======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 13:33:03 on 19/10/2011, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) Piotr@KORAL (Hewlett-Packard HP 530 Notebook PC(KQ630AA#AKD)) ============== SEARCH ============== File found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\PartyPoker.lnk File found: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk Folder found: C:\Users\Piotr\AppData\LocalLow\AskToolbar Folder found: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PartyPoker Folder found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2878731 Key found: HKLM\Software\Conduit Key found: HKCU\Software\PartyGaming Key found: HKCU\Software\AppDataLow\Software\AskToolbar Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PartyPoker Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== -- C:\Users\Piotr\AppData\Roaming\Mozilla\FireFox\Profiles\xuhefz41.default -- Searchplugins\MyStart Search.xml (?) Prefs.js - browser.download.lastDir, C:\\Users\\Piotr\\Desktop\\paralotnie Prefs.js - browser.search.defaultenginename, MyStart Search Prefs.js - browser.search.selectedEngine, MyStart Search Prefs.js - browser.startup.homepage, hxxp://mystart.incredimail.com/mb59?u=92259949699575635 Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.23 ======================================== **** Internet Explorer Version [7.0.6001.18000] **** HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://www.msn.com/ HKLM_Main|Default_Page_URL - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=PL_PL&c=74&bd=smb&pf=laptop HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=PL_PL&c=74&bd=smb&pf=laptop HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18776) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{41C9127E-6D62-42E6-B04B-4941C0690C25} - C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (x) HKCU_ElevationPolicy\{E415E841-304A-4DA2-83F3-CBCB58DBBD7D} - C:\WINDOWS\System32\Macromed\Flash\FlashUtil9f.exe (x) HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x) HKLM_Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - "PartyPoker.com" (C:\Bartek\programy\poker\PartyPoker\images\ppicon.ico) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s) C:\Ad-Report-SCAN[1].txt - 19/10/2011 13:33:15 (4219 Byte(s)) End at: 13:34:26, 19/10/2011 ============== E.O.F ==============