What is AppLow?
The Malwarebytes research team has determined that AppLow is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by AppLow?
You may see these browser extensions/add-ons:
and this entry in your list of installed programs:
and these warnings:
How did AppLow get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove AppLow?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes AppLow completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the AppLow hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
O2 - BHO: CrossriderApp0045360 - {11111111-1111-1111-1111-110411531160} - C:\Program Files\AppLow\AppLow-bho.dll
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\AppLow Adds the file 45360.crx"="10/16/2014 9:13 AM, 232513 bytes, A Adds the file 45360.xpi"="10/16/2014 9:13 AM, 264446 bytes, A Adds the file AppLow.ico"="12/17/2013 7:07 PM, 15086 bytes, A Adds the file AppLow-bg.exe"="10/16/2014 9:13 AM, 773120 bytes, A Adds the file AppLow-bho.dll"="10/16/2014 9:13 AM, 640512 bytes, A Adds the file AppLow-buttonutil.dll"="10/16/2014 9:13 AM, 428544 bytes, A Adds the file AppLow-buttonutil.exe"="10/16/2014 9:13 AM, 331264 bytes, A Adds the file AppLow-chromeinstaller.exe"="10/16/2014 9:13 AM, 828416 bytes, A Adds the file AppLow-codedownloader.exe"="10/16/2014 9:13 AM, 523776 bytes, A Adds the file AppLow-enabler.exe"="10/16/2014 9:13 AM, 344064 bytes, A Adds the file AppLow-firefoxinstaller.exe"="10/16/2014 9:13 AM, 886272 bytes, A Adds the file AppLow-helper.exe"="10/16/2014 9:13 AM, 331776 bytes, A Adds the file AppLow-updater.exe"="10/16/2014 9:13 AM, 353792 bytes, A Adds the file background.html"="12/17/2013 7:07 PM, 729 bytes, A Adds the file Installer.log"="10/16/2014 9:13 AM, 233480 bytes, A Adds the file Uninstall.exe"="10/16/2014 9:13 AM, 77312 bytes, A Adds the file utils.exe"="10/16/2014 9:13 AM, 1176762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0 Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\defaults Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\locale Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin In the existing folder C:\Windows\System32\Tasks Adds the file AppLow-chromeinstaller"="10/16/2014 9:13 AM, 4954 bytes, A Adds the file AppLow-codedownloader"="10/16/2014 9:13 AM, 4232 bytes, A Adds the file AppLow-enabler"="10/16/2014 9:13 AM, 4132 bytes, A Adds the file AppLow-firefoxinstaller"="10/16/2014 9:13 AM, 5064 bytes, A Adds the file AppLow-updater"="10/16/2014 9:13 AM, 4330 bytes, A In the existing folder C:\Windows\Tasks Adds the file AppLow-chromeinstaller.job"="10/16/2014 9:13 AM, 1924 bytes, A Adds the file AppLow-codedownloader.job"="10/16/2014 9:13 AM, 1202 bytes, A Adds the file AppLow-enabler.job"="10/16/2014 9:13 AM, 1102 bytes, A Adds the file AppLow-firefoxinstaller.job"="10/16/2014 9:13 AM, 2034 bytes, A Adds the file AppLow-updater.job"="10/16/2014 9:13 AM, 1300 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\Chrome] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\Chrome\Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\Firefox] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\IE\Profiles] "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\AppLow\Installer] "BundledChrome"="REG_DWORD", 1 "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}] "(Default)"="REG_SZ", "AppLow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\AppLow\AppLow-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0045360.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444534460}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0045360" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\AppLow\AppLow-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444534460}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.BHO] "(Default)"="REG_SZ", "CrossriderApp0045360" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411531160}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.BHO\CurVer] "(Default)"="REG_SZ", "CrossriderApp0045360" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.BHO.1] "(Default)"="REG_SZ", "CrossriderApp0045360" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411531160}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.Sandbox] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422532260}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.Sandbox\CurVer] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.Sandbox.1] "(Default)"="REG_SZ", "CrossriderApp0045360.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0045360.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422532260}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444534460}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444534460}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444534460}\1.0] "(Default)"="REG_SZ", "CrossriderApp0045360 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444534460}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\AppLow\AppLow-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444534460}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444534460}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\AppLow" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "AppLow-bg.exe"="REG_DWORD", 8000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411531160}] "(Default)"="REG_SZ", "CrossriderApp0045360" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110411531160}"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppLow] "CrAppId"="REG_SZ", "45360" "CrPublisherId"="REG_SZ", "25254" "DisplayIcon"="REG_SZ", "C:\Program Files\AppLow\utils.exe" "DisplayName"="REG_SZ", "AppLow" "DisplayVersion"="REG_SZ", "1.32.153.0" "Publisher"="REG_SZ", "savingcollector" "UninstallString"="REG_SZ", "C:\Program Files\AppLow\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "AppLow-chromeinstaller.job"="REG_BINARY, ................................ "AppLow-chromeinstaller.job.fp"="REG_DWORD", -1399487597 "AppLow-codedownloader.job"="REG_BINARY, ................................ "AppLow-codedownloader.job.fp"="REG_DWORD", 874475731 "AppLow-enabler.job"="REG_BINARY, ................................ "AppLow-enabler.job.fp"="REG_DWORD", -2114610947 "AppLow-firefoxinstaller.job"="REG_BINARY, ................................ "AppLow-firefoxinstaller.job.fp"="REG_DWORD", 708356760 "AppLow-updater.job"="REG_BINARY, ................................ "AppLow-updater.job.fp"="REG_DWORD", -932069790 [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow] "ActiveAppId"="REG_SZ", "45360" "BhoRunningVersion"="REG_SZ", "153" "IsBhoEnabled"="REG_DWORD", 1 "LastSetSearch"="REG_DWORD", 1413443664 [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\background] " { javascript removed, full log available on request } " [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\Debug] "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js" "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js" "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js" "IsDebuggingPlugins"="REG_DWORD", 0 "IsDebugMode"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\Installer] "CodeDownloadDomain"="REG_SZ", "http://app-static.crossrider.com" "ErrorsDomain"="REG_SZ", "http://errors.srvstatsdata.com" "FullVersion"="REG_SZ", "1.32.153.0" "FullVersionForUrl"="REG_SZ", "1_32_153" "Params"="REG_SZ", "{ "source_id" : "000796", "sub_id" : "0", "uzid" : "0"}" "SetSearch"="REG_SZ", "false" "SrcId"="REG_SZ", "000796" "StatsDomain"="REG_SZ", "http://stats.srvstatsdata.com" "SubId"="REG_SZ", "0" "Time"="REG_SZ", "1413443583" "ZData"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\Log] "applow-bg"="REG_DWORD", 0 "applow-bho"="REG_DWORD", 0 "applow-buttonutil"="REG_DWORD", 0 "applow-helper"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\Manifest] "AddressbarURL"="REG_SZ", "NA" "BgVersion"="REG_SZ", "1" "ChangePrevious"="REG_SZ", "false" "Description"="REG_SZ", "Get free coupons as you surf the web" "DisableIe"="REG_SZ", "true" "EnableSearchIE"="REG_SZ", "false" "HomePageUrl"="REG_SZ", "NA" "IsButtonEnabled"="REG_SZ", "false" "Manifest"="REG_SZ", "NA" "ModeType"="REG_SZ", "production" "Name"="REG_SZ", "AppLow" "PluginsManifestVersion"="REG_SZ", "16" "PublisherId"="REG_SZ", "25254" "PublisherName"="REG_SZ", "savingcollector" "RunInFrame"="REG_SZ", "true" "SetNewTab"="REG_SZ", "false" "ThanksUrl"="REG_SZ", "NA" "UninstallerOfferAction"="REG_SZ", "NA" "UninstallerOfferUrl"="REG_SZ", "NA" "UpdateInterval"="REG_DWORD", 360 "Version"="REG_SZ", "25" [HKEY_CURRENT_USER\Software\AppDataLow\Software\AppLow\Update] "LastCheck"="REG_DWORD", 1413443590 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "E4BD18540CB04F968674B3D1C4F50462IE" "Verifier"="REG_SZ", "cc83de1ef62a36bec25517a429de1293" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\savingcollector] "45360"="REG_SZ", "AppLow" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411531160}] "Flags"="REG_DWORD", 1024
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/16/2014 Scan Time: 9:26:06 AM Logfile: mbamAppLow.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.16.02 Rootkit Database: v2014.10.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 269653 Time Elapsed: 3 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 16 PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411531160}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444534460}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455535560}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466536660}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045360.BHO.1, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411531160}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045360.BHO, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411531160}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411531160}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422532260}, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045360.Sandbox.1, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045360.Sandbox, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411531160}\INPROCSERVER32, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.AppLow.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AppLow, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0a5852c3b4c8979ff12435454db7b44c], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\savingcollector, Quarantined, [3c269e777efed165b1f1997d7f84dd23], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 14 PUP.Optional.AppLow.A, C:\Program Files\AppLow, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\defaults, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\defaults\preferences, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\userCode, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\locale, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\locale\en-US, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin, Quarantined, [ed75c3525c20092d7268a7485fa338c8], Files: 116 PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-bho.dll, Quarantined, [c1a124f1d5a7bc7a901cd7f960a15fa1], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\AppLow.exe, Quarantined, [0e5417fe512be74f69ae5119bf42d927], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-bg.exe, Quarantined, [bea431e4483469cdb7f56769798843bd], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-buttonutil.exe, Quarantined, [362c70a52953320405a726aa3ec39868], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-chromeinstaller.exe, Quarantined, [e77bd144562670c6743877596a97fb05], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-codedownloader.exe, Quarantined, [d09237de0e6e72c40aa2953b639eef11], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-enabler.exe, Quarantined, [df83ed28b0ccb2849913ddf3a65b7e82], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-firefoxinstaller.exe, Quarantined, [3b2780957ffdc0769a12755b6899847c], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-updater.exe, Quarantined, [1e445db8d1ab9e98dcd0d8f85da4ca36], PUP.Optional.CrossRider.A, C:\Program Files\AppLow\utils.exe, Quarantined, [c39f6baa097376c014036604f40dfa06], PUP.Optional.AppLow.A, C:\Program Files\AppLow\background.html, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\45360.crx, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\45360.xpi, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-buttonutil.dll, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow-helper.exe, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\AppLow.ico, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\Installer.log, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Program Files\AppLow\Uninstall.exe, Quarantined, [243e11040c70d75f099672a4699a738d], PUP.Optional.AppLow.A, C:\Windows\Tasks\AppLow-chromeinstaller.job, Quarantined, [30326baa57250531950b60b6ea192ad6], PUP.Optional.AppLow.A, C:\Windows\Tasks\AppLow-codedownloader.job, Quarantined, [501223f2601cd2648b15e234d13215eb], PUP.Optional.AppLow.A, C:\Windows\Tasks\AppLow-enabler.job, Quarantined, [5111130228542a0c168aba5c60a37987], PUP.Optional.AppLow.A, C:\Windows\Tasks\AppLow-firefoxinstaller.job, Quarantined, [540e4acb0d6f7abc69378c8aad565fa1], PUP.Optional.AppLow.A, C:\Windows\Tasks\AppLow-updater.job, Quarantined, [a4bee62fdf9d64d2178972a4748f6997], PUP.Optional.AppLow.A, C:\Windows\System32\Tasks\AppLow-chromeinstaller, Quarantined, [540e44d17dff55e10c95a96db64d09f7], PUP.Optional.AppLow.A, C:\Windows\System32\Tasks\AppLow-codedownloader, Quarantined, [f36f2ee76a12072f1988090d5ea535cb], PUP.Optional.AppLow.A, C:\Windows\System32\Tasks\AppLow-enabler, Quarantined, [a4be1afb502cae88742df521e2218a76], PUP.Optional.AppLow.A, C:\Windows\System32\Tasks\AppLow-firefoxinstaller, Quarantined, [c59ddb3a26568babc8d9ba5c6d9643bd], PUP.Optional.AppLow.A, C:\Windows\System32\Tasks\AppLow-updater, Quarantined, [8bd711045a2243f32a77ae680bf8738d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome.manifest, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\install.rdf, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\background.html, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\baseObject.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\browser.xul, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\dialog.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\main.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\options.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\options.xul, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\search_dialog.xul, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\asyncDB.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\background.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\browserAction.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\contextMenu.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\dbManager.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\dom_bg.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\fileManager.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\firefox.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\firefoxNotifications.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\message.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\pageAction.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\request.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\tabs.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\api\webRequest.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\console.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\consts.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\delegate.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\extensionDataStore.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\folderIOWrapper.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\httpObserver.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\IDBWrapper.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\installer.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\logFile.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\prefs.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\progressListenerObserver.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\registry.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\reloadObserver.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\reports.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\requestObject.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\searchSettings.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\uninstallObserver.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\updateManager.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\utils.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\xhr.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\defaults\preferences\prefs.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\manifest.xml, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins.json, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\17_jQuery.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\182_openUrl.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\183_tabsWrapper.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\1_base.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\207_dbWrapper.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\21_debug.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\22_resources.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\246_setup.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\268_stats_ff.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\28_initializer.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\47_resources_background.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\98_omniCommands.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\userCode\background.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\userCode\extension.js, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\locale\en-US\translations.dtd, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\button1.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\button2.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\button3.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\button4.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\button5.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\crossrider_statusbar.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\icon128.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\icon16.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\icon24.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\icon48.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\panelarrow-up.png, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\popup.html, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\skin.css, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\skin\update.css, Quarantined, [ed75c3525c20092d7268a7485fa338c8], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14917d40bb2da2e9be3558855c5bd90e");), Replaced,[d68c2ee76a12c0762e7fb89d19ec1de3] Physical Sectors: 0 (No malicious items detected) (end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention