======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 18:31:39 on 11/07/2011, Normal boot Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Tadeusz@DOM ( ) ============== SEARCH ============== File found: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\searchplugins\askcom.xml Folder found: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\conduit Folder found: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\ConduitEngine Folder found: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\extensions\engine@conduit.com File found: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\searchplugins\conduit.xml Folder found: C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Documents and Settings\Tadeusz\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\OpenCandy Folder found: C:\Documents and Settings\Tadeusz\Dane aplikacji\PriceGong -- File opened: C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default\Prefs.js -- Line found: user_pref("CT2530240.SavedHomepage", "hxxp://www.ask.com?o=15573&l=dis"); Line found: user_pref("CT2530240.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923243/919034/PL", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2530240", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3... Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2530240",... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438653905850... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2530240/CT2530240... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif... Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pl-pl", "\"... Line found: user_pref("CommunityToolbar.EngineOwner", "CT2530240"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-polska"); Line found: user_pref("CommunityToolbar.IsEngineShown", true); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2530240"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-polska"); Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2530240,ConduitEngine"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2530240"); Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 19 2011 22:52:08 GMT+02... Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 16:54:41 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 16:54:33 GMT+0200"); Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "95f671bf-9c71-4023-8dc4-d17def428637"); Line found: user_pref("CommunityToolbar.globalUserId", "e49e9f69-9965-4f0c-9762-7a777b1cd775"); Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2530240"); Line found: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 27 2011 16:54:48 GMT+0200"); Line found: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 27 2011 16:54:40 GMT+0200"); Line found: user_pref("ConduitEngine.FirstServerDate", "02/13/2011 23"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.HideEngineAfterRestart", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstalledDate", "Sun Feb 13 2011 21:05:09 GMT+0100"); Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 16:54:40 GMT+0200"); Line found: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Feb 13 2011 21:05:09 GMT+0100"); Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Tue Apr 19 2011 22:29:53 GMT+0200"); Line found: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 19:54:38 GMT+0200"); Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 19:54:38 GMT+0200"); Line found: user_pref("ConduitEngine.UserID", "UN15273947667565757"); Line found: user_pref("ConduitEngine.engineLocale", "pl"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jun 27 2011 16:54:38 GMT+0200"); Line found: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 27 2011 20:54:38 GMT+0200"); Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("ConduitEngine.isAppTrackingManagerOn", true); Line found: user_pref("browser.search.defaultengine", "Ask.com"); Line found: user_pref("browser.search.defaultenginename", "Ask.com"); Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&Sea... Line found: user_pref("browser.search.order.1", "Ask.com"); Line found: user_pref("browser.search.selectedEngine", "Ask.com"); Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2530240&SearchSource=13"); Line found: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{CAFEEFAC-0016-0... -- File closed -- Key found: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3} Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2530240 Key found: HKLM\Software\Classes\Toolbar.CT2688461 Key found: HKCU\Software\PriceGong Key found: HKCU\Software\Toolbar Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.13 (pl)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) (Default) Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(3) (Default) -- C:\Documents and Settings\Tadeusz\Dane aplikacji\Mozilla\FireFox\Profiles\qthid1u9.default -- Extensions\engine@conduit.com (Conduit Engine ) Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) (Microsoft .NET Framework Assistant) Extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (Softonic-Polska Community Toolbar) Searchplugins\askcom.xml (?) Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms} /) Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms} Prefs.js - browser.search.selectedEngine, Ask.com Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2530240&SearchSource=13 Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 ======================================== **** Google Chrome Version [12.0.742.112] **** -- C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://www.google.pl/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=STC&o=15570&src=crm&q={searchTerm...) HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "digitalchocolate Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik rejestracji usługi Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 11/07/2011 18:31:48 (13427 Byte(s)) End at: 18:32:38, 11/07/2011 ============== E.O.F ==============