======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:44:15 on 13/08/2011, Normal boot Microsoft Windows 7 Home Premium Service Pack 1 (X64) Kulesza@HP (Hewlett-Packard HP Pavilion dv7 Notebook PC) ============== ACTION(S) ============== File deleted: C:\Users\Kulesza\AppData\Roaming\Mozilla\FireFox\Profiles\hw2lqvuc.default\searchplugins\conduit.xml File deleted: C:\Users\Kulesza\AppData\Roaming\Mozilla\FireFox\Profiles\hw2lqvuc.default\searchplugins\web-search.xml Folder deleted: C:\Users\Kulesza\AppData\LocalLow\Conduit Folder deleted: C:\Program Files (x86)\Conduit (!) -- Temporary files deleted. -- File opened: C:\Users\Kulesza\AppData\Roaming\Mozilla\FireFox\Profiles\hw2lqvuc.default\Prefs.js -- Line deleted: user_pref("CT1098640.SavedHomepage", "hxxp://vshare.toolbarhome.com/?hp=df"); Line deleted: user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT109... Line deleted: user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1098640&Search... Line deleted: user_pref("CommunityToolbar.ConduitSearchList", "free-downloads.net Customized Web Search"); Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1098640", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1098640",... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1098640/CT1098640... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/equalizer_de... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/minimize.gif... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/play.gif", "... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/stop.gif", "... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/vol.gif", "\... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"... Line deleted: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kulesza\\AppData\\Roaming\\Mozilla\... Line deleted: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12"); Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://vshare.toolbarhome.com/search.asp... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1098640"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1098640"); Line deleted: user_pref("CommunityToolbar.ToolbarsList4", "CT1098640"); Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jul 07 2011 21:44:46 GMT+0200"); Line deleted: user_pref("CommunityToolbar.globalUserId", "998e69e1-6f22-4a50-ba58-25bb39b620e5"); Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640"); Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&Sea... Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13"); Line deleted: user_pref("extensions.enabledItems", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{2D3F3651-74B9-4795... Line deleted: user_pref("extensions.vshare@toolbar.update.enabled", false); Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="); Line deleted: user_pref("vshare.install.date", "1298678400000"); Line deleted: user_pref("vshare.install.dumpFileCount", 0); Line deleted: user_pref("vshare.install.dumpFileDisabled", false); Line deleted: user_pref("vshare.install.finished", "1.0.0"); Line deleted: user_pref("vshare.install.guardSPCount", 2); Line deleted: user_pref("vshare.install.guardSPPopupCount", 1); Line deleted: user_pref("vshare.install.guid", "{f96a8c25-38d5-4e68-962f-deae187f4b6a}"); Line deleted: user_pref("vshare.install.isHidden", true); Line deleted: user_pref("vshare.install.istoolbarhp", true); Line deleted: user_pref("vshare.install.istoolbarsearch", true); Line deleted: user_pref("vshare.install.laststatreq", "1309046400000"); Line deleted: user_pref("vshare.install.newtab", true); Line deleted: user_pref("vshare.install.overlayVersion", 1); Line deleted: user_pref("vshare.install.userHPSettings", ""); Line deleted: user_pref("vshare.install.userSPSettings", "Google"); -- File closed -- Key deleted: HKLM\Software\Classes\Toolbar.CT1098640 Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (pl)] **** HKLM_MozillaPlugins\@fileplanet.com/fpdlm (x) HKLM_MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 (x) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\KavAntiBanner@kaspersky.ru_bak (Blokowanie banerów ) Extensions\linkfilter@kaspersky.ru_bak (Kaspersky URL Advisor ) HKLM_Extensions|otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ HKLM_Extensions|virtualKeyboard@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru (x) HKLM_Extensions|KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru (x) HKLM_Extensions|linkfilter@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru (x) HKCU_Extensions|otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext -- C:\Users\Kulesza\AppData\Roaming\Mozilla\FireFox\Profiles\hw2lqvuc.default -- Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} (Aero Fox XL) Prefs.js - browser.download.lastDir, C:\\Users\\Kulesza\\Desktop\\Nowy folder (2) Prefs.js - browser.search.defaultenginename, Web Search... Prefs.js - browser.search.selectedEngine, free-downloads.net Customized Web Search Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll) (x) HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe (WildTangent, Inc.) HKLM_ElevationPolicy\98f7f45e-249e-4c36-8c57-233f5304b081 - C:\Program Files (x86)\free-downloads.net\free-downloads.netToolbarHelper.exe (x) HKLM_ElevationPolicy\{02073B90-44EE-47B1-9633-732376A8A3C8} - C:\Program Files (x86)\Veetle\Player\VeetleNet.exe (?) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\symerr.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files (x86)\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files (x86)\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{A72296F2-F88D-4EB4-92F7-3BC70F5A5755} - C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files (x86)\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Wyślij do interfejsu Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico) BHO\{395610AE-C624-4f58-B89E-23733EA00F9A} - "DigitalPersona Personal Extension" (C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik logowania za pomocą identyfikatora Windows Live" (C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 4 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 13/08/2011 16:44:21 (11843 Byte(s)) End at: 16:45:39, 13/08/2011 ============== E.O.F ==============