C:\Program Files\SmileyCentral_1v\bar\2.bin\1vimpipe.exe (x) HKLM_ElevationPolicy\{407E8681-7619-4DAB-8834-25B293E789D4} - C:\Program Files\Free_Lunch_Design\Free_Lunch_DesignToolbarHelper1.exe (?) HKLM_ElevationPolicy\{B1CF70C3-9A9A-40DB-A507-4B23A7B37026} - C:\Documents and Settings\Uzytkownik.KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Conduit\CT1708250\Free_Lunch_DesignAutoUpdaterHelper.exe (?) HKLM_ElevationPolicy\{DB40C433-925E-4E71-BCA7-A3B7C7F29035} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?) HKLM_ElevationPolicy\{e4d0210d-803f-4ac5-89b0-56df14d7ac2e} - C:\Program Files\SmileyCentral_1v\bar\2.bin\1vSkPlay.exe (x) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) HKLM_Extensions\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - "eBay - Homepage" (C:\Program Files\IrfanView\Ebay\Ebay.ico) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 21/07/2011 22:30:18 (7722 Byte(s)) End at: 22:30:52, 21/07/2011 ============== E.O.F ==============