======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Launched at 14:05:03 on 10/06/2011, Normal boot Microsoft Windows 7 Professional Service Pack 1 (X86) d3s@SZARY (Gigabyte Technology Co., Ltd. EP31-DS3L) ============== SEARCH ============== Folder found: C:\Users\d3s\AppData\Local\Conduit Folder found: C:\Users\d3s\AppData\LocalLow\Conduit Folder found: C:\ProgramData\Trymedia Folder found: C:\Users\d3s\AppData\LocalLow\vShare Folder found: C:\Program Files\vShare Key found: HKLM\Software\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKLM\Software\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key found: HKLM\Software\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} Key found: HKLM\Software\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D} Key found: HKLM\Software\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2077543 Key found: HKLM\Software\Classes\vShare.IMedixProtocol Key found: HKLM\Software\Classes\vShare.IMedixProtocol.1 Key found: HKLM\Software\Classes\vShare.PugiObj Key found: HKLM\Software\Classes\vShare.PugiObj.1 Key found: HKLM\Software\Classes\vShare.ScriptHelpers Key found: HKLM\Software\Classes\vShare.ScriptHelpers.1 Key found: HKCU\Software\vShare Key found: HKCU\Software\AppDataLow\HavingFunOnline Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare Key found: HKLM\Software\Classes\PROTOCOLS\Handler\vsharechrome Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} ============== ADDITIONNAL SCAN ============== **** Google Chrome Version [12.0.742.91] **** -- C:\Users\d3s\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.google.pl/ Preferences - homepage_is_newtabpage: true Plugin - Chrome NaCl (Enabled: false) (C:\Users\d3s\AppData\Local\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll) Plugin - "Java" (Enabled: true) Plugin - "Silverlight" (Enabled: true) Plugin - "Chrome NaCl" (Enabled: false) ======================================== **** Internet Explorer Version [8.0.7601.17514] **** Plugins\LV2010ActiveXControl.dll (National Instruments) Plugins\LV82ActiveXControl.dll (National Instruments) Plugins\LV85ActiveXControl.dll (National Instruments) Plugins\LV86ActiveXControl.dll (National Instruments) Plugins\LV90ActiveXControl.dll (National Instruments) HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "Web Search..." (hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "ToggleEN Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "ToggleEN Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{043C5167-00BB-4324-AF7E-62013FAEDACF} (C:\Program Files\vShare\vshare_toolbar.dll) HKLM_Toolbar|{043C5167-00BB-4324-AF7E-62013FAEDACF} (C:\Program Files\vShare\vshare_toolbar.dll) HKLM_ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\lip.exe (?) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{1C02C448-584D-43D8-BD0E-0418D07AFEE4} - C:\Windows\system32\s\dopdfc (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) BHO\{043C5167-00BB-4324-AF7E-62013FAEDACF} - "vShare Plugin" (C:\Program Files\vShare\vshare_toolbar.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 2 File(s) C:\Ad-Report-SCAN[1].txt - 10/06/2011 14:00:55 (5892 Byte(s)) C:\Ad-Report-SCAN[2].txt - 10/06/2011 14:05:05 (5818 Byte(s)) End at: 14:05:38, 10/06/2011 ============== E.O.F ==============