======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 19:19:39 on 03/08/2011, Safeboot mode Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) admin@ADMIN-A1422B108 ( ) ============== SEARCH ============== Folder found: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\ConduitEngine Folder found: C:\Documents and Settings\admin\Dane aplikacji\PriceGong Folder found: C:\Documents and Settings\user\Dane aplikacji\PriceGong -- File opened: C:\Documents and Settings\user\Dane aplikacji\Mozilla\FireFox\Profiles\3vx71uyd.default\Prefs.js -- Line found: user_pref("browser.search.selectedEngine", "qooqlle"); Line found: user_pref("browser.startup.homepage", "hxxp://www.qooqlle.com/"); -- File closed -- Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2704262 Key found: HKLM\Software\Classes\Toolbar.CT2786678 Key found: HKLM\Software\Conduit Key found: HKLM\Software\conduitEngine Key found: HKCU\Software\conduitEngine Key found: HKCU\Software\PriceGong Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B554627B-46B9-4108-93D2-5387727DCA5D} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0.1 (pl)] **** Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\FireFox\Profiles\myfcny9k.default -- Prefs.js - browser.search.selectedEngine, Prefs.js - browser.startup.homepage, about:home Prefs.js - browser.startup.homepage_override.mstone, false Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\FireFox\Profiles\3vx71uyd.default -- Searchplugins\search.xml (?) Prefs.js - browser.search.selectedEngine, qooqlle Prefs.js - browser.startup.homepage, hxxp://www.qooqlle.com/ Prefs.js - browser.startup.homepage_override.mstone, false Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKCU_URLSearchHooks|{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - "DeviceVM Url Search Hook" (C:\WINDOWS\system32\dvmurl.dll) HKCU_URLSearchHooks|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - "uTorrentBar Toolbar" (C:\Program Files\uTorrentBar\tbuTor.dll) (x) HKCU_Toolbar\WebBrowser|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} (C:\Program Files\uTorrentBar\tbuTor.dll) (x) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{B274E7DA-E514-41A1-96E0-17871B7162CC} - C:\Program Files\uTorrentBar\uTorrentBarToolbarHelper.exe (x) HKLM_ElevationPolicy\{B554627B-46B9-4108-93D2-5387727DCA5D} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (x) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll) (x) BHO\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - "uTorrentBar Toolbar" (C:\Program Files\uTorrentBar\tbuTor.dll) (x) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 03/08/2011 19:19:44 (1053 Byte(s)) End at: 19:20:07, 03/08/2011 ============== E.O.F ==============