======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:55:56 on 18/08/2011, Normal boot Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Joanna@KAMIL-PC (Gigabyte Technology Co., Ltd. G31M-ES2L) ============== ACTION(S) ============== File deleted: C:\Program Files\Mozilla FireFox\Components\AskSearch.js Folder deleted: C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default\conduit Folder deleted: C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default\ConduitEngine Folder deleted: C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default\extensions\engine@conduit.com File deleted: C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default\searchplugins\conduit.xml Folder deleted: C:\Users\Joanna\AppData\LocalLow\Conduit Folder deleted: C:\Program Files\Conduit Folder deleted: C:\Program Files\AutocompletePro Folder deleted: C:\Users\Joanna\AppData\LocalLow\Toolbar4 (!) -- Temporary files deleted. -- File opened: C:\Users\Joanna\AppData\Roaming\Mozilla\FireFox\Profiles\v7wn210l.default\Prefs.js -- Line deleted: user_pref("keyword.URL", "hxxp://www.ask.com/web?&o=13795&l=dis&q="); -- File closed -- -- File opened: C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default\Prefs.js -- Line deleted: user_pref("CT2463487.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT246... Line deleted: user_pref("CT2530240.SearchEngine", "Szukaj||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line deleted: user_pref("CT2530240.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253... Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2530240"); Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/857155/852957/PL", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2463487", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2530240", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2463487",... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2530240",... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2463487/CT2463487... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2530240/CT2530240... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pl-pl", "\"... Line deleted: user_pref("CommunityToolbar.EngineHiddenByUser", true); Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2463487"); Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"); Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "brothersoft"); Line deleted: user_pref("CommunityToolbar.IsEngineShown", false); Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2463487"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "brothersoft"); Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2530240,ConduitEngine,CT2463487"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2530240,CT2463487"); Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 23 2011 18:02:57 GMT+02... Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Aug 09 2011 16:08:16 GMT+0200"); Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Aug 09 2011 16:06:46 GMT+0200"); Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "d3e3b7a0-a9de-483b-ab0c-8b3396b73bb7"); Line deleted: user_pref("CommunityToolbar.globalUserId", "bd40d41a-82cc-42d7-b75d-1ac82fe05974"); Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2463487"); Line deleted: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jul 20 2011 19:04:35 GMT+0200"); Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 02 2011 22:06:00 GMT+0200"); Line deleted: user_pref("ConduitEngine.FirstServerDate", "01/28/2011 20"); Line deleted: user_pref("ConduitEngine.FirstTime", true); Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true); Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line deleted: user_pref("ConduitEngine.HideEngineAfterRestart", true); Line deleted: user_pref("ConduitEngine.Initialize", true); Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line deleted: user_pref("ConduitEngine.InstalledDate", "Fri Jan 28 2011 18:12:19 GMT+0100"); Line deleted: user_pref("ConduitEngine.IsMulticommunity", false); Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Jun 02 2011 22:06:04 GMT+0200"); Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 20 2011 18:55:20 GMT+0200"); Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Jun 02 2011 22:06:01 GMT+0200"); Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Jun 02 2011 22:06:01 GMT+0200"); Line deleted: user_pref("ConduitEngine.UserID", "UN88513411492092133"); Line deleted: user_pref("ConduitEngine.engineLocale", "pl"); Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Jun 02 2011 22:06:00 GMT+0200"); Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Jun 02 2011 22:06:02 GMT+0200"); Line deleted: user_pref("ConduitEngine.initDone", true); Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true); Line deleted: user_pref("ConduitEngine.usagesFlag", 2); Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&Sea... Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&q="); -- File closed -- Key deleted: HKLM\Software\Classes\Interface\{384FE458-A963-450D-9187-EEFF81913FD0} Key deleted: HKLM\Software\Conduit Key deleted: HKCU\Software\AutocompletePro Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [4.0.1 (pl)] **** Plugins\npwachk.dll (Nullsoft) HKLM_MozillaPlugins\Adobe Reader (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Searchplugins\acpro.xml ( hxxp://search.autocompletepro.com?si=7148&q={searchTerms}/) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) HKLM_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\SPFireFox (x) -- C:\Users\Joanna\AppData\Roaming\Mozilla\FireFox\Profiles\v7wn210l.default -- Prefs.js - browser.download.dir, C:\\Users\\Joanna\\Desktop Prefs.js - browser.download.lastDir, C:\\Users\\Joanna\\Desktop Prefs.js - browser.startup.homepage, about:home Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 -- C:\Users\Guest\AppData\Roaming\Mozilla\FireFox\Profiles\3kwuq089.default -- Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 -- C:\Users\Justyna\AppData\Roaming\Mozilla\FireFox\Profiles\hwwd99xx.default -- Prefs.js - browser.download.lastDir, C:\\Users\\Justyna\\Downloads Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 -- C:\Users\Kamil\AppData\Roaming\Mozilla\FireFox\Profiles\276webzn.default -- Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool) Extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (Softonic-Polska Community Toolbar) Extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} (Brothersoft Community Toolbar) Prefs.js - browser.download.lastDir, C:\\Users\\Kamil\\Downloads Prefs.js - browser.search.defaultenginename, ACPro Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 ======================================== **** Internet Explorer Version [7.0.6001.18000] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{ABC95919-5966-4dd2-98CC-EB48233AE0B0} - "Ask.com" (hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x) HKLM_ElevationPolicy\2f088516-1ef6-4e03-889e-a8f79d97d431 - C:\Program Files\Softonic-Polska\Softonic-PolskaToolbarHelper.exe (x) HKLM_ElevationPolicy\7ffb93b0-77ef-49f8-8a97-f4beefb16b39 - C:\Program Files\4shared.com\4shared.comToolbarHelper.exe (x) HKLM_ElevationPolicy\8b01e184-7a9b-44b5-b3ab-72d03cb52499 - C:\Program Files\4shared.com\4shared.comToolbarHelper.exe (x) HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x) HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) BHO\{0055C089-8582-441B-A0BF-17B458C2A3A8} - "IDMIEHlprObj Class" (C:\Program Files\Internet Download Manager\IDMIECC.dll) BHO\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - "IEPluginBHO Class" (C:\Users\Kamil\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 125 File(s) C:\Program Files\Ad-Remover\Backup: 17 File(s) C:\Ad-Report-CLEAN[1].txt - 18/08/2011 16:56:30 (15915 Byte(s)) C:\Ad-Report-SCAN[1].txt - 18/08/2011 16:53:49 (16160 Byte(s)) End at: 17:50:10, 18/08/2011 ============== E.O.F ==============