======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:58:11 on 31/07/2011, Normal boot Microsoft Windows 7 Home Premium (X86) Marcin@USER-KOMPUTER (Gigabyte Technology Co., Ltd. G31M-ES2L) ============== SEARCH ============== Folder found: C:\Users\Marcin\AppData\Roaming\Mozilla\FireFox\Profiles\mdrh4hc5.default\conduit Folder found: C:\Users\Marcin\AppData\Roaming\Mozilla\FireFox\Profiles\mdrh4hc5.default\ConduitEngine Folder found: C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\070hqcbw.default\extensions\vshare@toolbar File found: C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\070hqcbw.default\searchplugins\web-search.xml Folder found: C:\Users\Marcin\AppData\LocalLow\Conduit Folder found: C:\Users\Marcin\AppData\LocalLow\PriceGong Folder found: C:\ProgramData\Trymedia -- File opened: C:\Users\Marcin\AppData\Roaming\Mozilla\FireFox\Profiles\mdrh4hc5.default\Prefs.js -- Line found: user_pref("CT2786678.SavedHomepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line found: user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/PL", "\"0\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634... Line found: user_pref("CommunityToolbar.EngineHiddenByUser", false); Line found: user_pref("CommunityToolbar.EngineOwner", "CT2786678"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar"); Line found: user_pref("CommunityToolbar.IsEngineShown", false); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar"); Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://vshare.toolbarhome.com/search.asp... Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678"); Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 22 2011 20:11:49 GMT+02... Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 18:06:45 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 22:09:36 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "1982e2c1-cbb7-45c6-b588-2f386771f0e2"); Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Apr 22 2011 20:11:49 GMT+0200"); Line found: user_pref("CommunityToolbar.globalUserId", "3ea97b34-5b26-438b-8b98-55ef7c2b13d0"); Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678"); Line found: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 03 2011 18:29:21 GMT+0200"); Line found: user_pref("ConduitEngine.CTID", "ConduitEngine"); Line found: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Apr 22 2011 20:11:48 GMT+0200"); Line found: user_pref("ConduitEngine.FirstServerDate", "04/22/2011 21"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.FixPageNotFoundErrors", false); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.HideEngineAfterRestart", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Line found: user_pref("ConduitEngine.InstalledDate", "Fri Apr 22 2011 20:11:47 GMT+0200"); Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", false); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Apr 22 2011 20:11:47 GMT+0200"); Line found: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Apr 22 2011 20:11:49 GMT+0200"); Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line found: user_pref("ConduitEngine.SavedHomepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C... Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Apr 22 2011 20:11:47 GMT+0200"); Line found: user_pref("ConduitEngine.UserID", "UN67708345212385233"); Line found: user_pref("ConduitEngine.engineLocale", "pl"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Apr 22 2011 20:11:47 GMT+0200"); Line found: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Apr 22 2011 20:11:49 GMT+0200"); Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("ConduitEngine.isAppTrackingManagerOn", true); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea... Line found: user_pref("vshare.install.date", "1302048000000"); Line found: user_pref("vshare.install.dumpFileCount", 0); Line found: user_pref("vshare.install.dumpFileDisabled", false); Line found: user_pref("vshare.install.finished", "1.0.0"); Line found: user_pref("vshare.install.guardCount", 2); Line found: user_pref("vshare.install.guardPopupCount", 1); Line found: user_pref("vshare.install.guardSPCount", 1); Line found: user_pref("vshare.install.guardSPPopupCount", 1); Line found: user_pref("vshare.install.guid", "{8fffd6e6-ae0c-4b15-bc33-528dd90b9003}"); Line found: user_pref("vshare.install.isDisabled", true); Line found: user_pref("vshare.install.isHidden", true); Line found: user_pref("vshare.install.istoolbarhp", true); Line found: user_pref("vshare.install.istoolbarsearch", true); Line found: user_pref("vshare.install.laststatreq", "1306195200000"); Line found: user_pref("vshare.install.newtab", true); Line found: user_pref("vshare.install.overlayVersion", 1); Line found: user_pref("vshare.install.userHPSettings", ""); Line found: user_pref("vshare.install.userSPSettings", ""); -- File closed -- -- File opened: C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\070hqcbw.default\Prefs.js -- Line found: user_pref("browser.startup.homepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line found: user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"linkfilter@kaspersky.r... Line found: user_pref("extensions.vshare@toolbar.install-event-fired", true); Line found: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="); Line found: user_pref("vshare.install.date", "1301788800000"); Line found: user_pref("vshare.install.dumpFileCount", 0); Line found: user_pref("vshare.install.dumpFileDisabled", false); Line found: user_pref("vshare.install.finished", "1.0.0"); Line found: user_pref("vshare.install.guid", "{2ecf6ef1-3126-40ad-b96e-0994afe812be}"); Line found: user_pref("vshare.install.istoolbarhp", true); Line found: user_pref("vshare.install.istoolbarsearch", true); Line found: user_pref("vshare.install.laststatreq", "1304380800000"); Line found: user_pref("vshare.install.newtab", true); Line found: user_pref("vshare.install.overlayVersion", 1); Line found: user_pref("vshare.install.userHPSettings", ""); Line found: user_pref("vshare.install.userSPSettings", ""); -- File closed -- Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2786678 Key found: HKLM\Software\Conduit Key found: HKLM\Software\PopCap Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\AppDataLow\Software\PriceGong Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (pl)] **** Plugins\npBitCometAgent.dll (BitComet) Plugins\npFoxitReaderPlugin.dll (Foxit Software Company) HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x) HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype extension ) -- C:\Users\Marcin\AppData\Roaming\Mozilla\FireFox\Profiles\mdrh4hc5.default -- Extensions\firefox@tvunetworks.com (TVU Web Player) Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} (BitComet Video Downloader) Prefs.js - browser.download.lastDir, C:\\Users\\Marcin\\Desktop Prefs.js - browser.search.defaultenginename, Web Search Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ig?hl=|hxxp://startsear.ch/ Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9e8a14260000000000006cf049e0b991&tlver=1.4.31.2&instlRef=sst... -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\070hqcbw.default -- Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar) Extensions\vshare@toolbar (vShare) Searchplugins\web-search.xml (?) Prefs.js - browser.download.lastDir, C:\\Users\\User\\Desktop Prefs.js - browser.search.defaultenginename, Web Search... Prefs.js - browser.startup.homepage, hxxp://vshare.toolbarhome.com/?hp=df Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - keyword.URL, hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://google.atcomet.com/b/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=FF-DL&o=16596&src=crm&q={searchTe...) HKCU_SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} - "kikin Search" (hxxp://search.kikin.com/search/?q={searchTerms}) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - " " (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKLM_SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E} - "Web Search" (hxxp://startsear.ch/?q={searchTerms}) HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - " " (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{8F8BAD52-D4D2-4669-9E8E-A7AAE8393056} - C:\Program Files\kikin\KikinBroker.exe (kikin) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - "?" (?) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) HKLM_Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - "BitComet" (C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll,203) BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll) BHO\{E601996F-E400-41CA-804B-CD6373A7EEE2} - "kikin Plugin" (C:\Program Files\kikin\ie_kikin.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 31/07/2011 20:58:19 (17012 Byte(s)) End at: 20:58:57, 31/07/2011 ============== E.O.F ==============