The Malwarebytes research team has determined that iWebar9.1 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by iWebar9.1?
You may see these browser extensions/add-ons:
these tasks in your Scheduled Tasks:
and this entry in your list of installed programs:
How did iWebar9.1 get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove iWebar9.1?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes iWebar9.1 completely.
- This PUP creates some scheduled tasks. You can read here how to view and remove, when needed, Scheduled Tasks.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the iWebar9.1 hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
O2 - BHO: 55e064c969ff493a998a8dfbc6932f9d0065841 - {11111111-1111-1111-1111-110611581141} - C:\Program Files\iWebar9.1\iWebar9.1-bho.dllAlterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\iWebar9.1 Adds the file background.html"="1/5/2015 10:20 AM, 729 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7.xpi"="1/7/2015 2:18 PM, 388257 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-4.exe"="1/7/2015 2:18 PM, 1569760 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.exe"="1/7/2015 2:18 PM, 1210336 bytes, A Adds the file iWebar9.1.ico"="1/5/2015 10:20 AM, 15086 bytes, A Adds the file iWebar9.1-bg.exe"="1/7/2015 2:18 PM, 628704 bytes, A Adds the file iWebar9.1-bho.dll"="1/7/2015 2:18 PM, 814048 bytes, A Adds the file iWebar9.1-buttonutil.dll"="1/7/2015 2:18 PM, 477152 bytes, A Adds the file iWebar9.1-buttonutil.exe"="1/7/2015 2:18 PM, 330208 bytes, A Adds the file iWebar9.1-codedownloader.exe"="1/7/2015 2:18 PM, 1151456 bytes, A Adds the file Uninstall.exe"="1/7/2015 2:18 PM, 125408 bytes, A Adds the file utils.exe"="1/7/2015 2:18 PM, 2704781 bytes, A Adds the folder C:\Users\{username}\AppData\LocalLow\iWebar9.1 Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com Adds the file chrome.manifest"="1/7/2015 2:18 PM, 456 bytes, A Adds the file install.rdf"="1/7/2015 2:18 PM, 1188 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\defaults Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\locale Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin In the existing folder C:\Windows\System32\Tasks Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-1"="1/7/2015 2:18 PM, 6114 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-5"="1/7/2015 2:18 PM, 5454 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user"="1/7/2015 2:18 PM, 5460 bytes, A In the existing folder C:\Windows\Tasks Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-1.job"="1/7/2015 2:18 PM, 3084 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.job"="1/7/2015 2:18 PM, 2424 bytes, A Adds the file e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user.job"="1/7/2015 2:18 PM, 2424 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "2A070D26CE6541B7B9A2A941CD790CF8IE" "Verifier"="REG_SZ", "2e82d5111033386aa15eed41cc303562" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.BHO] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611581141}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.BHO\CurVer] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.BHO.1] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611581141}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622582241}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox\CurVer] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox.1] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622582241}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}] "(Default)"="REG_SZ", "iWebar9.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\iWebar9.1\iWebar9.1-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\ProgID] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644584441}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611581141}\VersionIndependentProgID] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\iWebar9.1\iWebar9.1-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}\ProgID] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644584441}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622582241}\VersionIndependentProgID] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655585541}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655585541}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655585541}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655585541}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644584441}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666586641}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666586641}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666586641}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666586641}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644584441}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644584441}\1.0] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644584441}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\iWebar9.1\iWebar9.1-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644584441}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644584441}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\iWebar9.1" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\31406] "65841"="REG_SZ", "iWebar9.1" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\31406\Status] "Installed"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar9.1\BLQekp6uk5/PYTh6ZMQUdp1lhWEG5TFyMtJvIVqL+4vYY1pH2Pp6AvE62U4fA63APVGLekPQp0brxqEocZi8KK+wr89YUmAhgD4KqKWSWgvm3YTiYpFuSNpMrmW0asNNWtUyXSHQSARWux5VvJSPOJ3Pb5bE2KYKK38S5jq4ZqE=] "kKtmdIr0uO4uVXJGD2JtY5IHQY6rvZresyCVQlmv5rNKUE5mauwUT+X521y51FadeFVU/FVaJ+cRGtpEza82kUlgK+xZ8OaPJTmYwFEADcG+vGq9jRzZFhDKEVbM+VrimKVwTbMyi6LvIZ++73bEQhpmg8Wq+7ldugpCfxUIUJ+Xfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar9.1\FX4YV3TD9qUHOjGpxHf8YTdN7GKtKYP/MVM2Cb0R8Vw5deSSZgXl/fAjNEcl1gCNlYQKUzuIXhpdZTNnDytWnx6oJtnSPX4BD7tTg7Wnrh26cHLOqk7Myi6Ch6j4GCM3kjb01lhj7mV6mwDAsnA2LyN36zR395oHfTdsH7eTQaI=] "U5nwuzMLt6sfp7RmPxnakR7rAaClbE4qQYWiK74mcoZmBEJ2yKyb5Ghnn1FHrWk4/IZPFybTareX/PGrIYUoi0gNvSp6QJxcdOi5UdpKOsW/vxnAtJ7uNY9AGjksEdyE2pOcanwUVp60aPQf2VI28027OsMj7ssOOUlNcvBsXEQ="="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar9.1\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar9.1\IE\Profiles] "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar9.1\Installer] "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "iWebar9.1-bg.exe"="REG_DWORD", 8000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611581141}] "(Default)"="REG_SZ", "55e064c969ff493a998a8dfbc6932f9d0065841" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar9.1] "CrAppId"="REG_SZ", "65841" "CrPublisherId"="REG_SZ", "31406" "DisplayIcon"="REG_SZ", "C:\Program Files\iWebar9.1\utils.exe" "DisplayName"="REG_SZ", "iWebar9.1" "DisplayVersion"="REG_SZ", "1.35.12.18" "Publisher"="REG_SZ", "iWebar9.1" "UninstallString"="REG_SZ", "C:\Program Files\iWebar9.1\Uninstall.exe /fcp=1 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "e208e208-3556-4b8c-99c1-fa27ab08c3f7-1.job"="REG_BINARY, ................................ "e208e208-3556-4b8c-99c1-fa27ab08c3f7-1.job.fp"="REG_DWORD", 1827634410 "e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.job"="REG_BINARY, ................................ "e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.job.fp"="REG_DWORD", 1874853850 "e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user.job"="REG_BINARY, ................................ "e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user.job.fp"="REG_DWORD", -1378704815 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "2A070D26CE6541B7B9A2A941CD790CF8IE" "Verifier"="REG_SZ", "2e82d5111033386aa15eed41cc303562" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "65841"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "65841"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1] "ActiveAppId"="REG_SZ", "65841" "BhoRunningVersion"="REG_SZ", "154" "IsBhoEnabled"="REG_DWORD", 1 "LastSetSearch"="REG_DWORD", 1420636805 [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\background] " { Javascript removed, full log available on request } " [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\Debug] "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js" "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js" "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js" "IsDebuggingPlugins"="REG_DWORD", 0 "IsDebugMode"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\Installer] "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0, 0],"browser_name":"ie","proc_id":"356BD44E8D9C445C9EDE8A4D19EFA159PI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}" "CodeDownloadDomain"="REG_SZ", "http://js.newstatsdemosrv.com" "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com" "DefaultBrowser"="REG_SZ", "ie" "ErrorsDomain"="REG_SZ", "http://errors.newstatsdemosrv.com" "FullVersion"="REG_SZ", "1.35.12.18" "FullVersionForUrl"="REG_SZ", "1_35_12_18" "OsName"="REG_SZ", "7" "Params"="REG_SZ", "{ "source_id" : "000171", "sub_id" : "0", "uzid" : "0"}" "SetSearch"="REG_SZ", "false" "SrcId"="REG_SZ", "000171" "StatsDomain"="REG_SZ", "http://stats.newstatsdemosrv.com" "SubId"="REG_SZ", "0" "Time"="REG_SZ", "1420636678" "ZData"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\Log] "iwebar9.1-buttonutil"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\Manifest] "AddressbarURL"="REG_SZ", "NA" "BgVersion"="REG_SZ", "1" "ChangePrevious"="REG_SZ", "false" "Description"="REG_SZ", "Cert_Change_test" "DisableIe"="REG_SZ", "true" "EnableSearchIE"="REG_SZ", "false" "HomePageUrl"="REG_SZ", "NA" "IsButtonEnabled"="REG_SZ", "false" "Manifest"="REG_SZ", "NA" "ModeType"="REG_SZ", "production" "Name"="REG_SZ", "iWebar9.1" "PluginsManifestVersion"="REG_SZ", "23" "PublisherId"="REG_SZ", "31406" "PublisherName"="REG_SZ", "iWebar9.1" "RunInFrame"="REG_SZ", "false" "SetNewTab"="REG_SZ", "false" "ThanksUrl"="REG_SZ", "NA" "UninstallerOfferAction"="REG_SZ", "NA" "UninstallerOfferUrl"="REG_SZ", "NA" "UpdateInterval"="REG_DWORD", 360 "Version"="REG_SZ", "33" [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar9.1\Update] "LastCheck"="REG_DWORD", 1420636686 [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar9.1] [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\31406] "65841"="REG_SZ", "iWebar9.1" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\31406\Status] "Installed"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\iWebar9.1] "65841"="REG_SZ", "iWebar9.1" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions] "{11111111-1111-1111-1111-110611581141}"="REG_BINARY, ............ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611581141}] "Flags"="REG_DWORD", 1024 "VerCache"="REG_BINARY, ......................Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/7/2015 Scan Time: 2:25:55 PM Logfile: mbamIWebar.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.07.08 Rootkit Database: v2015.01.06.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 286929 Time Elapsed: 3 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 20 PUP.Optional.iWebar.A, HKLM\SOFTWARE\iWebar9.1, Quarantined, [cec67f751970d363afaefc7abf44ea16], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\31406, Quarantined, [7b1946ae167372c43a61742a976cb24e], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [850f2fc52f5a50e6eb191fb6798beb15], PUP.Optional.iWebar.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\iWebar9.1, Quarantined, [296b0fe597f2df57154ab7bf28dba858], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\31406, Quarantined, [5d374ea6553447ef7a3544332cd7748c], PUP.Optional.iWebar.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar9.1, Quarantined, [f4a0955fa7e2b284575f0a5bac572ed2], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611581141}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644584441}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655585541}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666586641}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\55e064c969ff493a998a8dfbc6932f9d0065841.BHO.1, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611581141}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\55e064c969ff493a998a8dfbc6932f9d0065841.BHO, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611581141}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611581141}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622582241}, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox.1, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\55e064c969ff493a998a8dfbc6932f9d0065841.Sandbox, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611581141}\INPROCSERVER32, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iWebar9.1, Quarantined, [e9ab787c1b6edf57d6fa302792719868], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 15 PUP.Optional.iWebar.A, C:\Users\{username}\AppData\LocalLow\iWebar9.1, Quarantined, [eaaa54a090f9f73f6e60da7d0af93bc5], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\defaults, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\defaults\preferences, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\userCode, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\locale, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\locale\en-US, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], Files: 131 PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\iWebar9.1.exe, Quarantined, [04901bd9a1e851e5b3ca5e9e0df4b050], PUP.Optional.CrossRider.A, C:\Program Files\iWebar9.1\utils.exe, Quarantined, [7f1530c42c5d0135a09c3e1bb54b966a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-1, Quarantined, [474d2ec6c9c09f97a827038080832fd1], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-5, Quarantined, [662e886c94f596a05679651e7d861de3], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user, Quarantined, [a4f04ca8b8d172c4666951322cd758a8], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-1.job, Quarantined, [80148e66ddac5ed86be91cc5020223dd], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.job, Quarantined, [bcd8fef6880137ff4f052eb33ec6827e], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e208e208-3556-4b8c-99c1-fa27ab08c3f7-5_user.job, Quarantined, [5d3717dd6f1a191d1c3841a0b3517e82], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\background.html, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\e208e208-3556-4b8c-99c1-fa27ab08c3f7-4.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\e208e208-3556-4b8c-99c1-fa27ab08c3f7-5.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\e208e208-3556-4b8c-99c1-fa27ab08c3f7.xpi, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1-bg.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1-bho.dll, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1-buttonutil.dll, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1-buttonutil.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1-codedownloader.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\iWebar9.1.ico, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.iWebar.A, C:\Program Files\iWebar9.1\Uninstall.exe, Quarantined, [e9ab787c1b6edf57d6fa302792719868], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome.manifest, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\install.rdf, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\4fd1df4c000e0f514bb64748c9086f80.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\611703950cfaf61e3490ffc1699ba516.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\774fa664813828fb20cf66a7d52bf658.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\background.html, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\browser.xul, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\cecbbf85e21343dcd0d8b1dadef48dc5.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\d741f9e24c783dde2c03b4894d5bf169.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\dialog.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\e52de3426e9f1e0833f1ac2d46cf7db1.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\options.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\options.xul, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\search_dialog.xul, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\191c88e5cb2b61d52c2df643651ae528.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\2f18b38c3c2f96b7b4d298db9a3b3b27.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\2f6e2b9bbc191836b0ae367411b328f0.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\50a8e2116fbfc4eb1590a580bdabb8c5.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\564ecfd5ae4cd4fff2f3a521cfd43603.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\63ba05fb6f7aa1e4a1a7dc03953783ab.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\63fa78cdfc4fc36bf09affc542f32108.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\6483d1c06d77f97c55c744226a7ea05c.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\6e28f3e876801965e6bec719f21f355a.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\77583fab59bf9181f410e4dc68893e85.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\9225b09cc081df28f8772b46cabd0141.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\9795e33e6a4dee3e7e6c104119bcd754.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\9cf9676b353a07ed4e1e8e6377e6e67e.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\a421ae5de2ce922de1c9d6e590860528.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\a61b9e702d7ed72c9d7860a91d51d5a6.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\api\abf025a26041c28af7643fc330ef6b85.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\0586d0ff149533515095a0918c582507.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\2527e51071404b3c2e7ab7690559f55e.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\262753085b354acc3f5c4d80628937b7.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\29d6b8b5bd44f296f6ed73b68d74679c.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\2b22e526416a1ab40a81cd4e0195e8b8.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\37272ed8a895571ea4f7305da00fc78f.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\4bccbc7aa313ef2e4db75165d47fb922.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\4d29485444553e3bbffc8e334b79af47.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\55d2e358628ccb9ca673a2a2cdaa936e.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\816ccf76837012a6e255507569c51dc5.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\89eea35b68f3d87172dad43fbdefbbe3.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\8b46becfdd8f4ae08dfa7800505fdc2e.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\8ffbe63a8700b1fa2070e12fd64d69a6.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\b0b3b57b8d3b2ef9bedb2429fee88e0c.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\b59e24e0eb08434b21763f4a8b1ca6d2.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\c14783fad3c550385ab5d786c398b8c4.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\c33541c3ffbb191861fa7e361867acf4.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\ead7a849b9bb8a9a699ce518500de085.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\f648d39c1c5bdc1220947892e7e1722e.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\f68ab93658e2b6094a972916a5e26390.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\chrome\content\core\installer.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\defaults\preferences\prefs.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\manifest.xml, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins.json, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\1.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\102.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\104.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\123.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\13.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\14.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\16.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\17.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\177.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\178.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\179.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\180.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\182.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\183.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\195.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\207.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\21.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\22.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\220.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\221.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\223.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\246.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\253.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\262.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\263.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\273.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\28.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\281.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\345.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\354.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\4.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\47.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\64.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\7.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\72.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\78.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\9.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\91.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\93.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\plugins\98.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\userCode\background.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\extensionData\userCode\extension.js, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\locale\en-US\translations.dtd, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\button1.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\button2.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\button3.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\button4.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\button5.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\crossrider_statusbar.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\icon128.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\icon16.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\icon24.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\icon48.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\panelarrow-up.png, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\popup.html, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\skin.css, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\antionechristie@aol.com\skin\update.css, Quarantined, [3a5ae11397f21b1b2714600063a0fc04], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention