Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for enformation

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Content is republished with permission from Malwarebytes.

What is enformation?

The Malwarebytes research team has determined that enformation is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by enformation?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

and this entry in your list of installed programs:

warning4.png


How did enformation get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove enformation?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of enformation?
  • No, Malwarebytes' Anti-Malware removes enformation completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the enformation hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0056508 - {11111111-1111-1111-1111-110511651108} - C:\Program Files\enformation\enformation-bho.dll
Alterations made by the installer:
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\enformation
       Adds the file 1293297481.mxaddon"="5/22/2014 2:40 PM, 38693 bytes, A
       Adds the file 360-56508.crx"="6/29/2014 1:38 PM, 255090 bytes, A
       Adds the file 56508.xpi"="6/29/2014 1:38 PM, 441743 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f.crx"="6/29/2014 1:38 PM, 253891 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.exe"="6/29/2014 1:38 PM, 2123264 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.exe"="6/29/2014 1:38 PM, 462336 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.exe"="6/29/2014 1:38 PM, 1037312 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.exe"="6/29/2014 1:38 PM, 623616 bytes, A
       Adds the file background.html"="6/23/2014 12:56 PM, 729 bytes, A
       Adds the file enformation.ico"="6/23/2014 12:56 PM, 15086 bytes, A
       Adds the file enformation-bg.exe"="6/29/2014 1:38 PM, 755184 bytes, A
       Adds the file enformation-bho.dll"="6/29/2014 1:38 PM, 724992 bytes, A
       Adds the file enformation-codedownloader.exe"="6/29/2014 1:38 PM, 633856 bytes, A
       Adds the file Installer.log"="6/29/2014 1:38 PM, 153907 bytes, A
       Adds the file Uninstall.exe"="6/29/2014 1:38 PM, 101888 bytes, A
       Adds the file utils.exe"="6/29/2014 1:38 PM, 2378298 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com
       Adds the file chrome.manifest"="6/29/2014 1:38 PM, 732 bytes, A
       Adds the file install.rdf"="6/29/2014 1:38 PM, 1336 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\defaults\preferences
       Adds the file prefs.js"="6/29/2014 1:38 PM, 3977 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData
       Adds the file manifest.xml"="6/29/2014 1:38 PM, 1682 bytes, A
       Adds the file plugins.json"="6/29/2014 1:38 PM, 7805 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\userCode
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\locale\en-US
       Adds the file translations.dtd"="6/29/2014 1:38 PM, 425 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin
    In the existing folder C:\Windows\Tasks
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-1.job"="6/29/2014 1:38 PM, 1516 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.job"="6/29/2014 1:38 PM, 3794 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.job"="6/29/2014 1:38 PM, 1330 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.job"="6/29/2014 1:38 PM, 2140 bytes, A
       Adds the file 5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.job"="6/29/2014 1:38 PM, 1440 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}]
       "(Default)"="REG_SZ", "enformation"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\enformation\enformation-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0056508.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544654408}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511651108}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0056508"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\enformation\enformation-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544654408}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522652208}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.BHO]
       "(Default)"="REG_SZ", "CrossriderApp0056508"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.BHO\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511651108}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.BHO\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0056508"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.BHO.1]
       "(Default)"="REG_SZ", "CrossriderApp0056508"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.BHO.1\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511651108}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.Sandbox]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.Sandbox\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522652208}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.Sandbox\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.Sandbox.1]
       "(Default)"="REG_SZ", "CrossriderApp0056508.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0056508.Sandbox.1\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522652208}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555655508}]
       "(Default)"="REG_SZ", "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555655508}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555655508}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555655508}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544654408}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566656608}]
       "(Default)"="REG_SZ", "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566656608}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566656608}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566656608}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544654408}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544654408}\1.0]
       "(Default)"="REG_SZ", "CrossriderApp0056508 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544654408}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\enformation\enformation-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544654408}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544654408}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\enformation"
    [HKEY_LOCAL_MACHINE\SOFTWARE\enformation\Firefox]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\enformation\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\enformation\IE]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\enformation\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\enformation\Installer]
       "BundledAddCh"="REG_DWORD", 1
       "BundledFirefox"="REG_DWORD", 1
       "BundledIe"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\13641]
       "56508"="REG_SZ", "enformation"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\13641\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511651108}]
       "(Default)"="REG_SZ", "CrossriderApp0056508"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
       "{11111111-1111-1111-1111-110511651108}"="REG_SZ", "1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\enformation]
       "CrAppId"="REG_SZ", "56508"
       "CrPublisherId"="REG_SZ", "13641"
       "DisplayIcon"="REG_SZ", "C:\Program Files\enformation\utils.exe"
       "DisplayName"="REG_SZ", "enformation"
       "DisplayVersion"="REG_SZ", "1.34.6.10"
       "Publisher"="REG_SZ", "Marketing"
       "UninstallString"="REG_SZ", "C:\Program Files\enformation\Uninstall.exe /fcp=1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-1.job"="REG_BINARY, ................................
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-1.job.fp"="REG_DWORD", -1781808805
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.job"="REG_BINARY, ................................
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.job.fp"="REG_DWORD", -752568322
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.job"="REG_BINARY, .........o......................
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.job.fp"="REG_DWORD", -1703398685
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.job"="REG_BINARY, ................................
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.job.fp"="REG_DWORD", 1418832373
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.job"="REG_BINARY, ........Q.......................
       "5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.job.fp"="REG_DWORD", 959791406
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "1A3B56FE0A6F4981A318FEA5BC9E142FIE"
       "Verifier"="REG_SZ", "afeadf943c675ec7baf3231bd0df26a8"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation]
       "ActiveAppId"="REG_SZ", "56508"
       "BhoRunningVersion"="REG_SZ", "153"
       "IsBhoEnabled"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Background]
       "IsEnabled"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Code]
       "AppJavaScript"="REG_SZ", "{ javascript removed, full log available on request }"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Debug]
       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"
       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"
       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"
       "IsDebuggingPlugins"="REG_DWORD", 0
       "IsDebugMode"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\ErrorLists]
       "bg_not_detected_5000"="REG_DWORD", 2
       "execution_failed_-bg.exe_0x0"="REG_DWORD", 3
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Installer]
       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, 8197, 0]}"
       "CodeDownloadDomain"="REG_SZ", "http://js.democlientnet.com"
       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"
       "DefaultBrowser"="REG_SZ", "ie"
       "ErrorsDomain"="REG_SZ", "http://errors.democlientnet.com"
       "FullVersion"="REG_SZ", "1.34.6.10"
       "FullVersionForUrl"="REG_SZ", "1_34_06_10"
       "OsName"="REG_SZ", "7"
       "Params"="REG_SZ", "{   "source_id" : "001663",   "sub_id" : "0",   "uzid" : "0"}"
       "SrcId"="REG_SZ", "001663"
       "StatsDomain"="REG_SZ", "http://stats.democlientnet.com"
       "SubId"="REG_SZ", "0"
       "Time"="REG_SZ", "1404041904"
       "ZData"="REG_SZ", "0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Log]
       "enformation-bho"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Manifest]
       "AddressbarURL"="REG_SZ", "NA"
       "BgVersion"="REG_SZ", "2"
       "ChangePrevious"="REG_SZ", "false"
       "Description"="REG_SZ", "Enhance browsing"
       "DisableIe"="REG_SZ", "true"
       "EnableSearchIE"="REG_SZ", "false"
       "HomePageUrl"="REG_SZ", "NA"
       "IsButtonEnabled"="REG_SZ", "false"
       "Manifest"="REG_SZ", "NA"
       "ModeType"="REG_SZ", "production"
       "Name"="REG_SZ", "enformation"
       "PluginsManifestVersion"="REG_SZ", "15"
       "PublisherId"="REG_SZ", "13641"
       "PublisherName"="REG_SZ", "Marketing"
       "RunInFrame"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "ThanksUrl"="REG_SZ", "NA"
       "UninstallerOfferAction"="REG_SZ", "NA"
       "UninstallerOfferUrl"="REG_SZ", "NA"
       "UpdateInterval"="REG_DWORD", 360
       "Version"="REG_SZ", "18"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\enformation\Update]
       "LastCheck"="REG_DWORD", 1404041915
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\13641]
       "56508"="REG_SZ", "enformation"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\13641\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Marketing]
       "56508"="REG_SZ", "enformation"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511651108}]
       "Flags"="REG_DWORD", 1024
       "VerCache"="REG_BINARY, ......................

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/29/2014
Scan Time: 1:43:43 PM
Logfile: mbamEnformation.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.29.02
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 234807
Time Elapsed: 3 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511651108}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544654408}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555655508}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566656608}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0056508.BHO.1, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511651108}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0056508.BHO, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511651108}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511651108}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522652208}, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0056508.Sandbox.1, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0056508.Sandbox, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511651108}\INPROCSERVER32, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\enformation, Quarantined, [191d28564d2e64d20a71beef30d2c23e], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, Quarantined, [c472a4dab1ca52e48875cafa62a006fa], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2115df9f601b88ae8a79c636b64dfb05], 
PUP.Optional.Enformation.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\enformation, Quarantined, [d5615e20afcc55e1b6c7dfce7989f808], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, Quarantined, [5cdab1cd225950e61fdfc5ffaa58f30d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Marketing, Quarantined, [d5611569fe7d4ee85a24b6f7c141e020], 
PUP.Optional.Enformation.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\enformation, Quarantined, [c076532b601b181e687d84276999a45c], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]6f481-b198-4349-9ebe-9a93a86f9267.com, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\defaults, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\defaults\preferences, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\userCode, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\locale, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\locale\en-US, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.Enformation.A, C:\Program Files\enformation, Quarantined, [c076532b601b181e687d84276999a45c], 

Files: 129
PUP.Optional.Enformation.A, C:\Program Files\enformation\enformation-bho.dll, Quarantined, [e94dec92cab155e1b149454c3ec3b64a], 
PUP.Optional.crossRider.A, C:\Users\{username}\Desktop\enformation.exe, Quarantined, [2412ef8f017ad06612e80f300df3b54b], 
PUP.Optional.InstallCore, C:\Users\{username}\Downloads\googleupdatersetup.exe, Quarantined, [7eb8106eadce191d8df899e68f7540c0], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-1, Quarantined, [0e28f985bdbe1f17898d8c2325ddb848], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-2, Quarantined, [47ef3a44d8a375c1140203acdc268080], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-4, Quarantined, [3bfbe995740756e0d73fe0cf778ba15f], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-5, Quarantined, [5ed8f38b4833dd59c650dbd415ed25db], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-11, Quarantined, [9e980b73b7c4a98d65b216991fe33bc5], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.job, Quarantined, [9b9b027cfa81132325626250dd252dd3], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-1.job, Quarantined, [0d29ed91aecd0e28add6c30052b03bc5], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.job, Quarantined, [0f277b03205beb4b0e7520a3d52dab55], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.job, Quarantined, [ac8a740a0e6db77f7c07d7ec17ebe31d], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.job, Quarantined, [44f20d71df9c1422047f477c32d08b75], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome.manifest, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\install.rdf, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\00b3a3ca97f231fe4246236baff9d252.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\6dff4d6d2600546174c4fcaf0aa31583.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\894279e2f155338fbb332cc690561daa.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\background.html, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\browser.xul, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\dialog.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\e1b2c977ed0007065e0cf6cad8fc9c4e.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\fdd293e4914aa382c1e1c070a51e625c.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\options.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\options.xul, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\search_dialog.xul, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\8358e3adaa5add9873cffe8279fd2501.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\1022246e6f6fd78a0471890a3f8fe9c8.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\11908afbdcb12d17a7a009d3e87ae0da.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\30900c7cfbb930de3e74e67f9f8d1a48.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\3c279e414169c4490304beae23769f37.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\5f41c6fecd5fa745a8bee325f70f0ce0.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\6ae3fe2f3fbd45c1762a85c6df7f7b50.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\719cf744d2f2f86dc9bcbf0128ddc7b8.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]ebe-9a93a86f9267.com\chrome\content\api\8150f3333de68c7b5035eda8243d1f27.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\94b7af00da18a1376e2c522fbc263e40.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\9ef1f7c5267756d27696fc4370c733b1.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\ca35abeb007b8bd13d39cde5e1204f07.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\d086c4797e0fb5b4e1f8c4bc69d39fb3.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\ef04556bf998f7017c271be802c2e7a6.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\fb0f415d15dfc9b96b80b961a3c3c316.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\api\fcd6d67e491e5cd41973c1bed5517b9b.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\aab1824556cc4a656c105e62e8d0097d.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\19b5e76f881104f8ce75b820f67e0812.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\34c0f3742232b6f9f20247ecec8ae469.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\5112a8ffe323a2ef5dfa93987caee8d3.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\56e102dfb1195fac7aad85b32d5e97f2.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\f6682b47-e12f-[email protected]\chrome\content\core\593bbc173debe69055f0764ea70d73b2.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\5d77065bd0ea3bf639c8f1979cd80604.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\7fdcf7f05e7b8515ca82aeca2be95812.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\8b1ffeb3ed5d86c55cbadfe6d6a39fc4.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\97290b9ad51934523539f3bec0452cd7.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\a17a3819a6a2cf4985f46a278b148599.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\a207ec366b1aa9954644c49a82949aa9.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\adca0a07db100260610a773e95dda311.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\d411dc9567d7d8ecea9dc830182095e3.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\d9cc492f1629be889028d00cb3a2069e.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\dc8b04ac1ba1e09e23a277ec11fcb327.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\f33b38714fb716d6abd63fea436653de.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\f6ecd376e9f6654ae209192c5635a512.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\fb9b133be75c728a345c4483269c16da.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\fbc13e8c698ee5f916e489d06ca5cb84.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\chrome\content\core\installer.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\defaults\preferences\prefs.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\manifest.xml, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins.json, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\1.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\13.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\14.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\16.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\17.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\177.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\180.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\182.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\183.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\191.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\207.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\21.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\22.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\223.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\242.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\246.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\262.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\263.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\268.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\273.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\28.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\4.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\47.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\64.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\72.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\78.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\91.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\93.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\plugins\98.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\userCode\background.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\extensionData\userCode\extension.js, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\locale\en-US\translations.dtd, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\button1.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\button2.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\button3.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\button4.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\button5.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\crossrider_statusbar.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\icon128.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\icon16.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\icon24.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\icon48.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\panelarrow-up.png, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\popup.html, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\skin.css, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]3a86f9267.com\skin\update.css, Quarantined, [ee48d8a629528fa7b00d3168b84a05fb], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\1293297481.mxaddon, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\360-56508.crx, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\56508.xpi, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\5d421e7c-6d53-4810-b1aa-5a495f532e4f-11.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\5d421e7c-6d53-4810-b1aa-5a495f532e4f-2.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\5d421e7c-6d53-4810-b1aa-5a495f532e4f-4.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\5d421e7c-6d53-4810-b1aa-5a495f532e4f-5.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\5d421e7c-6d53-4810-b1aa-5a495f532e4f.crx, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\background.html, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\enformation-bg.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\enformation-codedownloader.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\enformation.ico, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\Installer.log, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\Uninstall.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.Enformation.A, C:\Program Files\enformation\utils.exe, Quarantined, [c076532b601b181e687d84276999a45c], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "146e76e88f9f0803ae81447ec0b439ba");), Replaced,[3df9f08e26556bcb5617af0a1fe558a8]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.