Jump to content

Removal instructions for iWebar1


Recommended Posts

  • Staff

What is iWebar1?

 

The Malwarebytes research team has determined that iWebar1 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

 

How do I know if my computer is affected by iWebar1?

 

You may see these browser extensions/add-ons:

 

warning1.png

 

warning2.png

 

warning3.png

 

and this entry in your list of installed programs:

 

warning4.png

 

 

How did iWebar1 get on my computer?

 

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

 

How do I remove iWebar1?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of iWebar1?
  • If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind Browsers+_App+_Pro+ and click OK in the prompt to confirm.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the iWebar1 hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

 

protection1.png

 

Technical details for experts

 

Signs in a HijackThis log:

 

O2 - BHO: 2657e500f3e90131a4e91fb939dcadf40061913 - {11111111-1111-1111-1111-110611191113} - C:\Program Files\iWebar1\iWebar1-bho.dll
 

Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\iWebar1       Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A       Adds the file 1475a154-b049-4439-aca3-399de0b889fb.crx"="9/26/2014 2:45 PM, 276469 bytes, A       Adds the file background.html"="9/16/2014 5:17 PM, 729 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5.crx"="9/26/2014 2:45 PM, 275269 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5.xpi"="9/26/2014 2:45 PM, 317314 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.exe"="9/26/2014 2:45 PM, 1972584 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.exe"="9/26/2014 2:45 PM, 932712 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-4.exe"="9/26/2014 2:45 PM, 1524072 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.exe"="9/26/2014 2:46 PM, 1012584 bytes, A       Adds the file Installer.log"="9/26/2014 2:46 PM, 30798 bytes, A       Adds the file iWebar1.ico"="9/16/2014 5:17 PM, 15086 bytes, A       Adds the file iWebar1-bg.exe"="9/26/2014 2:45 PM, 720744 bytes, A       Adds the file iWebar1-bho.dll"="9/26/2014 2:45 PM, 640360 bytes, A       Adds the file iWebar1-buttonutil.dll"="9/26/2014 2:46 PM, 427368 bytes, A       Adds the file iWebar1-buttonutil.exe"="9/26/2014 2:46 PM, 299880 bytes, A       Adds the file iWebar1-codedownloader.exe"="9/26/2014 2:45 PM, 1114472 bytes, A       Adds the file Uninstall.exe"="9/26/2014 2:45 PM, 104296 bytes, A       Adds the file utils.exe"="9/26/2014 2:45 PM, 2620760 bytes, A    Adds the folder C:\Users\{username}\AppData\LocalLow\iWebar1    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com       Adds the file chrome.manifest"="9/26/2014 2:45 PM, 672 bytes, A       Adds the file install.rdf"="9/26/2014 2:45 PM, 1281 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\kmleogbcafbghbdjnfllogganaoipmjh\1.26.23_0       Adds the file background.html"="9/26/2014 2:45 PM, 2183 bytes, A       Adds the file chromeCoreFilesIndex.txt"="9/26/2014 2:45 PM, 812 bytes, A       Adds the file manifest.json"="9/26/2014 2:45 PM, 1256 bytes, A       Adds the file popup.html"="9/26/2014 2:45 PM, 139 bytes, A       Adds the file Settings.json"="9/26/2014 2:45 PM, 602 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\kmleogbcafbghbdjnfllogganaoipmjh\1.26.23_0\extensionData    In the existing folder C:\Windows\System32\Tasks       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1"="9/26/2014 2:45 PM, 5762 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11"="9/26/2014 2:45 PM, 7500 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2"="9/26/2014 2:45 PM, 5114 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5"="9/26/2014 2:46 PM, 5450 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user"="9/26/2014 2:46 PM, 5456 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1.job"="9/26/2014 2:45 PM, 2732 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.job"="9/26/2014 2:45 PM, 4470 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.job"="9/26/2014 2:45 PM, 2084 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.job"="9/26/2014 2:46 PM, 2420 bytes, A       Adds the file e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user.job"="9/26/2014 2:46 PM, 2420 bytes, A Registry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.BHO]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611191113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.BHO\CurVer]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.BHO.1]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611191113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622192213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox\CurVer]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox.1]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622192213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}]       "(Default)"="REG_SZ", "iWebar1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\iWebar1\iWebar1-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\ProgID]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644194413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191113}\VersionIndependentProgID]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\iWebar1\iWebar1-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}\ProgID]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644194413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}\VersionIndependentProgID]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195513}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195513}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195513}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195513}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644194413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196613}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196613}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196613}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196613}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644194413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194413}\1.0]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194413}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\iWebar1\iWebar1-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194413}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194413}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\iWebar1"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21836]       "61913"="REG_SZ", "iWebar1"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21836\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\Firefox]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\Firefox\Profiles]       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\IbHF6AssBLzRCWHakWSuoVoT5xhmU9hYbdSmK4IrcROCzPERsDOHYSMeieEpf+uWxK/yJIpr9P96wnLTpYvxoPwZHPcNTU051QyvQfCFkdgpPfoUm5ec/tRNTD0ZLgM1siOiu+Kd2t4w2XiYHHu3aGZx3dn6tY1ReAkXJuZeM8o=]       "KlORb60UZ7khWgmbZZiSDiTEZ/dffHBQ6AjZZlHHDfEIY+xw6j1dHiL3DHn0suMGvD+mnounPTf71mRFns5e0RLy2j57e17jrDzUZhqjjCS0fpCRly00Dg1Hdin4SlJwHoKfmzP2CsZUwvIUSoJA8iwcG3FTJ5ewYmS9u/5AbtE="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\iWebar1\J/mLNeJqNZadeKEh5QKa0DD9T+RxtO2QiJ5EfEmyZ0KJaF8A9MU1hbk0WGTnmG2mN4hgxFlJY6eA5wURmOGvbhSDszVLK1UhhYDw6ESCy/wksdv578KYhNMsgxwB25ZN/hAQsvjzZr0QOfVQPjWo+AJXLYlch8DnZXNysw2AQuE=]       "MBpnS6o/rWhFYCJaHR8pdTRs1KN/jiEETmVOGi5lofYnpPVxOVfe8SBaZMLPXjyU6Y85avmv+qVDKFfUkN5dEwlfG+/j2lZuWFswFn4Ksd4FocRw+Y0xMqDqAeY/SUK41rniYyHPdk2cCMEt+4P+pJfnPIVpp5BjZTwsYr8Al+k="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "iWebar1-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191113}]       "(Default)"="REG_SZ", "2657e500f3e90131a4e91fb939dcadf40061913"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611191113}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar1]       "CrAppId"="REG_SZ", "61913"       "CrPublisherId"="REG_SZ", "21836"       "DisplayIcon"="REG_SZ", "C:\Program Files\iWebar1\utils.exe"       "DisplayName"="REG_SZ", "iWebar1"       "DisplayVersion"="REG_SZ", "1.35.9.16"       "Publisher"="REG_SZ", "iWebar"       "UninstallString"="REG_SZ", "C:\Program Files\iWebar1\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1.job"="REG_BINARY, ................................       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1.job.fp"="REG_DWORD", 1480182235       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.job"="REG_BINARY, ................................       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.job.fp"="REG_DWORD", -1974857101       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.job"="REG_BINARY, ................................       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.job.fp"="REG_DWORD", -1939375471       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.job"="REG_BINARY, ................................       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.job.fp"="REG_DWORD", 1914011528       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user.job"="REG_BINARY, ................................       "e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user.job.fp"="REG_DWORD", -1191497660    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "EE50067A43814C409A8F2959BD4FC40DIE"       "Verifier"="REG_SZ", "3e18239199a9ee60b8114056c271173b"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "61913"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "61913"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1]       "ActiveAppId"="REG_SZ", "61913"       "BhoRunningVersion"="REG_SZ", "154"       "IsBhoEnabled"="REG_DWORD", 1       "LastSetSearch"="REG_DWORD", 1411735632    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\background]       " {javascript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newclientonlinestorage.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "opera"       "ErrorsDomain"="REG_SZ", "http://errors.newclientonlinestorage.com"       "FullVersion"="REG_SZ", "1.35.9.16"       "FullVersionForUrl"="REG_SZ", "1_35_09_16"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "000171",   "sub_id" : "0",   "uzid" : "log"}"       "SetSearch"="REG_SZ", "false"       "SrcId"="REG_SZ", "000171"       "StatsDomain"="REG_SZ", "http://stats.newclientonlinestorage.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1411735521"       "ZData"="REG_SZ", "log"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\Log]       "iwebar1-buttonutil"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "iWebar"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "iWebar1"       "PluginsManifestVersion"="REG_SZ", "19"       "PublisherId"="REG_SZ", "21836"       "PublisherName"="REG_SZ", "iWebar"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "24"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\iWebar1\Update]       "LastCheck"="REG_DWORD", 1411735551    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21836]       "61913"="REG_SZ", "iWebar1"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21836\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\iWebar]       "61913"="REG_SZ", "iWebar1"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611191113}]       "Flags"="REG_DWORD", 1024 
 

Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 9/26/2014Scan Time: 2:52:32 PMLogfile: mbamIwebar.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.09.26.04Rootkit Database: v2014.09.19.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: Malwarebytes Scan Type: Threat ScanResult: CompletedObjects Scanned: 269056Time Elapsed: 3 min, 16 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 36PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611191113}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194413}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195513}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196613}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\2657e500f3e90131a4e91fb939dcadf40061913.BHO.1, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611191113}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\2657e500f3e90131a4e91fb939dcadf40061913.BHO, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611191113}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611191113}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192213}, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox.1, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\2657e500f3e90131a4e91fb939dcadf40061913.Sandbox, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611191113}\INPROCSERVER32, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.iWebar.A, HKLM\SOFTWARE\iWebar1, Quarantined, [271546acfd7e75c185d824e6946f837d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [a29a7a78c0bb4cea23ff45d3bd46b749], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [d666975b7ffcc670f84fd063768d17e9], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [42fa22d02754ba7c78a996e384802ad6], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [91abbf3393e88fa736ec28512bd9a060], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [56e6b33f0f6cb185092897d327dd7f81], PUP.Optional.iWebar.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar1, Quarantined, [e55762904f2c3ef86df2bc4ea45f7e82], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [360619d9700b7db94d6b49c27291fe02], PUP.Optional.iWebar.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, Quarantined, [da62e012eb90999d412b80bc6a9956aa], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.iWebar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iWebar1, Quarantined, [2913e909ec8fbb7bb334a66180833cc4],  Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [a29a7a78c0bb4cea23ff45d3bd46b749] Registry Data: 0(No malicious items detected) Folders: 22PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{0F772AD9-EA26-4155-9CD8-36A4B6F782E9}, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\defaults, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\defaults\preferences, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\userCode, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\locale, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\locale\en-US, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.iWebar.A, C:\Users\{username}\AppData\LocalLow\iWebar1, Quarantined, [0537a84a6516af8761841fe8eb182dd3], PUP.Optional.iWebar.A, C:\Program Files\iWebar1, Quarantined, [2913e909ec8fbb7bb334a66180833cc4],  Files: 162PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1-bho.dll, Quarantined, [cd6f2ac87cffa78fc4c551704eb322de], PUP.Optional.crossRider.A, C:\Users\{username}\Desktop\iWebar1.exe, Quarantined, [e65644aec7b4999d5dbd241c46bac53b], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.exe, Quarantined, [3dff1cd6abd0dd59ddac566bc63b659b], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.exe, Quarantined, [92aa2cc684f758debacfdae708f944bc], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-4.exe, Quarantined, [c379e30f6f0cb383e7a20cb50ef3e41c], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.exe, Quarantined, [76c6fdf5c5b6f442ea9f665b000148b8], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1-bg.exe, Quarantined, [46f6e909ef8cae886e1bf4cd847d1ee2], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1-buttonutil.exe, Quarantined, [b4889b570d6eca6c7a0f942d38c943bd], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1-codedownloader.exe, Quarantined, [4defc1314635ea4c06836160cd347987], PUP.Optional.crossRider.A, C:\Program Files\iWebar1\utils.exe, Quarantined, [3408b83af3883600d446c57b10f0669a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1, Quarantined, [c27aa34fa4d70a2c9e7f68b042c1ee12], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11, Quarantined, [6fcd747e1f5cc4728796799fef142fd1], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2, Quarantined, [8ab2b63c6516cb6b150852c6b84b7b85], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5, Quarantined, [13298d6590eb0e285ebf51c743c01de3], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user, Quarantined, [5ae2d919f7843105c35a2eea1de6da26], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-1.job, Quarantined, [0933d1218eede155d0ca373f64a03dc3], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-11.job, Quarantined, [7dbf39b91962ac8abae096e02adac838], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-2.job, Quarantined, [8cb0fef41962ab8b6832175fd62eea16], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5.job, Quarantined, [c67626cc3a41e155b3e73046020259a7], PUP.Optional.CrossRider.T, C:\Windows\Tasks\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5-5_user.job, Quarantined, [1428e60c0d6e5adc89116610d03404fc], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [b587bd359be0fd39149c79fd47bd7d83], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [95a7876be695cc6af5bc33438282a858], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [3efe60928eedb6801c96cbab5da79f61], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [72ca5b97e4973600852edd993fc56d93], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [023a3ab8017aa88e0b64ac492cd6fa06], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\GoogleCrashHandler.exe, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\GoogleUpdate.exe, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\GoogleUpdateBroker.exe, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\GoogleUpdateHelper.msi, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\GoogleUpdateOnDemand.exe, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\goopdate.dll, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\goopdateres_en.dll, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\npGoogleUpdate4.dll, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\psmachine.dll, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.449180\psuser.dll, Quarantined, [35070fe398e30e28dbb0aa4b40c21de3], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome.manifest, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\install.rdf, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\32d580df60c40582b12fe410fe139168.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\6b2776c3dc7956bf06f00c65586c1cca.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\8de74308f4094d9e3ba8d086510188d1.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\9f60fcd0dd090fb9334bb0fda2c27c8e.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\ac9c1d313fc2132daa1a8d416a2ebff5.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\background.html, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\browser.xul, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\dialog.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\fc5f31fdf684dfee4fd96517018b1f71.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\options.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\options.xul, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\search_dialog.xul, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\86d92357c4f0f2298e438151e5bb5849.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\040ef1e21af5a0435b6c89a11f5f74d1.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\09ae32ed331a7f053a80606d4720f332.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\1a23396c07f4cba5d34ced12386e5e82.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\4298ca3c3db20495b150f52ae5051ffa.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\4cdcb9181024588071c4efce9e817387.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\50504d99852661cae71bad96eda89b54.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\70b15b3403dc1849a34b2b7db41b11fe.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\8630b1baa81131de7f0db499589c210d.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\88678b092463ac8401d6acd039293dca.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\a0208cc2b79f12214c908e8cd83214d6.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\bc649c30a2f1db2859acdcd0451e1e11.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\c7f1780725f4541d8e48a90a45a7a352.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\cc2cc109b154d1d431267c1a8bb7decf.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\d3aef95aa2f757f3a236246d5257a9b3.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\api\f80b341f04e7d5d41ca6f1a241a60534.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\bb62c34ef8d6711aba48e606b64b9117.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\0f0a744064d39238252e52a965f35825.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\10204856719123ee7f2af31b09f3dd0e.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\13aad55f6ad65ce74a298f6d8cf196e8.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\19df0e0ef46339bf49771a21214df4cc.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\3025dbb510159e35fac5d166c9a6d9dc.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\3968291a312160426a5034b669aad1e9.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\3a25b3c902e2143884b61b9e4e0f9364.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\3e2614fb4e0054680213e91f222208a9.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\45366d353f7b17b550b364c83f29596d.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\82eea68739792c6c76e5b2b6293f64f6.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\8672313edf42723d5ceac8bf328fa996.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\be4ef1d2a22fe0e56e66b4e85a261d8d.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\bf9ff198cfa51ee401c0e724b5a20b55.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\c5a2307456a4192e59e3df5f41a49270.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\c978685c92683798ff6f6d8cc4fcb1f6.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\cc0b795e43c85325f73d4bb847520e73.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\d30d47b0ad6918dca7c9d6180c8a9a00.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\db064ad72206245b4052039f14b82a88.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\e4de3de9ae05fcfcaded0770bbef4783.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\chrome\content\core\installer.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\defaults\preferences\prefs.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\manifest.xml, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins.json, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\1.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\102.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\104.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\13.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\14.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\16.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\17.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\177.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\180.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\182.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\183.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\184.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\195.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\207.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\21.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\22.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\220.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\223.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\226.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\242.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\246.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\268.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\275.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\28.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\281.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\286.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\4.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\47.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\64.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\7.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\72.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\78.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\9.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\91.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\93.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\plugins\98.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\userCode\background.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\extensionData\userCode\extension.js, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\locale\en-US\translations.dtd, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\button1.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\button2.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\button3.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\button4.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\button5.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\crossrider_statusbar.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\icon128.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\icon16.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\icon24.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\icon48.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\panelarrow-up.png, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\popup.html, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\skin.css, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com\skin\update.css, Quarantined, [74c88f6389f295a1919b9368ea18966a], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\1293297481.mxaddon, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\1475a154-b049-4439-aca3-399de0b889fb.crx, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\background.html, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5.crx, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\e1a5efb1-4082-4352-9f42-6dcd1ef02ea5.xpi, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\Installer.log, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1-buttonutil.dll, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\iWebar1.ico, Quarantined, [2913e909ec8fbb7bb334a66180833cc4], PUP.Optional.iWebar.A, C:\Program Files\iWebar1\Uninstall.exe, Quarantined, [2913e909ec8fbb7bb334a66180833cc4],  Physical Sectors: 0(No malicious items detected)  (end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.