======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org H:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 15:36:17 on 29/04/2011, Normal boot Microsoft Windows 7 Ultimate E (X86) Patryk@PATRYK-KOMPUTER ( ) ============== SEARCH ============== Folder found: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\conduit Folder found: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\ConduitEngine -- File opened: H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default\Prefs.js -- Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 28 2011 20:21:01 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 28 2011 20:21:01 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "f936a326-d454-4095-b874-123b4d49317a"); -- File closed -- Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2031308 Key found: HKLM\Software\Classes\Toolbar.CT2206084 Key found: HKLM\Software\Conduit Key found: HKCU\Software\Conduit Key found: HKCU\Software\AppDataLow\Software\Toolbar Key found: HKLM\Software\Cheat Engine\OpenCandy ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.16 (pl)] **** Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\arcabit@www.arcabit.pl (ArcaBit Ext.) Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension ) HKLM_Extensions|smartwebprinting@hp.com - H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKCU_Extensions|smartwebprinting@hp.com - H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 -- H:\Users\Patryk\AppData\Roaming\Mozilla\FireFox\Profiles\cgj8thdx.default -- Prefs.js - browser.download.lastDir, H:\\Users\\Patryk\\Music Prefs.js - browser.search.defaultenginename, Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, Prefs.js - browser.startup.homepage, hxxp://www.google.pl/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16 ======================================== **** Google Chrome Version [10.0.648.205] **** -- H:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default -- Plugin - Windows Genuine Advantage (Enabled: true) (H:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll) Plugin - "Windows Genuine Advantage" (Enabled: true) ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Page_URL - hxxp://www.yahoo.com HKLM_Main|Start Page - hxxp://www.yahoo.com HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=iron&s={searchTerms}&f=4) HKLM_Toolbar|{4064EA35-578D-4073-A834-C96D82CBCF40} (I:\Hax\Save Flash\SaveFlash.dll) HKLM_ElevationPolicy\b4058623-8401-45b0-8369-0d7d7bb6b547 - H:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x) HKLM_ElevationPolicy\{0002df01-0000-0000-c000-000000000046} - H:\Program Files\Internet Explorer\iexplore.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - H:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - H:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - H:\Program Files\Internet Explorer\iedw.exe (x) HKLM_Extensions\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} - "Sothink SWF Catcher" (H:\Program Files\Common Files\SourceTec\SWF Catcher\SWFCatcher.dll,128) ======================================== H:\Program Files\Ad-Remover\Quarantine: 0 File(s) H:\Program Files\Ad-Remover\Backup: 1 File(s) H:\Ad-Report-SCAN[1].txt - 29/04/2011 15:36:22 (5309 Byte(s)) End at: 15:36:38, 29/04/2011 ============== E.O.F ==============