# AdwCleaner v1.801 - Logfile created 11/06/2013 at 17:52:58 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Tomek - TOMEK-PC # Boot Mode : Normal # Running from : I:\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Tomek\AppData\Local\Giant Savings Folder Found : C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Folder Found : C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj Folder Found : C:\Users\Tomek\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Tomek\AppData\Roaming\Babylon Folder Found : C:\Users\Tomek\AppData\Roaming\OpenCandy Folder Found : C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\q20in7dh.default\extensions\crossriderapp4479@crossrider.com Folder Found : C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\q20in7dh.default\extensions\ffxtlbr@babylon.com Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge Folder Found : C:\Program Files\Giant Savings Folder Found : C:\Program Files\RelevantKnowledge File Found : C:\user.js ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1 [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1 [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox [*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1 Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679} Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v [Unable to get version] Profile name : default File : C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\q20in7dh.default\prefs.js Found : user_pref("extensions.crossriderapp4479.adsOldValue", -1); -\\ Google Chrome v30.0.1599.101 File : C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "search_url": "hxxp://kl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name[...] ************************* AdwCleaner[R1].txt - [5503 octets] - [06/11/2013 17:52:58] ########## EOF - C:\AdwCleaner[R1].txt - [5631 octets] ##########