Jump to content

Search the Community

Showing results for tags 'CrossRider'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 16 results

  1. Hi everyone this is my first post! Happy to have found this forum. I'm just starting to learn about malware removal. My main question is should I join AlienVault Open Threat Exchange? I'd like to be able to more easily identify threats that are found on my devices and network. The website is https://otx.alienvault.com . I'd also like to learn how to identify who an IP address belongs to and if it is safe. Below are details related to the malware on my iMac (Mojave 10.14.6. If anyone cares to delve in and comment on any of it, that would be fantastic. Thank you in advance. My Safari (v13.1) cache has 50+ websites in it that I have not navigated to, and if I delete each cache individually, some automatically come back. I've looked into a few of these cached sites, but am extremely hesitant to continue to go to these websites or even to google them to investigate because it may raise my risk of getting infected. I've run EasyFind (Devon Technologies app) searches on some of the websites in the cache, and it is not finding them despite searching all files and volumes. 1st run of the Premium trial of Malwarebytes found Crossrider, mitmproxy, a browser extension in Chrome (adware), several files and directories related to TopicLookup, and a couple other files and directories. Screenshot attached of quarantined items. Nothing else found since then and my trial has run out; should I upgrade to Premium? Flash Player was installed and updated multiple times from a 3rd party. This was over a year ago; I don't remember doing it but it updated monthly for some time. Adobe cannot find it on my iMac to uninstall it; I'm assuming that is because Flash Player was not installed from Adobe to begin with. I've started to manually find and delete the Flash files. Deleting Flash Player from the system preferences pane requires me to put in my admin password, which I haven't done yet (again, hesitant). EtreCheck report below. I am new to EtreCheck and am still deciphering the report. I have a runaway process and kernel panics that could be related to 3rd party software. Also, I downloaded Norton from my Internet provider (xfinity) on 4-9-2020, and EtreCheck shows Norton for Mac and Norton Security were both installed. The app is Norton Security; I can't find Norton For Mac anywhere on my iMac. At any rate, Norton Security has been useless in finding threats. EtreCheck version: 5.5.4 (5106) Report generated: 2020-04-28 03:34:46 Download EtreCheck from https://etrecheck.com Runtime: 2:04 Performance: Excellent Sandbox: Enabled Full drive access: Enabled Problem: Other problem Description: Remove Flash Player, adware, malware Major Issues: Anything that appears on this list needs immediate attention. Runaway process - A process is using a large percentage of your CPU. Kernel panics - This system has experienced kernel panics that could be related to 3rd party software. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Heavy network usage - This machine has recently restarted and has high network usage. Apps crashing - There have been numerous app crashes. Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system. 32-bit Apps - This machine has 32-bits apps will not work on macOS 10.15 "Catalina". Kernel extensions present - This machine has kernel extensions that may not work in the future. Hardware Information: iMac (Retina 5K, 27-inch, 2017) iMac Model: iMac18,3 4.2 GHz Intel Core i7 (i7-7700K) CPU: 4-core 8 GB RAM - Upgradeable BANK 0/DIMM0 - 4 GB DDR4 2400 BANK 0/DIMM1 - Empty BANK 1/DIMM0 - 4 GB DDR4 2400 BANK 1/DIMM1 - Empty Video Information: Radeon Pro 580 - VRAM: 8 GB iMac (built-in) 5120 x 2880 Drives: disk0 - APPLE SSD SM2048L 2.00 TB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 2.00 TB disk1 [APFS Virtual drive] 2.00 TB (Shared by 4 volumes) disk1s1 - Macintosh HD (APFS) (Shared - 653.85 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared) disk1s3 - Recovery (APFS) [Recovery] (Shared) disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used) Mounted Volumes: disk1s1 - Macintosh HD 2.00 TB (Shared - 653.85 GB used, 1.35 TB available, 1.34 TB free) APFS Mount point: / disk1s4 - VM [APFS VM] 2.00 TB (Shared - 5.37 GB used, 1.34 TB free) APFS Mount point: /private/var/vm Network: Interface en0: Ethernet Interface en5: iPhone Interface en1: Wi-Fi 802.11 a/b/g/n/ac Interface en4: Bluetooth PAN Interface bridge0: Thunderbolt Bridge System Software: macOS Mojave 10.14.6 (18G4032) Time since boot: About 4 hours Notifications: EtreCheck.app 5 notifications Safari.app 4 notifications Security: Gatekeeper: Enabled System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Unsigned Files: Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.symantec.sharedsettings.MES.plist Executable: /Library/Application Support/Symantec/Silo/MES/DomainSettings/SymSharedSettingsd Details: Executable file is not accessible without Full Drive Access 32-bit Applications: 5 32-bit apps Kernel Extensions: /Library/Application Support/Malwarebytes/MBAM/Kext MB_MBAM_Protection.kext (Malwarebytes Corporation, 4.4 - SDK 10.11) /Library/Extensions SymXIPS.kext (Symantec, 9.0.1 - SDK 10.10) SymInternetSecurity.kext (Symantec, 9.0.3 - SDK 10.10) SymIPS.kext (Symantec, 9.0.2 - SDK 10.10) NortonForMac.kext (Symantec, 9.0.1 - SDK 10.10) System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 187 Apple tasks [Running] 97 Apple tasks [Other] One Apple task System Launch Daemons: [Not Loaded] 38 Apple tasks [Loaded] 199 Apple tasks [Running] 97 Apple tasks Launch Agents: [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2020-04-21) [Running] com.symantec.uiagent.application.MES.plist (Symantec - installed 2020-03-26) Launch Daemons: [Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2020-03-18) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2020-04-27) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-01-23) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2020-04-21) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-01-15) [Loaded] com.symantec.SymLUHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.UninstallerToolHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.deepsightdownload.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.dsp.nortonaggregatord.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.kexthelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.liveupdate.daemon.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.sharedsettings.MES.plist (? 84ffa067 - installed 2020-03-26) [Running] com.symantec.symdaemon.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.detail.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.panicreporter.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.submit.MES.plist (Symantec - installed 2020-03-26) [Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2019-03-24) User Launch Agents: [Other] com.google.keystone.agent.plist (Google, Inc. - installed 2020-04-27) [Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2020-04-27) User Login Items: [Running] CIJSULAgent (Canon Inc. - installed 2019-03-24) Modern Login Item /Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app [Not Loaded] Launcher Disabler (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app [Not Loaded] OneDrive Launcher (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app [Not Loaded] StartUpHelper (Spotify - installed 2019-05-16) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Not Loaded] HP Product Research (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app [Not Loaded] HP Data Uploader (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app/Contents/Resources/HP Data Uploader.app Audio Plug-ins: AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-09-20) BluetoothAudioPlugIn: 6.0.14 (Apple - installed 2020-04-15) AirPlay: 2.0 (Apple - installed 2020-04-15) AppleAVBAudio: 760.6 (Apple - installed 2019-09-20) BridgeAudioSP: 5.52 (Apple - installed 2020-04-15) iSightAudio: 7.7.3 (Apple - installed 2019-09-20) 3rd Party Preference Panes: Flash Player (Adobe Systems, Inc. - installed 2020-02-25) Time Machine: Auto backup: Yes Volumes being backed up: Macintosh HD: Disk size: 2.00 TB - Disk used: 660.08 GB Destinations: Data [Network] (Last used) Total size: 2.85 TB Total number of backups: 20 Oldest backup: 2020-03-15 10:45:32 Last backup: 2020-04-28 03:13:43 16 local snapshots Oldest local snapshot: 2020-04-27 03:11:25 Last local snapshot: 2020-04-28 03:08:02 Performance: System Load: 3.20 (1 min ago) 2.51 (5 min ago) 2.26 (15 min ago) Nominal I/O speed: 7.97 MB/s File system: 30.11 seconds Write speed: 2267 MB/s Read speed: 2832 MB/s CPU Usage Snapshot: Type Overall System: 3 % User: 18 % Idle: 78 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) Other processes 127.13 % (?) Console 25.05 % (Apple) EasyFind 7.43 % (App Store) Safari 4.80 % (Apple) EtreCheck 2.89 % (App Store) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheck 443 MB (App Store) Console 246 MB (Apple) Safari 183 MB (Apple) Finder 177 MB (Apple) EasyFind 122 MB (App Store) Top Processes Snapshot by Network Use: Process Input / Output (Source - Location) Other processes 638 MB / 1.13 GB (?) com.apple.WebKit.Networking 2 MB / 408 KB (Apple) SystemUIServer 873 B / 36 B (Apple) Terminal 0 B / 0 B (Apple) diagnostics_agent 0 B / 0 B (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 23 MB Used RAM: 7.02 GB Cached files: 982 MB Available RAM: 1006 MB Swap Used: 1.76 GB Software Installs (past 30 days): Install Date Name (Version) 2020-04-01 Numbers (10.0) 2020-04-01 Pages (10.0) 2020-04-01 Keynote (10.0) 2020-04-02 Safari (13.1) 2020-04-02 MRTConfigData (1.58) 2020-04-09 Norton For Mac (8.5.5.277.277) 2020-04-09 Norton Security SKU (8.5.5.277.277) 2020-04-15 Security Update 2020-002 (10.14.6) 2020-04-15 Mobile Device (1.0.0.0) 2020-04-15 Microsoft Excel (16.36.20041300) 2020-04-15 Microsoft OneNote (16.36.20041300) 2020-04-15 Microsoft Outlook (16.36.20041300) 2020-04-15 Microsoft PowerPoint (16.36.20041300) 2020-04-16 XProtectPlistConfigData (2119) 2020-04-21 Microsoft AutoUpdate (4.22.20042003) 2020-04-27 EasyFind (4.9.3) 2020-04-27 EtreCheck (5.5.4) 2020-04-27 Microsoft Word (16.36.20041300) 2020-04-27 Malwarebytes for Mac (1.0) Diagnostics Information (past 7-30 days): 2020-04-28 03:19:47 Safari.app - Crash (15 times) Executable: /Applications/Safari.app Details: dyld: launch, loading dependent libraries 2020-04-27 23:43:59 coreservicesd - High CPU Use (2 times) Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/Support/coreservicesd 2020-04-26 06:07:30 com.apple.WebKit.WebContent - High CPU Use Executable: /System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent 2020-04-25 22:53:44 backupd - High CPU Use Executable: /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd 2020-04-22 13:44:47 Kernel Panic (2 times) Details: panic(cpu 0 caller 0xffffff8013205446): "a freed zone element has been modified in zone kalloc.128: expected 0xdeadbeefdeadbeef but found 0x ffffff803a83c250, bits changed 0x2152416fe42e7cbf, at offset 88 of 128 in element 0xffffff803a83b800, cookies 0x3f00119a67238ab8 0x53521dd0d 22eb3d"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-4903.2 78.28/osfmk/kern/zalloc.c:1206 3rd party kernel extensions: com.malwarebytes.mbam.rtprotection com.symantec.SymXIPS com.symantec.internetSecurity.kext com.symantec.ips.kext com.symantec.nfm.kext End of report If you got this far, I am indebted to your kindness. Thank you!
  2. Hello, I am new to the forums and thank you for taking the time to help. I have a 3 PC's all running windows 10 all with malwarebytes Home Premium, that this has effected. About 3-4 weeks ago I started getting a malwarebytes has blocked a malicious site warning. I am attaching a screen shot of the exact warning. It refers to a resources.crossrider.com. It pops up about every 3 seconds continuously. I have run scans over and over and MWB finds nothing. Then all of a sudden, on my big machine (desktop), it found like 40 PUP items labels resources.crossrider.com and other crossrider.com variations and it has seemed to clear it up just on the one machine. The others still scan with nothing found. It seems to me that it spread through chrome because I am generally careful on what I download program wise and is nothing that has been downloaded on all three machines. Any ideas on what is going on would be greatly appreciated. Thanks D Addition.txt FRST.txt
  3. MBAM is incorrectly detecing a scheduled task from Baidu Antivirus as belonging to CrossRider. There is a screenshot of the detection here: http://www.wilderssecurity.com/threads/baidu-antivirus-2013.342629/page-37#post-2448188 I have confirmed this is a false positve: http://www.wilderssecurity.com/threads/baidu-antivirus-2013.342629/page-37#post-2448352 Here are the VirusTotal scan results: https://www.virustotal.com/en/file/ec86299456bc8c0fc7ce0966c3d0c7005622f492503853d7d526c320bdc93579/analysis/1421458519/ Roger
  4. Don't know what is going on but think I may have an infection. Web pages fail due to long-running scripts. Here is what Malware found: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.05.12.09 Windows 7 Service Pack 1 x64 NTFS (Safe Mode) Internet Explorer 10.0.9200.16844 Kelly :: KELLY-PC [administrator] 5/12/2014 9:17:56 PM mbam-log-2014-05-12 (21-17-56).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 473963 Time elapsed: 1 hour(s), 31 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 5 C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\images (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. Files Detected: 12 C:\Windows\Temp\UpdateFlashPlayer_b3473e44.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Windows\Temp\vxxxff.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbmafkdmkkckhggblphicnnhlgljnoje_0.localstorage (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbmafkdmkkckhggblphicnnhlgljnoje_0.localstorage-journal (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\manifest.json (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\html\background.html (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\images\icon.128.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\images\icon.16.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\images\icon.48.png (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\js\background.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\js\ex.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0\js\jquery.js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. (end)
  5. I need assistance to safely and permanently get rid of PUP.Optional.Crossrider.A and other malware. I have uninstalled Mobogenie but cant get rid of it completely. On startup the following message is displayed C;\Documents and Settings\user\application data\newnext.me\negine.dll. My pc is also extremely slow and tends to hang. I have run disk cleanup, disk defragmenter to no avail. Please assist as I am at my wits end FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2014Ran by User (administrator) on TASDBN-PC-04 on 23-04-2014 22:30:50Running from C:\Documents and Settings\User\DesktopMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe(Rockwell Software Inc.) C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE(HP) C:\WINDOWS\system32\HPSIsvc.exe(Attix5 Development (Pty) Ltd) C:\Program Files\Pastel IronTree\a5backup.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe() C:\Program Files\Mobogenie\MgAssist.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe() C:\Program Files\Mobogenie\DaemonProcess.exe() C:\Program Files\CyberLink\Shared files\RichVideo.exe(Rockwell Software, Inc.) C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Akamai Technologies, Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe(Akamai Technologies, Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe() C:\PVSW\bin\w3dbsmgr.exe(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe(Dropbox, Inc.) C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17331200 2008-10-28] (Realtek Semiconductor Corp.)HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-02-26] (Nero AG)HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [49152 2006-04-13] ()HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM\...\Run: [] => [X]HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [257088 2007-03-02] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [748736 2014-04-17] ()HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m lHKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Policies\Explorer: [] HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\MountPoints2: {23f61dfa-a10d-11e0-a108-6c626dcf6475} - E:\curice/elena.exeAppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll File Not FoundIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnkShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTIONHKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.za/URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - No FileSearchScopes: HKLM - DefaultScope {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AUV^xdm006^YYA^za&si=CJGf5tztprgCFSXMtAod_CEA9A&ptb=2D838740-982B-476D-B8A4-D04B6D6ED603&ind=2013071102&n=77fd06fe&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM - {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AUV^xdm006^YYA^za&si=CJGf5tztprgCFSXMtAod_CEA9A&ptb=2D838740-982B-476D-B8A4-D04B6D6ED603&ind=2013071102&n=77fd06fe&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&v=a9396-116&apn_uid=3110446817744035&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm063^YY^za&si=CMbj3Kau6rYCFZMQtAodlkwA7Q&ptb=E7BD60D5-380A-4E90-B1D8-A4C9D2B0B6A8&ind=2013042703&n=77fc980f&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = BHO: HP Smart Print BHO - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @MapsGalaxy_39.com/Plugin - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No FileFF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: =======CHR DefaultSearchKeyword: google.co.zaCHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18] ========================== Services (Whitelisted) ================= R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)S3 dnWhoDisp; C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe [73728 2002-04-29] ()R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project)R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project)S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-08-26] (Flexera Software LLC)R3 Harmony; C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE [192512 2005-06-23] (Rockwell Software Inc.)S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP)R2 IronTreeDL; C:\Program Files\Pastel IronTree\a5backup.exe [163840 2010-03-02] (Attix5 Development (Pty) Ltd)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-04-17] ()S3 OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [98304 2004-12-02] (OPC Foundation)R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] ()R2 RSLinx; C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE [1896720 2005-07-29] (Rockwell Software, Inc.) ==================== Drivers (Whitelisted) ==================== S3 ABKTCX; C:\WINDOWS\System32\Drivers\ABKTCX.sys [71448 2004-06-03] (Rockwell Software Inc.)R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)S3 RsiKtControl; C:\WINDOWS\system32\RSIKT.SYS [30166 2004-06-03] (Rockwell Software, Inc.)S3 RSSERIAL; C:\WINDOWS\SYSTEM32\RSSERIAL.SYS [155440 2004-06-03] (Rockwell Software Inc.)S3 RS_SS_NT; C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS [142592 2004-06-03] (Rockwell Software, Inc.)R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-03-27] (StdLib)S4 IntelIde; No ImagePathS1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 22:30 - 2014-04-23 22:31 - 00019615 _____ () C:\Documents and Settings\User\Desktop\FRST.txt2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\FRST2014-04-23 22:24 - 2014-04-23 22:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe2014-04-23 22:23 - 2014-04-23 22:23 - 01365865 _____ () C:\Documents and Settings\User\Desktop\adwcleaner.exe2014-04-23 22:22 - 2014-04-23 22:22 - 03972608 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe2014-04-23 22:18 - 2014-04-23 22:18 - 01048576 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe2014-04-23 12:27 - 2014-04-23 12:28 - 00000005 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan2014-04-17 10:43 - 2014-04-17 18:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Brother2014-04-17 10:35 - 2014-04-17 18:09 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Labels2014-04-17 10:32 - 2007-04-19 12:30 - 00033280 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21L.DLL2014-04-17 10:32 - 2007-04-16 06:23 - 00057344 ____R () C:\WINDOWS\system32\PT21F.DLL2014-04-17 10:32 - 2007-03-26 02:37 - 00001112 ____R () C:\WINDOWS\system32\PT21L.INI2014-04-17 10:32 - 2007-03-08 10:35 - 00016327 ____R () C:\WINDOWS\system32\PT21M.CHM2014-04-17 10:32 - 2007-02-09 07:47 - 00090112 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21M.EXE2014-04-17 10:32 - 2007-01-16 14:09 - 00010240 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21M.DLL2014-04-17 10:29 - 2014-04-17 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Brother P-touch2014-04-17 10:28 - 2014-04-17 10:29 - 00000000 ____D () C:\Program Files\Brother2014-04-17 10:28 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Common Files\Brother2014-04-17 09:29 - 2014-04-17 08:27 - 00495616 _____ () C:\Documents and Settings\User\Desktop\Afrox 2014.xls2014-04-17 09:28 - 2014-04-17 09:27 - 00463360 _____ () C:\Documents and Settings\User\Desktop\Afrox Guages 2014.xls2014-04-16 06:52 - 2014-04-16 10:51 - 00035328 _____ () C:\Documents and Settings\User\Desktop\Shepherd Rep Priest - Master.xls2014-04-11 10:54 - 2014-04-11 11:34 - 00013428 _____ () C:\Documents and Settings\User\My Documents\OUPSIE Boyancy.xlsx2014-04-09 03:16 - 2014-04-09 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$2014-04-09 03:04 - 2014-04-09 03:05 - 00011520 _____ () C:\WINDOWS\KB2936068-IE8.log2014-04-09 01:32 - 2014-04-09 03:16 - 00013588 _____ () C:\WINDOWS\KB2922229.log2014-04-01 09:15 - 2014-04-01 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG20142014-03-29 10:04 - 2014-03-29 10:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ___HD () C:\$AVG2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ____D () C:\Program Files\AVG2014-03-29 09:59 - 2014-03-29 10:41 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg20142014-03-28 07:54 - 2014-04-17 09:44 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ___RD () C:\Program Files\Skype2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype2014-03-28 07:23 - 2014-03-28 07:23 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SkypeTalking2014-03-27 22:37 - 2014-03-27 22:37 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys2014-03-27 21:10 - 2014-03-27 21:10 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Optimizer Pro2014-03-27 21:05 - 2014-03-28 07:42 - 00000000 ____D () C:\Program Files\SkypeTalking2014-03-26 08:11 - 2014-03-26 08:11 - 00000790 _____ () C:\Documents and Settings\User\Desktop\The Holy Bible (2).LNK2014-03-26 08:10 - 2014-03-26 08:10 - 00000790 _____ () C:\Documents and Settings\User\Start Menu\Programs\The Holy Bible.LNK2014-03-26 08:09 - 2014-03-26 08:30 - 00000000 ____D () C:\Program Files\The Holy Bible Ver812014-03-26 08:09 - 1997-07-19 18:00 - 00193296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mci32.ocx2014-03-26 08:09 - 1997-01-16 01:00 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\ST5UNST.EXE2014-03-26 08:09 - 1997-01-16 01:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5StKit.dll2014-03-24 08:39 - 2014-03-24 08:42 - 1470996198 _____ () C:\Documents and Settings\User\Desktop\20140323_185056.mp42014-03-24 08:04 - 2014-03-24 08:04 - 00285120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat ==================== One Month Modified Files and Folders ======= 2014-04-23 22:31 - 2014-04-23 22:30 - 00019615 _____ () C:\Documents and Settings\User\Desktop\FRST.txt2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\FRST2014-04-23 22:30 - 2012-04-24 01:03 - 00110225 _____ () C:\WINDOWS\pfirewall.log2014-04-23 22:24 - 2014-04-23 22:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe2014-04-23 22:23 - 2014-04-23 22:23 - 01365865 _____ () C:\Documents and Settings\User\Desktop\adwcleaner.exe2014-04-23 22:22 - 2014-04-23 22:22 - 03972608 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe2014-04-23 22:20 - 2013-07-03 09:21 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype2014-04-23 22:18 - 2014-04-23 22:18 - 01048576 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe2014-04-23 21:33 - 2013-07-04 03:58 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-23 20:40 - 2011-06-28 00:11 - 01271294 _____ () C:\WINDOWS\WindowsUpdate.log2014-04-23 20:38 - 2014-02-15 16:25 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox2014-04-23 20:37 - 2014-02-15 16:28 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\Dropbox2014-04-23 20:35 - 2013-11-28 16:44 - 00045109 _____ () C:\WINDOWS\pvsw.log2014-04-23 20:35 - 2011-06-27 23:56 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl2014-04-23 20:32 - 2011-06-27 17:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-04-23 20:32 - 2011-06-27 17:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log2014-04-23 20:31 - 2014-03-14 08:26 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-04-23 20:31 - 2013-07-04 03:58 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-23 20:31 - 2011-06-28 00:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-23 20:28 - 2011-06-28 00:34 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini2014-04-23 20:28 - 2011-06-28 00:16 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt2014-04-23 20:23 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie2014-04-23 20:23 - 2014-03-18 09:44 - 00000000 ____D () C:\Program Files\Mobogenie2014-04-23 19:16 - 2013-08-26 09:54 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Akamai2014-04-23 19:10 - 2011-06-27 16:59 - 00000000 ____D () C:\WINDOWS\Help2014-04-23 18:39 - 2013-04-29 13:40 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Registry backup2014-04-23 18:14 - 2013-03-24 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-04-23 17:26 - 2013-04-29 14:13 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Payments2014-04-23 16:00 - 2012-09-10 15:17 - 00000512 ____H () C:\WINDOWS\Tasks\Instracon 1347283047.job2014-04-23 15:45 - 2011-06-28 09:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$2014-04-23 15:43 - 2012-04-24 01:03 - 04058890 _____ () C:\WINDOWS\pfirewall.log.old2014-04-23 15:42 - 2011-06-27 23:56 - 00000739 _____ () C:\WINDOWS\win.ini2014-04-23 15:42 - 2011-06-27 16:32 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt2014-04-23 14:34 - 2013-11-28 16:37 - 00188200 _____ () C:\WINDOWS\setupapi.log2014-04-23 14:16 - 2011-06-30 15:05 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\CutePDF Writer2014-04-23 12:28 - 2014-04-23 12:27 - 00000005 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan2014-04-23 08:30 - 2011-07-07 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Shared Docs2014-04-22 15:37 - 2013-05-02 22:30 - 00002137 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk2014-04-22 15:28 - 2011-08-15 11:41 - 00000000 ____D () C:\Pastel112014-04-21 19:45 - 2012-07-20 10:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-04-20 22:32 - 2011-06-28 00:27 - 00111056 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2014-04-20 22:18 - 2011-06-27 17:04 - 00386408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-04-17 18:09 - 2014-04-17 10:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Brother2014-04-17 18:09 - 2014-04-17 10:35 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Labels2014-04-17 11:54 - 2014-01-09 15:38 - 00000000 ____D () C:\Documents and Settings\User\Desktop\OAC Garden Folder2014-04-17 11:54 - 2013-09-04 08:26 - 00000000 ____D () C:\Documents and Settings\User\Desktop\OAC FORMS2014-04-17 11:49 - 2013-08-26 13:12 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\cache2014-04-17 11:17 - 2013-10-25 08:02 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Deageo2014-04-17 10:33 - 2011-06-28 00:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-04-17 10:29 - 2014-04-17 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Brother P-touch2014-04-17 10:29 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Brother2014-04-17 10:28 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Common Files\Brother2014-04-17 09:44 - 2014-03-28 07:54 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk2014-04-17 09:27 - 2014-04-17 09:28 - 00463360 _____ () C:\Documents and Settings\User\Desktop\Afrox Guages 2014.xls2014-04-17 08:27 - 2014-04-17 09:29 - 00495616 _____ () C:\Documents and Settings\User\Desktop\Afrox 2014.xls2014-04-16 10:51 - 2014-04-16 06:52 - 00035328 _____ () C:\Documents and Settings\User\Desktop\Shepherd Rep Priest - Master.xls2014-04-11 11:34 - 2014-04-11 10:54 - 00013428 _____ () C:\Documents and Settings\User\My Documents\OUPSIE Boyancy.xlsx2014-04-11 09:39 - 2014-03-18 08:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-04-09 12:54 - 2014-01-07 15:12 - 00011000 _____ () C:\Documents and Settings\User\Desktop\Prophetic Report.xlsx2014-04-09 11:46 - 2014-03-15 10:24 - 00000000 ____D () C:\Documents and Settings\User\Desktop\GARDEN FOLDERS2014-04-09 03:32 - 2014-03-14 08:26 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-04-09 03:17 - 2011-06-27 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help2014-04-09 03:16 - 2014-04-09 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$2014-04-09 03:16 - 2014-04-09 01:32 - 00013588 _____ () C:\WINDOWS\KB2922229.log2014-04-09 03:16 - 2014-01-04 13:55 - 00098871 _____ () C:\WINDOWS\iis6.log2014-04-09 03:16 - 2014-01-04 13:55 - 00092951 _____ () C:\WINDOWS\FaxSetup.log2014-04-09 03:16 - 2014-01-04 13:55 - 00044340 _____ () C:\WINDOWS\ocgen.log2014-04-09 03:16 - 2014-01-04 13:55 - 00042318 _____ () C:\WINDOWS\tsoc.log2014-04-09 03:16 - 2014-01-04 13:55 - 00030672 _____ () C:\WINDOWS\comsetup.log2014-04-09 03:16 - 2014-01-04 13:55 - 00027844 _____ () C:\WINDOWS\msmqinst.log2014-04-09 03:16 - 2014-01-04 13:55 - 00018581 _____ () C:\WINDOWS\ntdtcsetup.log2014-04-09 03:16 - 2014-01-04 13:55 - 00016245 _____ () C:\WINDOWS\netfxocm.log2014-04-09 03:16 - 2014-01-04 13:55 - 00006375 _____ () C:\WINDOWS\MedCtrOC.log2014-04-09 03:16 - 2014-01-04 13:55 - 00005130 _____ () C:\WINDOWS\ocmsn.log2014-04-09 03:16 - 2014-01-04 13:55 - 00004665 _____ () C:\WINDOWS\tabletoc.log2014-04-09 03:16 - 2014-01-04 13:55 - 00004635 _____ () C:\WINDOWS\msgsocm.log2014-04-09 03:16 - 2014-01-04 13:55 - 00001355 _____ () C:\WINDOWS\imsins.log2014-04-09 03:12 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-04-09 03:05 - 2014-04-09 03:04 - 00011520 _____ () C:\WINDOWS\KB2936068-IE8.log2014-04-09 03:05 - 2014-01-04 13:55 - 00010400 _____ () C:\WINDOWS\updspapi.log2014-04-09 03:05 - 2014-01-04 13:55 - 00001355 _____ () C:\WINDOWS\imsins.BAK2014-04-09 03:05 - 2011-06-28 09:41 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-04-09 03:04 - 2011-06-28 06:22 - 00000000 ____D () C:\WINDOWS\ie8updates2014-04-02 15:38 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Application Data\newnext.me2014-04-01 09:15 - 2014-04-01 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-03-29 16:57 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\genienext2014-03-29 10:41 - 2014-03-29 09:59 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg20142014-03-29 10:18 - 2011-07-03 03:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Buoxce2014-03-29 10:08 - 2014-03-29 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG20142014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ___HD () C:\$AVG2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ____D () C:\Program Files\AVG2014-03-29 09:30 - 2013-12-02 09:30 - 00000558 _____ () C:\net.txt2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ___RD () C:\Program Files\Skype2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype2014-03-28 07:54 - 2013-07-03 09:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype2014-03-28 07:42 - 2014-03-27 21:05 - 00000000 ____D () C:\Program Files\SkypeTalking2014-03-28 07:40 - 2014-03-19 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Rockwell Software2014-03-28 07:40 - 2011-08-15 11:38 - 00000000 ____D () C:\Program Files\Common Files\Pervasive Software Shared2014-03-28 07:27 - 2011-06-27 23:58 - 00000212 __RSH () C:\boot.ini2014-03-28 07:23 - 2014-03-28 07:23 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SkypeTalking2014-03-27 22:37 - 2014-03-27 22:37 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys2014-03-27 21:12 - 2013-11-27 10:21 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt2014-03-27 21:10 - 2014-03-27 21:10 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Optimizer Pro2014-03-27 15:46 - 2013-04-29 14:15 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Email docs2014-03-26 08:30 - 2014-03-26 08:09 - 00000000 ____D () C:\Program Files\The Holy Bible Ver812014-03-26 08:11 - 2014-03-26 08:11 - 00000790 _____ () C:\Documents and Settings\User\Desktop\The Holy Bible (2).LNK2014-03-26 08:10 - 2014-03-26 08:10 - 00000790 _____ () C:\Documents and Settings\User\Start Menu\Programs\The Holy Bible.LNK2014-03-26 07:56 - 2013-12-01 16:29 - 00006289 _____ () C:\WINDOWS\setupact.log2014-03-24 14:51 - 2012-07-10 14:56 - 00002926 _____ () C:\Documents and Settings\User\Application Data\Rim.DesktopHelper.Exception.log2014-03-24 14:51 - 2012-07-10 14:56 - 00002849 _____ () C:\Documents and Settings\User\Application Data\Rim.Desktop.Exception.log2014-03-24 08:42 - 2014-03-24 08:39 - 1470996198 _____ () C:\Documents and Settings\User\Desktop\20140323_185056.mp42014-03-24 08:37 - 2013-10-21 08:44 - 00000000 ____D () C:\Documents and Settings\User\My Documents\SelfMV2014-03-24 08:04 - 2014-03-24 08:04 - 00285120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat Files to move or delete:====================C:\Documents and Settings\User\easyFile-employer.exe Some content of TEMP:====================C:\Documents and Settings\User\Local Settings\Temp\1381228536_Cloud_Backup_Setup.exeC:\Documents and Settings\User\Local Settings\Temp\AcDeltree.exeC:\Documents and Settings\User\Local Settings\Temp\BackupSetup.exeC:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dllC:\Documents and Settings\User\Local Settings\Temp\Execute2App.exeC:\Documents and Settings\User\Local Settings\Temp\isutldll.dllC:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\jre-7u55-windows-i586-iftw.exeC:\Documents and Settings\User\Local Settings\Temp\Mobogenie_Setup_2.1.37_122100041.exeC:\Documents and Settings\User\Local Settings\Temp\mpegc.dllC:\Documents and Settings\User\Local Settings\Temp\msvcp90.dllC:\Documents and Settings\User\Local Settings\Temp\msvcr90.dllC:\Documents and Settings\User\Local Settings\Temp\propsys.dllC:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exeC:\Documents and Settings\User\Local Settings\Temp\Update.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2014Ran by User at 2014-04-23 22:32:08Running from C:\Documents and Settings\User\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== 32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden4300 (Version: 71.0.215.000 - Hewlett-Packard) Hidden4300_Help (Version: 71.0.215.000 - Hewlett-Packard) Hidden4300Trb (Version: 71.0.215.000 - Hewlett-Packard) Hidden5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)Adobe AIR (Version: 3.7.0.1530 - Adobe Systems Incorporated) HiddenAdobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) HiddenAiO_Scan_CDA (Version: 71.0.215.000 - Hewlett-Packard) HiddenAiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) HiddenAiOSoftwareNPI (Version: 71.0.215.000 - Hewlett-Packard) HiddenAkamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Apple Software Update (HKLM\...\{A260B422-70E1-41E2-957D-F76FA21266D5}) (Version: 1.1.0.3 - Apple Computer, Inc.)AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) HiddenAutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) HiddenAutodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)Autodesk Content Service (Version: 3.1.3.0 - Autodesk) HiddenAutodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) HiddenAutodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)Autodesk ReCap (Version: 1.0.43.13 - Autodesk) HiddenAutodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) HiddenAVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)AVG 2014 (Version: 14.0.3920 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4354 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4355 - AVG Technologies) HiddenBlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)BlackBerry Desktop Software 7.1 (Version: 7.1.0.37 - Research In Motion Ltd.) HiddenBPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) HiddenBPD_Scan (Version: 2.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 70.0.283.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrother P-touch Editor 4.2 (HKLM\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)Brother P-touch Editor 4.2 (Version: 4.2 - Brother Industries, Ltd.) HiddenBrother P-touch Quick Editor 2.0 (HKLM\...\InstallShield_{AD50DAD0-7669-4AAE-99E6-914B0A9D1188}) (Version: 2.0.201 - Brother Industries, Ltd. )Brother P-touch Quick Editor 2.0 (Version: 2.0.201 - Brother Industries, Ltd. ) HiddenBrother P-touch Software (Version: 1.0.006 - Brother Industries, Ltd. ) HiddenBufferChm (Version: 70.0.170.000 - Hewlett-Packard) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) HiddenCP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) HiddenCP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) HiddenCutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )Destinations (Version: 70.0.170.000 - Hewlett-Packard) HiddenDeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenD-Link AirPlus Xtreme G AP Manager for DWL-2100AP (HKLM\...\{6414E7C5-C329-4C99-A223-FCCDB499E3E9}) (Version: - )DocProc (Version: 7.0.0.0 - Hewlett-Packard) HiddenDocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)e@syFile-employer (HKLM\...\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1) (Version: 6.2.2 - South African Revenue Service)e@syFile-employer (Version: 6.2.2 - South African Revenue Service) HiddenFARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)Fax_CDA (Version: 71.0.215.000 - Hewlett-Packard) HiddenFirebird 2.0.3 (HKLM\...\FBDBServer_2_0_is1) (Version: - Firebird Project)FlameRobin 0.8.6 (HKLM\...\FlameRobin_is1) (Version: - The FlameRobin Project)Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.23.9 - Google Inc.) HiddenHP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )HP Officejet Pro All-In-One Series (HKLM\...\{7729A02E-D1AD-4830-8FC5-11853500D90D}) (Version: 1.0 - HP)HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)HP Photosmart, Officejet and Deskjet 7.0.A (HKLM\...\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) (Version: - HP)HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version: - HP)HP Smart Print 1.1.5.0 (HKLM\...\{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}) (Version: 1.1.5.0 - Hewlett-Packard)HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) HiddenhppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) HiddenhppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) HiddenHPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) HiddenhppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) HiddenHPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)InstantShareAlert (Version: 1.00.0000 - HP) HiddenInstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 6.14.10.5260 - Intel Corporation)iTunes (HKLM\...\{01B51908-02EF-453B-87A9-815182E8C2F2}) (Version: 7.1.0.59 - Apple Inc.)Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)L7600 (Version: 50.0.165.000 - Hewlett-Packard) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Outlook Personal Folders Backup (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571033}) (Version: 7.02.5851 - Nero AG)NewCopy (Version: 50.0.206.000 - Hewlett-Packard) HiddenNewCopy_CDA (Version: 71.0.215.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) HiddenPastel IronTree (HKLM\...\{65CC95F7-D4F6-458C-AC73-7A9A740E6C6B}) (Version: 5.1.4.17 - Pastel IronTree)Pastel Partner Version 11 (HKLM\...\{6BA86C13-2E82-4A79-86F1-9A4E44E2B760}) (Version: 11.2.4 - Softline Pastel)Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1702.0 - CyberLink Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenProductContext (Version: 50.0.206.000 - Hewlett-Packard) HiddenProductContextNPI (Version: 71.0.215.000 - Hewlett-Packard) HiddenQuick Payroll (HKLM\...\{739DCD95-5BC3-4529-9ECA-E2A77986C2C7}) (Version: 1.2.22 - QuickBooks)QuickBooks Pro Edition 2006 (HKLM\...\{5545B622-9998-4f13-9CD6-B908675BDCB2}) (Version: - )QuickTime (HKLM\...\{5E863175-E85D-44A6-8968-82507D34AE7F}) (Version: 7.1.5.120 - Apple Computer, Inc.)Readme (Version: 71.0.215.000 - Hewlett-Packard) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0179 - REALTEK Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: 1.01.0086 - REALTEK Semiconductor Corp.)RSLinx Classic (HKLM\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.50.00.20 (CPR 7) - Rockwell Software, Inc.)Sabre (HKLM\...\Sabre_is1) (Version: - 247Software)Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) HiddenSamsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) HiddenSamsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)Scan (Version: 7.0.0.0 - Hewlett-Packard) HiddenScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) HiddenSketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) HiddenStatus (Version: 70.0.170.000 - Hewlett-Packard) HiddenStriata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.15-1 - Striata Communication Solutions)TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)The Holy Bible KJV Ver.8.0.1 (HKLM\...\ST5UNST #1) (Version: - )Toolbox (Version: 70.0.170.000 - Hewlett-Packard) HiddenTrayApp (Version: 70.0.170.000 - Hewlett-Packard) HiddentripTrack Version 1.389 (HKLM\...\tripTrack_is1) (Version: - Ketchup Solutions)Unload (Version: 7.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebReg (Version: 70.0.170.000 - Hewlett-Packard) HiddenWindows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: - )Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )Zulu DJ Software (HKLM\...\Zulu) (Version: - NCH Software) ==================== Restore Points ========================= 23-01-2014 11:07:05 System Checkpoint24-01-2014 06:03:12 Printer Driver Amyuni Document Converter 2.51 Installed25-01-2014 06:08:07 System Checkpoint26-01-2014 07:08:07 System Checkpoint27-01-2014 07:56:07 System Checkpoint27-01-2014 14:22:17 Printer Driver Amyuni Document Converter 2.51 Installed27-01-2014 14:23:16 Printer Driver Amyuni Document Converter 2.51 Installed28-01-2014 15:08:07 System Checkpoint29-01-2014 11:27:37 Printer Driver Amyuni Document Converter 2.51 Installed29-01-2014 11:30:04 Printer Driver Amyuni Document Converter 2.51 Installed30-01-2014 11:56:27 System Checkpoint31-01-2014 06:54:49 Printer Driver Amyuni Document Converter 2.51 Installed31-01-2014 07:00:16 Printer Driver Amyuni Document Converter 2.51 Installed31-01-2014 07:00:56 Printer Driver Amyuni Document Converter 2.51 Installed01-02-2014 08:08:33 System Checkpoint02-02-2014 09:08:33 System Checkpoint03-02-2014 09:56:35 System Checkpoint03-02-2014 10:36:47 Installed Samsung Kies303-02-2014 12:35:02 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:35:47 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:36:46 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:37:42 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:45:17 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:53:03 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:53:49 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 12:55:12 Printer Driver Amyuni Document Converter 2.51 Installed03-02-2014 15:25:40 Printer Driver Amyuni Document Converter 2.51 Installed04-02-2014 12:18:23 Printer Driver Amyuni Document Converter 2.51 Installed04-02-2014 12:21:43 Printer Driver Amyuni Document Converter 2.51 Installed04-02-2014 20:24:25 Printer Driver Amyuni Document Converter 2.51 Installed05-02-2014 12:21:13 Printer Driver Amyuni Document Converter 2.51 Installed05-02-2014 12:23:44 Printer Driver Amyuni Document Converter 2.51 Installed05-02-2014 12:26:12 Printer Driver Amyuni Document Converter 2.51 Installed06-02-2014 12:56:48 System Checkpoint07-02-2014 13:25:29 System Checkpoint08-02-2014 13:36:20 System Checkpoint09-02-2014 14:48:21 System Checkpoint10-02-2014 09:14:08 Printer Driver Amyuni Document Converter 2.51 Installed11-02-2014 10:03:47 System Checkpoint11-02-2014 14:03:50 Printer Driver Amyuni Document Converter 2.51 Installed11-02-2014 14:06:51 Printer Driver Amyuni Document Converter 2.51 Installed11-02-2014 14:07:50 Printer Driver Amyuni Document Converter 2.51 Installed12-02-2014 14:17:42 System Checkpoint12-02-2014 19:56:35 Printer Driver Amyuni Document Converter 2.51 Installed13-02-2014 20:17:44 System Checkpoint14-02-2014 09:13:49 Printer Driver Amyuni Document Converter 2.51 Installed14-02-2014 09:16:42 Printer Driver Amyuni Document Converter 2.51 Installed15-02-2014 09:17:44 System Checkpoint16-02-2014 10:17:46 System Checkpoint17-02-2014 11:05:45 System Checkpoint18-02-2014 12:17:44 System Checkpoint19-02-2014 13:05:44 System Checkpoint20-02-2014 11:15:16 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:16:22 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:36:29 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:38:35 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:39:34 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:42:50 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:44:00 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:45:18 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 11:52:10 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:07:10 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:12:34 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:13:21 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:16:05 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:30:54 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:31:27 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:35:59 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 12:48:44 Printer Driver Amyuni Document Converter 2.51 Installed20-02-2014 13:04:55 Printer Driver Amyuni Document Converter 2.51 Installed21-02-2014 11:42:08 Printer Driver Amyuni Document Converter 2.51 Installed22-02-2014 12:06:15 System Checkpoint23-02-2014 12:18:15 System Checkpoint24-02-2014 12:51:19 Printer Driver Amyuni Document Converter 2.51 Installed24-02-2014 12:53:01 Printer Driver Amyuni Document Converter 2.51 Installed24-02-2014 13:04:39 Printer Driver Amyuni Document Converter 2.51 Installed24-02-2014 13:22:29 Printer Driver Amyuni Document Converter 2.51 Installed24-02-2014 13:26:17 Printer Driver Amyuni Document Converter 2.51 Installed24-02-2014 13:31:54 Printer Driver Amyuni Document Converter 2.51 Installed25-02-2014 14:06:15 System Checkpoint26-02-2014 14:18:15 System Checkpoint27-02-2014 16:24:53 System Checkpoint28-02-2014 06:07:09 Printer Driver Amyuni Document Converter 2.51 Installed28-02-2014 06:08:58 Printer Driver Amyuni Document Converter 2.51 Installed28-02-2014 08:17:02 Printer Driver Amyuni Document Converter 2.51 Installed01-03-2014 08:18:15 System Checkpoint02-03-2014 09:06:14 System Checkpoint03-03-2014 10:18:17 System Checkpoint04-03-2014 10:04:14 Printer Driver Amyuni Document Converter 2.51 Installed04-03-2014 10:09:36 Printer Driver Amyuni Document Converter 2.51 Installed05-03-2014 09:23:46 Installed Google Earth.05-03-2014 10:33:48 Printer Driver Amyuni Document Converter 2.51 Installed05-03-2014 10:51:00 Printer Driver Amyuni Document Converter 2.51 Installed05-03-2014 10:52:00 Printer Driver Amyuni Document Converter 2.51 Installed05-03-2014 10:52:59 Printer Driver Amyuni Document Converter 2.51 Installed05-03-2014 10:53:44 Printer Driver Amyuni Document Converter 2.51 Installed06-03-2014 11:27:02 System Checkpoint07-03-2014 11:27:26 System Checkpoint08-03-2014 12:15:26 System Checkpoint09-03-2014 12:27:26 System Checkpoint10-03-2014 11:36:08 Printer Driver Amyuni Document Converter 2.51 Installed10-03-2014 11:44:18 Printer Driver Amyuni Document Converter 2.51 Installed11-03-2014 12:39:31 System Checkpoint12-03-2014 07:41:43 Printer Driver Amyuni Document Converter 2.51 Installed12-03-2014 07:46:46 Printer Driver Amyuni Document Converter 2.51 Installed12-03-2014 07:48:42 Printer Driver Amyuni Document Converter 2.51 Installed13-03-2014 06:32:18 Printer Driver Amyuni Document Converter 2.51 Installed13-03-2014 06:33:22 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 05:42:50 Software Distribution Service 3.014-03-2014 11:44:04 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:45:11 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:46:10 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:46:59 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:47:56 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:48:36 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:49:40 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 11:50:31 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 12:01:47 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 12:08:39 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 12:09:30 Printer Driver Amyuni Document Converter 2.51 Installed14-03-2014 12:14:54 Printer Driver Amyuni Document Converter 2.51 Installed15-03-2014 12:46:59 System Checkpoint17-03-2014 06:42:19 System Checkpoint18-03-2014 05:50:42 Printer Driver Amyuni Document Converter 2.51 Installed18-03-2014 07:01:25 Software Distribution Service 3.018-03-2014 10:54:41 Installed BlackBerry Desktop Software.19-03-2014 06:22:42 Installed RSLinx Classic20-03-2014 08:27:07 System Checkpoint21-03-2014 09:11:22 System Checkpoint22-03-2014 09:59:19 System Checkpoint23-03-2014 11:11:20 System Checkpoint24-03-2014 11:14:02 System Checkpoint24-03-2014 12:38:36 Printer Driver Amyuni Document Converter 2.51 Installed24-03-2014 12:40:58 Printer Driver Amyuni Document Converter 2.51 Installed24-03-2014 12:42:59 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:13:31 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:16:50 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:23:52 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:24:36 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:25:17 Printer Driver Amyuni Document Converter 2.51 Installed25-03-2014 07:26:11 Printer Driver Amyuni Document Converter 2.51 Installed26-03-2014 07:50:08 System Checkpoint27-03-2014 07:54:53 Printer Driver Amyuni Document Converter 2.51 Installed28-03-2014 05:40:51 Removed Rockwell Windows Firewall Configuration Utility 1.00.0128-03-2014 05:41:42 Removed Skype Click to Call28-03-2014 05:48:48 Removed Skype™ 6.1428-03-2014 14:07:51 Printer Driver Amyuni Document Converter 2.51 Installed29-03-2014 08:04:07 Installed AVG 201429-03-2014 08:04:36 Installed AVG 201430-03-2014 08:42:50 System Checkpoint31-03-2014 09:40:50 System Checkpoint01-04-2014 10:40:52 System Checkpoint02-04-2014 11:21:00 System Checkpoint03-04-2014 12:20:56 System Checkpoint04-04-2014 13:10:13 System Checkpoint05-04-2014 13:20:20 System Checkpoint06-04-2014 14:09:07 System Checkpoint07-04-2014 15:09:07 System Checkpoint08-04-2014 15:21:08 System Checkpoint09-04-2014 01:00:39 Software Distribution Service 3.010-04-2014 01:53:07 System Checkpoint11-04-2014 01:55:36 System Checkpoint12-04-2014 02:41:03 System Checkpoint13-04-2014 02:53:04 System Checkpoint14-04-2014 03:55:33 System Checkpoint15-04-2014 04:09:33 System Checkpoint16-04-2014 05:26:45 System Checkpoint17-04-2014 06:13:33 System Checkpoint17-04-2014 08:27:05 Installed Brother P-touch Software18-04-2014 08:49:17 System Checkpoint19-04-2014 08:53:20 System Checkpoint20-04-2014 21:32:35 System Checkpoint21-04-2014 23:00:06 System Checkpoint22-04-2014 23:47:34 System Checkpoint23-04-2014 16:10:23 Removed Japanese Fonts Support For Adobe Reader X. ==================== Hosts content: ========================== 2011-06-27 23:54 - 2013-03-24 11:21 - 00000785 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Instracon 1347283047.job => C:\Documents and Settings\All Users\Documents\Shared Docs\Intuit\AutoBackupEXE.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-28 05:41 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll2012-05-18 15:30 - 2010-10-14 10:04 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL2012-05-18 15:30 - 2010-10-14 10:04 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL2012-05-18 15:30 - 2010-10-14 10:04 - 02306048 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hp1100su.dll2012-05-18 15:30 - 2010-10-14 10:04 - 00794624 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1100GC.dll2012-03-14 17:38 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll2014-03-18 09:44 - 2014-04-17 11:21 - 00070848 _____ () C:\Program Files\Mobogenie\MgAssist.exe2014-03-18 09:44 - 2014-04-17 11:21 - 00748736 _____ () C:\Program Files\Mobogenie\DaemonProcess.exe2014-03-18 09:44 - 2014-04-17 11:21 - 00065728 _____ () C:\Program Files\Mobogenie\Device.dll2011-06-27 16:26 - 2005-08-08 13:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe2013-02-05 00:21 - 2013-02-05 00:21 - 00049184 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll2013-02-05 00:21 - 2013-02-05 00:21 - 00744992 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll2013-02-05 00:21 - 2013-02-05 00:21 - 00106016 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll2013-02-05 00:21 - 2013-02-05 00:21 - 00039456 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll2011-06-27 23:54 - 2008-04-14 14:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2011-06-27 23:55 - 2008-04-14 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2007-04-15 13:43 - 2007-04-15 13:43 - 00112208 _____ () C:\PVSW\bin\w3dbsmgr.exe2007-04-15 14:04 - 2007-04-15 14:04 - 00165456 _____ () C:\PVSW\bin\W3COMSRV.DLL2014-04-23 20:36 - 2014-04-23 20:36 - 00041984 _____ () C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dll2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\libcef.dll2014-04-11 09:39 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-11 09:39 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-11 09:39 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-11 09:39 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:806222FC ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NICDescription: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NICClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: Realtek Semiconductor Corp.Service: RTL8192seProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (04/23/2014 06:58:41 PM) (Source: Windows Search Service) (User: )Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (04/23/2014 02:18:20 PM) (Source: Application Hang) (User: )Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 00:26:02 PM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 00:25:58 PM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/20/2014 10:28:01 PM) (Source: Microsoft Office 12) (User: )Description: EventType officelifeboathang, P1 outlook.exe, P2 12.0.6691.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1. Error: (04/20/2014 11:25:49 AM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/20/2014 11:21:22 AM) (Source: Application Hang) (User: )Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors:=============Error: (04/23/2014 08:35:44 PM) (Source: Service Control Manager) (User: )Description: The Autodesk Content Service service hung on starting. Error: (04/23/2014 07:06:50 PM) (Source: Service Control Manager) (User: )Description: The Autodesk Content Service service hung on starting. Error: (04/23/2014 05:57:37 PM) (Source: Service Control Manager) (User: )Description: The Autodesk Content Service service hung on starting. Error: (04/23/2014 05:55:18 PM) (Source: Service Control Manager) (User: )Description: The TeamViewer 7 service failed to start due to the following error: %%1053 Error: (04/23/2014 05:55:18 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for the TeamViewer 7 service to connect. Error: (04/23/2014 05:53:23 PM) (Source: 0) (User: )Description: 0xC0000001HarddiskVolume1 Error: (04/23/2014 04:07:56 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Util sizlsearch service, but this action failed with the following error: %%1058 Error: (04/23/2014 04:07:56 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Update sizlsearch service, but this action failed with the following error: %%1058 Error: (04/23/2014 04:07:51 PM) (Source: Service Control Manager) (User: )Description: The Util sizlsearch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (04/23/2014 04:07:51 PM) (Source: Service Control Manager) (User: )Description: The Update sizlsearch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (05/02/2013 07:45:11 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 207281 seconds with 1800 seconds of active time. This session ended with a crash. Error: (03/19/2012 11:58:03 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 159983 seconds with 25380 seconds of active time. This session ended with a crash. Error: (12/14/2011 05:58:54 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27798 seconds with 4980 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 68%Total physical RAM: 2038.23 MBAvailable physical RAM: 641.35 MBTotal Pagefile: 3922.77 MBAvailable Pagefile: 2613.09 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1938.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.88 GB) (Free:173.23 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 7A37E62D)Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Kind Regards
  6. What is Coupon Clipster? The Malwarebytes research team has determined that Coupon Clipster is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by Coupon Clipster? You may see these browser extensions/add-ons: and this entry in your list of installed programs: How did Coupon Clipster get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Coupon Clipster? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of Coupon Clipster?No, but for a full removal of the Firefox add-on you will need Malwarebytes Anti-Malware 2.00 beta or newer.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Coupon Clipster rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0052650 - {11111111-1111-1111-1111-110511261150} - C:\Program Files\Coupon Clipster\Coupon Clipster-bho.dllAlterations made by the installer: Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/22/2014Scan Time: 10:41:49 AMLogfile: mbamCouponClipster.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.22.03Rootkit Database: v2014.03.18.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 202689Time Elapsed: 6 min, 50 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 18PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511261150}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544264450}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555265550}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566266650}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052650.BHO.1, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511261150}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052650.BHO, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511261150}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511261150}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522262250}, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052650.Sandbox.1, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052650.Sandbox, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511261150}\INPROCSERVER32, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\Coupon Clipster, Quarantined, [fb50a3635a21e155fb0467386a98af51],PUP.Optional.CouponClipster.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Clipster, Quarantined, [ef5ce521582341f530d1b8e86f9305fb],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [8ac12adcdc9fcb6b7b22ca0d659e748c],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Phoenix Media, Quarantined, [83c88e789edd7abc54c9b4f119e904fc],PUP.Optional.CouponClipster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Coupon Clipster, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 14PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\defaults, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\defaults\preferences, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\userCode, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\locale, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\locale\en-US, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],Files: 119PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-bho.dll, Quarantined, [c28951b55526ea4cec7c5b5314ed966a],PUP.Optional.CouponClipster.A, C:\Users\{username}\Desktop\CouponClipster.exe, Quarantined, [fb504abcc7b434022346cee0778a58a8],PUP.Optional.CouponClipster.A, C:\Windows\Tasks\Coupon Clipster-codedownloader.job, Quarantined, [d67504025a21a49253ab8e117290be42],PUP.Optional.CouponClipster.A, C:\Windows\Tasks\Coupon Clipster-enabler.job, Quarantined, [1734a5613f3cd1657d811e816a98cb35],PUP.Optional.CouponClipster.A, C:\Windows\Tasks\Coupon Clipster-firefoxinstaller.job, Quarantined, [f358b84e8eed55e1f40abae5d52d7d83],PUP.Optional.CouponClipster.A, C:\Windows\Tasks\Coupon Clipster-updater.job, Quarantined, [d675a165c8b34aecd6286d327c86a759],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome.manifest, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\install.rdf, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\background.html, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\baseObject.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\browser.xul, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\dialog.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\main.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\options.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\options.xul, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\platformVersion.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\search_dialog.xul, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\asyncDB.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\background.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\browserAction.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\contextMenu.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\dbManager.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\dom_bg.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\fileManager.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\firefox.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\firefoxNotifications.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\message.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\pageAction.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\request.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\tabs.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\webRequest.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\api\windowsMessagingHandler.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\addressBarChangeObserver.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\console.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\consts.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\delegate.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\extensionDataStore.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\folderIOWrapper.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\httpObserver.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\IDBWrapper.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\installer.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\logFile.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\prefs.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\progressListenerObserver.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\registry.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\reloadObserver.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\reports.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\requestObject.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\searchSettings.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\uninstallObserver.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\updateManager.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\utils.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\chrome\content\core\xhr.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\defaults\preferences\prefs.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\manifest.xml, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins.json, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\1_base.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\102_dealply_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\103_intext_5_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\104_jollywallet_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\123_intext_adv_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\17_jQuery.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\182_openUrl.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\183_tabsWrapper.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\207_dbWrapper.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\21_debug.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\223_imonomy_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\22_resources.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\246_setup.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\28_initializer.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\47_resources_background.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\plugins\98_omniCommands.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\userCode\background.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\extensionData\userCode\extension.js, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\locale\en-US\translations.dtd, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\button1.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\button2.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\button3.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\button4.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\button5.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\crossrider_statusbar.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\icon128.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\icon16.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\icon24.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\icon48.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\panelarrow-up.png, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\popup.html, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\skin.css, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\21aca3d4-5ee7-4120-9d1a-522df69c4681@688aca1f-53ba-460d-b7a8-4650c22cf7fc.com\skin\update.css, Quarantined, [d97257afc3b800363d43a5f92bd7e51b],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\52650.xpi, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\background.html, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-bg.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-buttonutil.dll, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-buttonutil.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-codedownloader.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-enabler.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-firefoxinstaller.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-helper.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster-updater.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Coupon Clipster.ico, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Installer.log, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\Uninstall.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CouponClipster.A, C:\Program Files\Coupon Clipster\utils.exe, Quarantined, [43082adcfa81280ea2bc742b54ae5ba5],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144e920f185c2a37b25e955be8aa8e80"), Replaced,[0843c3431269c0768c1ae28e32d22bd5]Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  7. What is FLV Player Addon? The Malwarebytes research team has determined that FLV Player Addon is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by FLV Player Addon? You may see these browser extensions/add-ons: and this entry in your list of installed programs: How did FLV Player Addon get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove FLV Player Addon? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of FLV Player Addon?The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the FLV Player Addon 1.26.35 listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the FLV Player Addon rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0052466 - {11111111-1111-1111-1111-110511241166} - C:\Program Files\FLV Player Addon\FLV Player Addon-bho.dllAlterations made by the installer: File system details --------------------------------------------- Adds the folder C:\Program Files\FLV Player Addon Adds the file 52466.crx"="3/19/2014 7:51 AM, 242712 bytes, A Adds the file 52466.xpi"="3/19/2014 7:51 AM, 279074 bytes, A Adds the file background.html"="3/10/2014 2:02 PM, 729 bytes, A Adds the file FLV Player Addon.ico"="3/10/2014 2:02 PM, 15086 bytes, A Adds the file FLV Player Addon-bg.exe"="3/19/2014 7:52 AM, 811008 bytes, A Adds the file FLV Player Addon-bho.dll"="3/19/2014 7:52 AM, 687616 bytes, A Adds the file FLV Player Addon-buttonutil.dll"="3/19/2014 7:52 AM, 425984 bytes, A Adds the file FLV Player Addon-buttonutil.exe"="3/19/2014 7:52 AM, 343552 bytes, A Adds the file FLV Player Addon-chromeinstaller.exe"="3/19/2014 7:51 AM, 2051584 bytes, A Adds the file FLV Player Addon-codedownloader.exe"="3/19/2014 7:51 AM, 567296 bytes, A Adds the file FLV Player Addon-enabler.exe"="3/19/2014 7:52 AM, 407040 bytes, A Adds the file FLV Player Addon-firefoxinstaller.exe"="3/19/2014 7:51 AM, 958464 bytes, A Adds the file FLV Player Addon-helper.exe"="3/19/2014 7:52 AM, 340992 bytes, A Adds the file FLV Player Addon-updater.exe"="3/19/2014 7:52 AM, 391680 bytes, A Adds the file Installer.log"="3/19/2014 7:52 AM, 225690 bytes, A Adds the file Uninstall.exe"="3/19/2014 7:51 AM, 77312 bytes, A Adds the file utils.exe"="3/19/2014 7:51 AM, 2294058 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lgonpmchaeokedifbjenbcnjcdefdceg_0 Adds the file 1"="3/19/2014 8:03 AM, 25600 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0 Adds the file background.html"="3/19/2014 7:51 AM, 1705 bytes, A Adds the file chromeCoreFilesIndex.txt"="3/19/2014 7:51 AM, 853 bytes, A Adds the file crossriderManifest.json"="3/19/2014 7:51 AM, 516 bytes, A Adds the file manifest.json"="3/19/2014 7:51 AM, 1235 bytes, A Adds the file popup.html"="3/19/2014 7:51 AM, 139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData Adds the file manifest.xml"="3/19/2014 7:51 AM, 1705 bytes, A Adds the file plugins.json"="3/19/2014 7:51 AM, 5591 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins Adds the file 1_base.js"="3/19/2014 7:51 AM, 6908 bytes, A Adds the file 13_CrossriderAppUtils.js"="3/19/2014 7:51 AM, 7135 bytes, A Adds the file 14_CrossriderUtils.js"="3/19/2014 7:51 AM, 20888 bytes, A Adds the file 17_jQuery.js"="3/19/2014 7:51 AM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="3/19/2014 7:51 AM, 31232 bytes, A Adds the file 182_openUrl.js"="3/19/2014 7:51 AM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="3/19/2014 7:51 AM, 2555 bytes, A Adds the file 19_CHAppAPIWrapper.js"="3/19/2014 7:51 AM, 7137 bytes, A Adds the file 207_dbWrapper.js"="3/19/2014 7:51 AM, 1661 bytes, A Adds the file 21_debug.js"="3/19/2014 7:51 AM, 3676 bytes, A Adds the file 22_resources.js"="3/19/2014 7:51 AM, 9082 bytes, A Adds the file 246_setup.js"="3/19/2014 7:51 AM, 1958 bytes, A Adds the file 28_initializer.js"="3/19/2014 7:51 AM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="3/19/2014 7:51 AM, 94180 bytes, A Adds the file 47_resources_background.js"="3/19/2014 7:51 AM, 7720 bytes, A Adds the file 64_appApiMessage.js"="3/19/2014 7:51 AM, 2332 bytes, A Adds the file 72_appApiValidation.js"="3/19/2014 7:51 AM, 46200 bytes, A Adds the file 78_CrossriderInfo.js"="3/19/2014 7:51 AM, 3321 bytes, A Adds the file 80_CHPopupAppAPI.js"="3/19/2014 7:51 AM, 194 bytes, A Adds the file 91_monetizationLoader.js.js"="3/19/2014 7:51 AM, 145213 bytes, A Adds the file 97_resourceApiWrapper.js"="3/19/2014 7:51 AM, 3299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\userCode Adds the file background.js"="3/19/2014 7:51 AM, 578 bytes, A Adds the file extension.js"="3/19/2014 7:51 AM, 1 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons Adds the file icon128.png"="3/19/2014 7:51 AM, 3167 bytes, A Adds the file icon16.png"="3/19/2014 7:51 AM, 1223 bytes, A Adds the file icon48.png"="3/19/2014 7:51 AM, 3861 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\actions Adds the file 1.png"="3/19/2014 7:51 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js Adds the file background.js"="3/19/2014 7:51 AM, 34135 bytes, A Adds the file main.js"="3/19/2014 7:51 AM, 8452 bytes, A Adds the file platformVersion.js"="3/19/2014 7:51 AM, 408 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api Adds the file chrome.js"="3/19/2014 7:51 AM, 11499 bytes, A Adds the file cookie.js"="3/19/2014 7:51 AM, 11743 bytes, A Adds the file message.js"="3/19/2014 7:51 AM, 3346 bytes, A Adds the file monitor.js"="3/19/2014 7:51 AM, 2039 bytes, A Adds the file pageAction.js"="3/19/2014 7:51 AM, 1737 bytes, A Adds the file pageActionBG.js"="3/19/2014 7:51 AM, 2519 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib Adds the file app_api.js"="3/19/2014 7:51 AM, 6697 bytes, A Adds the file bg_app_api.js"="3/19/2014 7:51 AM, 4685 bytes, A Adds the file consts.js"="3/19/2014 7:51 AM, 335 bytes, A Adds the file cookie_store.js"="3/19/2014 7:51 AM, 5905 bytes, A Adds the file crossriderAPI.js"="3/19/2014 7:51 AM, 11366 bytes, A Adds the file delegate.js"="3/19/2014 7:51 AM, 2002 bytes, A Adds the file events.js"="3/19/2014 7:51 AM, 5757 bytes, A Adds the file extensionDataStore.js"="3/19/2014 7:51 AM, 6656 bytes, A Adds the file installer.js"="3/19/2014 7:51 AM, 779 bytes, A Adds the file logFile.js"="3/19/2014 7:51 AM, 775 bytes, A Adds the file logging.js"="3/19/2014 7:51 AM, 944 bytes, A Adds the file onBGDocumentLoad.js"="3/19/2014 7:51 AM, 480 bytes, A Adds the file reports.js"="3/19/2014 7:51 AM, 4929 bytes, A Adds the file storageWrapper.js"="3/19/2014 7:51 AM, 903 bytes, A Adds the file updateManager.js"="3/19/2014 7:51 AM, 8205 bytes, A Adds the file util.js"="3/19/2014 7:51 AM, 5142 bytes, A Adds the file xhr.js"="3/19/2014 7:51 AM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\popupResource Adds the file newPopup.js"="3/19/2014 7:51 AM, 40 bytes, A Adds the file popup.js"="3/19/2014 7:51 AM, 45 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgonpmchaeokedifbjenbcnjcdefdceg Adds the file 000003.log"="3/19/2014 8:04 AM, 1192135 bytes, A Adds the file CURRENT"="3/19/2014 8:03 AM, 16 bytes, A Adds the file LOCK"="3/19/2014 8:03 AM, 0 bytes, A Adds the file LOG"="3/19/2014 8:03 AM, 47 bytes, A Adds the file MANIFEST-000002"="3/19/2014 8:03 AM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\LocalLow\FLV Player Addon Adds the file DTFProxyToServerSect_bCrossriderApp0052466_p6448.dat"="3/19/2014 8:03 AM, 316 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com Adds the file chrome.manifest"="3/19/2014 7:51 AM, 732 bytes, A Adds the file install.rdf"="3/19/2014 7:51 AM, 1345 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content Adds the file api.js"="3/19/2014 7:51 AM, 18796 bytes, A Adds the file background.html"="3/19/2014 7:51 AM, 2001 bytes, A Adds the file baseObject.js"="3/19/2014 7:51 AM, 19 bytes, A Adds the file browser.xul"="3/19/2014 7:51 AM, 4823 bytes, A Adds the file dialog.js"="3/19/2014 7:51 AM, 1343 bytes, A Adds the file ffCoreFilesIndex.txt"="3/19/2014 7:51 AM, 1052 bytes, A Adds the file main.js"="3/19/2014 7:51 AM, 18750 bytes, A Adds the file options.js"="3/19/2014 7:51 AM, 1931 bytes, A Adds the file options.xul"="3/19/2014 7:51 AM, 1913 bytes, A Adds the file platformVersion.js"="3/19/2014 7:51 AM, 612 bytes, A Adds the file search_dialog.xul"="3/19/2014 7:51 AM, 2457 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api Adds the file asyncDB.js"="3/19/2014 7:51 AM, 4805 bytes, A Adds the file background.js"="3/19/2014 7:51 AM, 1336 bytes, A Adds the file browserAction.js"="3/19/2014 7:51 AM, 8906 bytes, A Adds the file contextMenu.js"="3/19/2014 7:51 AM, 5359 bytes, A Adds the file dbManager.js"="3/19/2014 7:51 AM, 10097 bytes, A Adds the file dom_bg.js"="3/19/2014 7:51 AM, 2505 bytes, A Adds the file fileManager.js"="3/19/2014 7:51 AM, 943 bytes, A Adds the file firefox.js"="3/19/2014 7:51 AM, 353 bytes, A Adds the file firefoxNotifications.js"="3/19/2014 7:51 AM, 1116 bytes, A Adds the file firefoxOmnibox.js"="3/19/2014 7:51 AM, 1515 bytes, A Adds the file message.js"="3/19/2014 7:51 AM, 5210 bytes, A Adds the file pageAction.js"="3/19/2014 7:51 AM, 11257 bytes, A Adds the file request.js"="3/19/2014 7:51 AM, 2314 bytes, A Adds the file tabs.js"="3/19/2014 7:51 AM, 3628 bytes, A Adds the file webRequest.js"="3/19/2014 7:51 AM, 5806 bytes, A Adds the file windowsMessagingHandler.js"="3/19/2014 7:51 AM, 960 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core Adds the file addressBarChangeObserver.js"="3/19/2014 7:51 AM, 130 bytes, A Adds the file console.js"="3/19/2014 7:51 AM, 1753 bytes, A Adds the file consts.js"="3/19/2014 7:51 AM, 2356 bytes, A Adds the file delegate.js"="3/19/2014 7:51 AM, 2180 bytes, A Adds the file extensionDataStore.js"="3/19/2014 7:51 AM, 10309 bytes, A Adds the file folderIOWrapper.js"="3/19/2014 7:51 AM, 3526 bytes, A Adds the file httpObserver.js"="3/19/2014 7:51 AM, 2561 bytes, A Adds the file IDBWrapper.js"="3/19/2014 7:51 AM, 4191 bytes, A Adds the file installer.js"="3/19/2014 7:51 AM, 1319 bytes, A Adds the file logFile.js"="3/19/2014 7:51 AM, 1562 bytes, A Adds the file prefs.js"="3/19/2014 7:51 AM, 1649 bytes, A Adds the file progressListenerObserver.js"="3/19/2014 7:51 AM, 1368 bytes, A Adds the file registry.js"="3/19/2014 7:51 AM, 1158 bytes, A Adds the file reloadObserver.js"="3/19/2014 7:51 AM, 1527 bytes, A Adds the file reports.js"="3/19/2014 7:51 AM, 3869 bytes, A Adds the file requestObject.js"="3/19/2014 7:51 AM, 1261 bytes, A Adds the file searchSettings.js"="3/19/2014 7:51 AM, 3426 bytes, A Adds the file uninstallObserver.js"="3/19/2014 7:51 AM, 2372 bytes, A Adds the file updateManager.js"="3/19/2014 7:51 AM, 11480 bytes, A Adds the file utils.js"="3/19/2014 7:51 AM, 18554 bytes, A Adds the file xhr.js"="3/19/2014 7:51 AM, 2852 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\defaults Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\defaults\preferences Adds the file prefs.js"="3/19/2014 7:51 AM, 3977 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData Adds the file manifest.xml"="3/19/2014 8:02 AM, 1702 bytes, A Adds the file plugins.json"="3/19/2014 8:02 AM, 11958 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins Adds the file 1_base.js"="3/19/2014 7:51 AM, 6908 bytes, A Adds the file 13_CrossriderAppUtils.js"="3/19/2014 7:51 AM, 7135 bytes, A Adds the file 14_CrossriderUtils.js"="3/19/2014 7:51 AM, 20888 bytes, A Adds the file 16_FFAppAPIWrapper.js"="3/19/2014 7:51 AM, 16158 bytes, A Adds the file 17_jQuery.js"="3/19/2014 7:51 AM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="3/19/2014 7:51 AM, 31232 bytes, A Adds the file 182_openUrl.js"="3/19/2014 7:51 AM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="3/19/2014 7:51 AM, 2555 bytes, A Adds the file 207_dbWrapper.js"="3/19/2014 7:51 AM, 1661 bytes, A Adds the file 21_debug.js"="3/19/2014 7:51 AM, 3676 bytes, A Adds the file 22_resources.js"="3/19/2014 7:51 AM, 9082 bytes, A Adds the file 226_set_campaign_id_m.js"="3/19/2014 8:02 AM, 398 bytes, A Adds the file 246_setup.js"="3/19/2014 8:02 AM, 1840 bytes, A Adds the file 28_initializer.js"="3/19/2014 7:51 AM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="3/19/2014 7:51 AM, 94180 bytes, A Adds the file 47_resources_background.js"="3/19/2014 7:51 AM, 7720 bytes, A Adds the file 64_appApiMessage.js"="3/19/2014 7:51 AM, 2332 bytes, A Adds the file 72_appApiValidation.js"="3/19/2014 7:51 AM, 46200 bytes, A Adds the file 78_CrossriderInfo.js"="3/19/2014 7:51 AM, 3321 bytes, A Adds the file 91_monetizationLoader.js.js"="3/19/2014 8:02 AM, 145054 bytes, A Adds the file 98_omniCommands.js"="3/19/2014 7:51 AM, 1936 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\userCode Adds the file background.js"="3/19/2014 8:02 AM, 619 bytes, A Adds the file extension.js"="3/19/2014 8:02 AM, 3 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\locale Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\locale\en-US Adds the file translations.dtd"="3/19/2014 7:51 AM, 425 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin Adds the file button1.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file button2.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file button3.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file button4.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file button5.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file crossrider_statusbar.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file icon128.png"="3/19/2014 7:51 AM, 3167 bytes, A Adds the file icon16.png"="3/19/2014 7:51 AM, 1223 bytes, A Adds the file icon24.png"="3/19/2014 7:51 AM, 1361 bytes, A Adds the file icon48.png"="3/19/2014 7:51 AM, 3861 bytes, A Adds the file panelarrow-up.png"="3/19/2014 7:51 AM, 917 bytes, A Adds the file popup.html"="3/19/2014 8:02 AM, 305 bytes, A Adds the file skin.css"="3/19/2014 7:51 AM, 990 bytes, A Adds the file update.css"="3/19/2014 7:51 AM, 140 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file FLV Player Addon-chromeinstaller"="3/19/2014 7:51 AM, 6144 bytes, A Adds the file FLV Player Addon-codedownloader"="3/19/2014 7:52 AM, 4522 bytes, A Adds the file FLV Player Addon-enabler"="3/19/2014 7:52 AM, 4402 bytes, A Adds the file FLV Player Addon-firefoxinstaller"="3/19/2014 7:51 AM, 5338 bytes, A Adds the file FLV Player Addon-updater"="3/19/2014 7:52 AM, 4568 bytes, A In the existing folder C:\Windows\Tasks Adds the file FLV Player Addon-chromeinstaller.job"="3/19/2014 7:51 AM, 3114 bytes, A Adds the file FLV Player Addon-codedownloader.job"="3/19/2014 7:52 AM, 1492 bytes, A Adds the file FLV Player Addon-enabler.job"="3/19/2014 7:52 AM, 1372 bytes, A Adds the file FLV Player Addon-firefoxinstaller.job"="3/19/2014 7:51 AM, 2308 bytes, A Adds the file FLV Player Addon-updater.job"="3/19/2014 7:52 AM, 1538 bytes, ARegistry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}] "(Default)"="REG_SZ", "FLV Player Addon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\FLV Player Addon\FLV Player Addon-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0052466.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544244466}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511241166}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0052466" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}] "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\FLV Player Addon\FLV Player Addon-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544244466}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522242266}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.BHO] "(Default)"="REG_SZ", "CrossriderApp0052466" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511241166}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.BHO\CurVer] "(Default)"="REG_SZ", "CrossriderApp0052466" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.BHO.1 "(Default)"="REG_SZ", "CrossriderApp0052466" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511241166}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.Sandbox] "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522242266}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.Sandbox\CurVer] "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.Sandbox.1 "(Default)"="REG_SZ", "CrossriderApp0052466.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0052466.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522242266}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555245566}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544244466}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566246666}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544244466}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544244466}\1.0] "(Default)"="REG_SZ", "CrossriderApp0052466 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544244466}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\FLV Player Addon\FLV Player Addon-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544244466}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544244466}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\FLV Player Addon" [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\Chrome] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\Chrome-Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\Firefox] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\IE\Profiles] "{userID}"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\FLV Player Addon\Installer] "BundledChrome"="REG_DWORD", 1 "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25286] "52466"="REG_SZ", "FLV Player Addon" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25286\Status] "Installed"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511241166}] "(Default)"="REG_SZ", "CrossriderApp0052466" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders (-)(REG VAL) C:\Config.Msi\"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Addon] "CrAppId"="REG_SZ", "52466" "CrPublisherId"="REG_SZ", "25286" "DisplayIcon"="REG_SZ", "C:\Program Files\FLV Player Addon\utils.exe" "DisplayName"="REG_SZ", "FLV Player Addon" "DisplayVersion"="REG_SZ", "1.34.3.6" "Publisher"="REG_SZ", "Nero" "UninstallString"="REG_SZ", "C:\Program Files\FLV Player Addon\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "FLV Player Addon-chromeinstaller.job"="REG_BINARY, ................................ "FLV Player Addon-chromeinstaller.job.fp"="REG_DWORD", 1006793732 "FLV Player Addon-codedownloader.job"="REG_BINARY, ................................ "FLV Player Addon-codedownloader.job.fp"="REG_DWORD", -1600005133 "FLV Player Addon-enabler.job"="REG_BINARY, ................................ "FLV Player Addon-enabler.job.fp"="REG_DWORD", 1273011655 "FLV Player Addon-firefoxinstaller.job"="REG_BINARY, ................................ "FLV Player Addon-firefoxinstaller.job.fp"="REG_DWORD", -2122348413 "FLV Player Addon-updater.job"="REG_BINARY, ................................ "FLV Player Addon-updater.job.fp"="REG_DWORD", -406586072 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "A966729BA27C4812B41BB16B8443B652IE" "Verifier"="REG_SZ", "bbd8f666525a9c1c182d989fc5512c5d" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\Button] "52466"="REG_DWORD", 1 "Index"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "52466"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "52466"="REG_SZ", "{ javascript removed, full log available on rw\equest }" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Nero] "52466"="REG_SZ", "FLV Player Addon" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions] "{11111111-1111-1111-1111-110511241166}"="REG_BINARY, ............Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/19/2014Scan Time: 8:10:00 AMLogfile: mbamFLV.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.19.02Rootkit Database: v2014.03.18.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 202298Time Elapsed: 3 min, 30 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 1PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-buttonutil.dll, Delete-on-Reboot, [28f60401df9c5bdb4bf8039a659d768a], Registry Keys: 20PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511241166}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544244466}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555245566}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566246666}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052466.BHO.1, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511241166}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052466.BHO, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511241166}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511241166}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522242266}, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052466.Sandbox.1, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052466.Sandbox, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511241166}\INPROCSERVER32, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FLV Player Addon, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, HKLM\SOFTWARE\FLV Player Addon, Quarantined, [b16d34d181fac37387c0910cdc26df21], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, Quarantined, [f529907588f3c472d52e8d11ca38936d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [130b2ed79fdc22145e1f3c96f310aa56], PUP.Optional.FLVPlayerAddon.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FLV Player Addon, Quarantined, [e83604019ae144f2c4813d6048ba31cf], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, Quarantined, [42dc5baa5e1d0b2bc8395b4325dd20e0], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Nero, Quarantined, [f42ae12432492c0a9bafbc1afb083dc3], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 25PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon, Delete-on-Reboot, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\userCode, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\actions, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\popupResource, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\defaults, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\defaults\preferences, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\userCode, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\locale, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\locale\en-US, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], Files: 178PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-bho.dll, Quarantined, [44da1de886f5f343be8ffcae50b1fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\FLV Plugin addon.exe, Quarantined, [27f7c93c0d6e39fd4ef18020b1503fc1], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\background.html, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\52466.crx, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\52466.xpi, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-bg.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-buttonutil.dll, Delete-on-Reboot, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-buttonutil.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-chromeinstaller.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-codedownloader.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-enabler.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-firefoxinstaller.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-helper.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon-updater.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\FLV Player Addon.ico, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\Installer.log, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\Uninstall.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Program Files\FLV Player Addon\utils.exe, Quarantined, [28f60401df9c5bdb4bf8039a659d768a], PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-chromeinstaller.job, Quarantined, [5dc148bdd2a95bdba0a4d0cd15eda65a], PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-codedownloader.job, Quarantined, [ea346d98c0bbc472034147567e8406fa], PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-enabler.job, Quarantined, [0e107e873a416bcb24202e6f2dd53dc3], PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-firefoxinstaller.job, Quarantined, [8e9006ff9cdf61d576ce2974ed15f010], PUP.Optional.FLVPlayerAddon.A, C:\Windows\Tasks\FLV Player Addon-updater.job, Quarantined, [9886ce374b305adcb78d7f1e16ec31cf], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\background.html, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\chromeCoreFilesIndex.txt, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\crossriderManifest.json, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\manifest.json, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\popup.html, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\manifest.xml, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins.json, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\28_initializer.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\17_jQuery.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\182_openUrl.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\1_base.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\21_debug.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\22_resources.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\246_setup.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\47_resources_background.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\userCode\background.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\extensionData\userCode\extension.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\icon128.png, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\icon16.png, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\icon48.png, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\icons\actions\1.png, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\background.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\main.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\platformVersion.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\chrome.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\cookie.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\message.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\monitor.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\pageAction.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\api\pageActionBG.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\app_api.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\bg_app_api.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\consts.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\cookie_store.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\crossriderAPI.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\delegate.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\events.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\extensionDataStore.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\installer.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\logFile.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\logging.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\onBGDocumentLoad.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\reports.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\storageWrapper.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\updateManager.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\util.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\xhr.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\popupResource\newPopup.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgonpmchaeokedifbjenbcnjcdefdceg\1.26.35_0\js\lib\popupResource\popup.js, Quarantined, [d04e8f7697e43ef870a9cfcbe220d12f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome.manifest, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\install.rdf, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\background.html, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\baseObject.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\browser.xul, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\dialog.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\main.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\options.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\options.xul, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\platformVersion.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\search_dialog.xul, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\asyncDB.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\background.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\browserAction.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\contextMenu.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\dbManager.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\dom_bg.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\fileManager.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\firefox.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\firefoxNotifications.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\message.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\pageAction.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\request.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\tabs.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\webRequest.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\api\windowsMessagingHandler.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\addressBarChangeObserver.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\console.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\consts.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\delegate.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\extensionDataStore.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\folderIOWrapper.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\httpObserver.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\IDBWrapper.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\installer.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\logFile.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\prefs.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\progressListenerObserver.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\registry.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\reloadObserver.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\reports.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\requestObject.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\searchSettings.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\uninstallObserver.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\updateManager.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\utils.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\chrome\content\core\xhr.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\defaults\preferences\prefs.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\manifest.xml, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins.json, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\17_jQuery.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\182_openUrl.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\183_tabsWrapper.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\1_base.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\207_dbWrapper.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\21_debug.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\226_set_campaign_id_m.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\22_resources.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\246_setup.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\28_initializer.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\47_resources_background.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\plugins\98_omniCommands.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\userCode\background.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\extensionData\userCode\extension.js, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\locale\en-US\translations.dtd, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\button1.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\button2.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\button3.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\button4.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\button5.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\crossrider_statusbar.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\icon128.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\icon16.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\icon24.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\icon48.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\panelarrow-up.png, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\popup.html, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\skin.css, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc59fc10-5a26-4311-af8d-bf9b600a7b9c@080e29b9-9bee-4caa-b38c-4958c5aa2376.com\skin\update.css, Quarantined, [75a9d431f289ee488dbdbcde36cc0af6], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144d9259acd71bd868943dda87b0bce7"), Replaced,[45d9d62fadcec67037828ed1877d926e]PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.adc59fc105a264311af8dbf9b600a7b9c080e29b99bee4caab38c4958c5aa2376com52466.52466.internaldb.Resources_meta.value", "%7B%22iframe.html%22%3A%7B%22id%22%3A538570Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22ver%22%3A18Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22status%22%3A1Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22name%22%3A%22iframe.html%22Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22url%22%3A%22http%3A//resources.crossrider.com/system/resources/apps/52466/538570%22%7DReplaced,[1905b352f18ae45201c4baa52bd932ce]C%2219x19.jpg%22%3A%7B%22id%22%3A550082Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22ver%22%3A11Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22status%22%3A1Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22name%22%3A%2219x19.jpg%22Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22url%22%3A%22http%3A//resources.crossrider.com/system/resources/apps/52466/550082%22%7DReplaced,[1905b352f18ae45201c4baa52bd932ce]C%2219x19.png%22%3A%7B%22id%22%3A550083Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22ver%22%3A12Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22status%22%3A1Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22name%22%3A%2219x19.png%22Replaced,[1905b352f18ae45201c4baa52bd932ce]C%22url%22%3A%22http%3A//resources.crossrider.com/system/resources/apps/52466/550083%22%7D%7D"), %5Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  8. What is OMG Music Plus? The Malwarebytes research team has determined that OMG Music Plus is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is effected by OMG Music Plus? You may see these browser extensions/add-ons: and this entry in your list of installed programs: How did OMG Music Plus get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove OMG Music Plus? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of OMG Music Plus?The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the OMG Music Plus rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0049182 - {11111111-1111-1111-1111-110411911182} - C:\Program Files\OMG Music Plus\OMG Music Plus-bho.dllAlterations made by the installer: File system details --------------------------------------------- Adds the folder C:\Program Files\OMG Music Plus Adds the file 49182.xpi"="3/16/2014 1:18 PM, 283903 bytes, A Adds the file background.html"="2/10/2014 3:08 PM, 729 bytes, A Adds the file Installer.log"="3/16/2014 1:18 PM, 215471 bytes, A Adds the file OMG Music Plus.ico"="2/10/2014 3:08 PM, 9662 bytes, A Adds the file OMG Music Plus-bg.exe"="3/16/2014 1:18 PM, 773120 bytes, A Adds the file OMG Music Plus-bho.dll"="3/16/2014 1:18 PM, 677888 bytes, A Adds the file OMG Music Plus-buttonutil.dll"="3/16/2014 1:18 PM, 428544 bytes, A Adds the file OMG Music Plus-buttonutil.exe"="3/16/2014 1:18 PM, 331264 bytes, A Adds the file OMG Music Plus-codedownloader.exe"="3/16/2014 1:18 PM, 553984 bytes, A Adds the file OMG Music Plus-enabler.exe"="3/16/2014 1:18 PM, 405504 bytes, A Adds the file OMG Music Plus-firefoxinstaller.exe"="3/16/2014 1:18 PM, 932352 bytes, A Adds the file OMG Music Plus-helper.exe"="3/16/2014 1:18 PM, 331776 bytes, A Adds the file OMG Music Plus-updater.exe"="3/16/2014 1:18 PM, 379392 bytes, A Adds the file Uninstall.exe"="3/16/2014 1:18 PM, 77312 bytes, A Adds the file utils.exe"="3/16/2014 1:18 PM, 1171595 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com Adds the file chrome.manifest"="3/16/2014 1:18 PM, 732 bytes, A Adds the file install.rdf"="3/16/2014 1:18 PM, 1345 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content Adds the file api.js"="3/16/2014 1:18 PM, 18742 bytes, A Adds the file background.html"="3/16/2014 1:18 PM, 2001 bytes, A Adds the file baseObject.js"="3/16/2014 1:18 PM, 19 bytes, A Adds the file browser.xul"="3/16/2014 1:18 PM, 4819 bytes, A Adds the file dialog.js"="3/16/2014 1:18 PM, 1343 bytes, A Adds the file ffCoreFilesIndex.txt"="3/16/2014 1:18 PM, 1052 bytes, A Adds the file main.js"="3/16/2014 1:18 PM, 18750 bytes, A Adds the file options.js"="3/16/2014 1:18 PM, 1931 bytes, A Adds the file options.xul"="3/16/2014 1:18 PM, 1913 bytes, A Adds the file platformVersion.js"="3/16/2014 1:18 PM, 612 bytes, A Adds the file search_dialog.xul"="3/16/2014 1:18 PM, 2457 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api Adds the file asyncDB.js"="3/16/2014 1:18 PM, 4805 bytes, A Adds the file background.js"="3/16/2014 1:18 PM, 1336 bytes, A Adds the file browserAction.js"="3/16/2014 1:18 PM, 8906 bytes, A Adds the file contextMenu.js"="3/16/2014 1:18 PM, 5359 bytes, A Adds the file dbManager.js"="3/16/2014 1:18 PM, 10097 bytes, A Adds the file dom_bg.js"="3/16/2014 1:18 PM, 2505 bytes, A Adds the file fileManager.js"="3/16/2014 1:18 PM, 943 bytes, A Adds the file firefox.js"="3/16/2014 1:18 PM, 353 bytes, A Adds the file firefoxNotifications.js"="3/16/2014 1:18 PM, 1116 bytes, A Adds the file firefoxOmnibox.js"="3/16/2014 1:18 PM, 1515 bytes, A Adds the file message.js"="3/16/2014 1:18 PM, 4935 bytes, A Adds the file pageAction.js"="3/16/2014 1:18 PM, 11257 bytes, A Adds the file request.js"="3/16/2014 1:18 PM, 2314 bytes, A Adds the file tabs.js"="3/16/2014 1:18 PM, 3628 bytes, A Adds the file webRequest.js"="3/16/2014 1:18 PM, 3801 bytes, A Adds the file windowsMessagingHandler.js"="3/16/2014 1:18 PM, 960 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core Adds the file addressBarChangeObserver.js"="3/16/2014 1:18 PM, 130 bytes, A Adds the file console.js"="3/16/2014 1:18 PM, 1753 bytes, A Adds the file consts.js"="3/16/2014 1:18 PM, 2356 bytes, A Adds the file delegate.js"="3/16/2014 1:18 PM, 2180 bytes, A Adds the file extensionDataStore.js"="3/16/2014 1:18 PM, 8607 bytes, A Adds the file folderIOWrapper.js"="3/16/2014 1:18 PM, 3526 bytes, A Adds the file httpObserver.js"="3/16/2014 1:18 PM, 2561 bytes, A Adds the file IDBWrapper.js"="3/16/2014 1:18 PM, 4191 bytes, A Adds the file installer.js"="3/16/2014 1:18 PM, 1320 bytes, A Adds the file logFile.js"="3/16/2014 1:18 PM, 1562 bytes, A Adds the file prefs.js"="3/16/2014 1:18 PM, 1649 bytes, A Adds the file progressListenerObserver.js"="3/16/2014 1:18 PM, 1368 bytes, A Adds the file registry.js"="3/16/2014 1:18 PM, 1158 bytes, A Adds the file reloadObserver.js"="3/16/2014 1:18 PM, 1527 bytes, A Adds the file reports.js"="3/16/2014 1:18 PM, 3869 bytes, A Adds the file requestObject.js"="3/16/2014 1:18 PM, 1261 bytes, A Adds the file searchSettings.js"="3/16/2014 1:18 PM, 3426 bytes, A Adds the file uninstallObserver.js"="3/16/2014 1:18 PM, 2372 bytes, A Adds the file updateManager.js"="3/16/2014 1:18 PM, 11288 bytes, A Adds the file utils.js"="3/16/2014 1:18 PM, 18554 bytes, A Adds the file xhr.js"="3/16/2014 1:18 PM, 2852 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\defaults Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\defaults\preferences Adds the file prefs.js"="3/16/2014 1:18 PM, 3972 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData Adds the file manifest.xml"="3/16/2014 1:21 PM, 1701 bytes, A Adds the file plugins.json"="3/16/2014 1:21 PM, 11799 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins Adds the file 1_base.js"="3/16/2014 1:18 PM, 6908 bytes, A Adds the file 102_dealply_m.js"="3/16/2014 1:18 PM, 2201 bytes, A Adds the file 103_intext_5_m.js"="3/16/2014 1:21 PM, 2294 bytes, A Adds the file 104_jollywallet_m.js"="3/16/2014 1:18 PM, 1450 bytes, A Adds the file 13_CrossriderAppUtils.js"="3/16/2014 1:18 PM, 7056 bytes, A Adds the file 14_CrossriderUtils.js"="3/16/2014 1:18 PM, 20810 bytes, A Adds the file 16_FFAppAPIWrapper.js"="3/16/2014 1:18 PM, 16158 bytes, A Adds the file 17_jQuery.js"="3/16/2014 1:18 PM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="3/16/2014 1:18 PM, 30419 bytes, A Adds the file 182_openUrl.js"="3/16/2014 1:18 PM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="3/16/2014 1:18 PM, 2555 bytes, A Adds the file 191_ciuvo_m.js"="3/16/2014 1:18 PM, 1106 bytes, A Adds the file 207_dbWrapper.js"="3/16/2014 1:18 PM, 1661 bytes, A Adds the file 21_debug.js"="3/16/2014 1:18 PM, 3676 bytes, A Adds the file 22_resources.js"="3/16/2014 1:18 PM, 9082 bytes, A Adds the file 245_engageya_overlay_m.js"="3/16/2014 1:21 PM, 475 bytes, A Adds the file 246_setup.js"="3/16/2014 1:21 PM, 1840 bytes, A Adds the file 28_initializer.js"="3/16/2014 1:18 PM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="3/16/2014 1:18 PM, 94180 bytes, A Adds the file 47_resources_background.js"="3/16/2014 1:18 PM, 7720 bytes, A Adds the file 64_appApiMessage.js"="3/16/2014 1:18 PM, 2332 bytes, A Adds the file 72_appApiValidation.js"="3/16/2014 1:21 PM, 46060 bytes, A Adds the file 78_CrossriderInfo.js"="3/16/2014 1:18 PM, 3321 bytes, A Adds the file 91_monetizationLoader.js.js"="3/16/2014 1:21 PM, 145065 bytes, A Adds the file 93_superfish_no_coupons_m.js"="3/16/2014 1:18 PM, 775 bytes, A Adds the file 98_omniCommands.js"="3/16/2014 1:18 PM, 1936 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\userCode Adds the file background.js"="3/16/2014 1:18 PM, 1515 bytes, A Adds the file extension.js"="3/16/2014 1:21 PM, 383 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\locale Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\locale\en-US Adds the file translations.dtd"="3/16/2014 1:18 PM, 425 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin Adds the file button1.png"="3/16/2014 1:18 PM, 1351 bytes, A Adds the file button2.png"="3/16/2014 1:18 PM, 1361 bytes, A Adds the file button3.png"="3/16/2014 1:18 PM, 1361 bytes, A Adds the file button4.png"="3/16/2014 1:18 PM, 1361 bytes, A Adds the file button5.png"="3/16/2014 1:18 PM, 1361 bytes, A Adds the file crossrider_statusbar.png"="3/16/2014 1:18 PM, 1361 bytes, A Adds the file icon128.png"="3/16/2014 1:18 PM, 4438 bytes, A Adds the file icon16.png"="3/16/2014 1:18 PM, 1351 bytes, A Adds the file icon24.png"="3/16/2014 1:18 PM, 2660 bytes, A Adds the file icon48.png"="3/16/2014 1:18 PM, 3716 bytes, A Adds the file panelarrow-up.png"="3/16/2014 1:18 PM, 917 bytes, A Adds the file popup.html"="3/16/2014 1:18 PM, 349 bytes, A Adds the file skin.css"="3/16/2014 1:18 PM, 990 bytes, A Adds the file update.css"="3/16/2014 1:18 PM, 140 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file OMG Music Plus-codedownloader"="3/16/2014 1:18 PM, 4498 bytes, A Adds the file OMG Music Plus-enabler"="3/16/2014 1:18 PM, 4392 bytes, A Adds the file OMG Music Plus-firefoxinstaller"="3/16/2014 1:18 PM, 5326 bytes, A Adds the file OMG Music Plus-updater"="3/16/2014 1:18 PM, 4558 bytes, A In the existing folder C:\Windows\Tasks Adds the file OMG Music Plus-codedownloader.job"="3/16/2014 1:18 PM, 1468 bytes, A Adds the file OMG Music Plus-enabler.job"="3/16/2014 1:18 PM, 1362 bytes, A Adds the file OMG Music Plus-firefoxinstaller.job"="3/16/2014 1:18 PM, 2296 bytes, A Adds the file OMG Music Plus-updater.job"="3/16/2014 1:18 PM, 1528 bytes, ARegistry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}] "(Default)"="REG_SZ", "OMG Music Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\OMG Music Plus\OMG Music Plus-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0049182.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444914482}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911182}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0049182" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\OMG Music Plus\OMG Music Plus-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444914482}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912282}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.BHO] "(Default)"="REG_SZ", "CrossriderApp0049182" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411911182}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.BHO\CurVer] "(Default)"="REG_SZ", "CrossriderApp0049182" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.BHO.1] "(Default)"="REG_SZ", "CrossriderApp0049182" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411911182}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.Sandbox] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422912282}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.Sandbox\CurVer] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.Sandbox.1] "(Default)"="REG_SZ", "CrossriderApp0049182.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0049182.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422912282}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915582}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444914482}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916682}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444914482}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914482}\1.0] "(Default)"="REG_SZ", "CrossriderApp0049182 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914482}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\OMG Music Plus\OMG Music Plus-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914482}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914482}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\OMG Music Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911182}] "(Default)"="REG_SZ", "CrossriderApp0049182" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110411911182}"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OMG Music Plus] "CrAppId"="REG_SZ", "49182" "CrPublisherId"="REG_SZ", "5526" "DisplayIcon"="REG_SZ", "C:\Program Files\OMG Music Plus\utils.exe" "DisplayName"="REG_SZ", "OMG Music Plus" "DisplayVersion"="REG_SZ", "1.34.1.29" "Publisher"="REG_SZ", "Bundlore LTD" "UninstallString"="REG_SZ", "C:\Program Files\OMG Music Plus\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\OMG Music Plus\Firefox] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\OMG Music Plus\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\OMG Music Plus\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\OMG Music Plus\Installer] "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "F4F5096D5934430D803D464022014ED6IE" "Verifier"="REG_SZ", "094540c5d4d623d3ddf38dcdfed2671f" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\Button] "49182"="REG_DWORD", 1 "Index"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "49182"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "49182"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus] "ActiveAppId"="REG_SZ", "49182" "BhoRunningVersion"="REG_SZ", "153" "IsBhoEnabled"="REG_DWORD", 1 "LastSetSearch"="REG_DWORD", 1394972459 [HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\background] "__onDocumentStart_script__"="REG_SZ", "" "__onDocumentStart_script_store__"="REG_SZ", "" "IsEnabled"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\Code] "AppJavaScript"="REG_SZ", "{javascript removed, full log available by request} " [HKEY_CURRENT_USER\Software\AppDataLow\Software\OMG Music Plus\Update] "LastCheck"="REG_DWORD", 1394972310 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Bundlore LTD] "49182"="REG_SZ", "OMG Music Plus" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411911182}\iexplore] "Count"="REG_DWORD", 4 "Flags"="REG_DWORD", 0 "LoadTimeArray"="REG_BINARY, .................... "NavTimeArray"="REG_BINARY, .................... "Time"="REG_BINARY, ........ "Type"="REG_DWORD", 3Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/16/2014Scan Time: 1:26:32 PMLogfile: mbamOMGusic.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.16.02Rootkit Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 201640Time Elapsed: 2 min, 48 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 18PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411911182}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444914482}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455915582}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466916682}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0049182.BHO.1, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411911182}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0049182.BHO, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411911182}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411911182}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422912282}, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0049182.Sandbox.1, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0049182.Sandbox, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411911182}\INPROCSERVER32, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\OMG Music Plus, Quarantined, [d9191be86e0df14534f00f8bcf330bf5],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [f8fab053d7a4a88ebff36e6009fa39c7],PUP.Optional.OMGMusicPlus.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\OMG Music Plus, Quarantined, [7082f3103843fd39b86a1981b34fb050],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Bundlore LTD, Quarantined, [33bf22e184f71d192473a1fd36ccf20e],PUP.Optional.OMGMusicPlus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OMG Music Plus, Quarantined, [48aae122afcccc6a7b677d1957abf10f],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 14PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\defaults, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\defaults\preferences, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\userCode, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\locale, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\locale\en-US, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin, Quarantined, [777b00031467251119376730f80a37c9],Files: 118PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-bho.dll, Quarantined, [f6fcb64daccfc274010f6246a55c5ea2],PUP.Optional.OMGMusicPlus.A, C:\Users\{username}\Desktop\Nvwngyuuiux.exe, Quarantined, [bf331de614676fc735da594f68996a96],PUP.Optional.OMGMusicPlus.A, C:\Windows\Tasks\OMG Music Plus-codedownloader.job, Quarantined, [92603fc4daa11b1b879ac2d81fe3e41c],PUP.Optional.OMGMusicPlus.A, C:\Windows\Tasks\OMG Music Plus-enabler.job, Quarantined, [f3fff80b7b0047efac75c1d9659d6b95],PUP.Optional.OMGMusicPlus.A, C:\Windows\Tasks\OMG Music Plus-firefoxinstaller.job, Quarantined, [fdf518eb6f0c56e051d048523dc530d0],PUP.Optional.OMGMusicPlus.A, C:\Windows\Tasks\OMG Music Plus-updater.job, Quarantined, [15dd788b6813bc7a8e933c5e1de52cd4],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\49182.xpi, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\background.html, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\Installer.log, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-bg.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-buttonutil.dll, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-buttonutil.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-codedownloader.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-enabler.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-firefoxinstaller.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-helper.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus-updater.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\OMG Music Plus.ico, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\Uninstall.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.OMGMusicPlus.A, C:\Program Files\OMG Music Plus\utils.exe, Quarantined, [48aae122afcccc6a7b677d1957abf10f],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome.manifest, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\install.rdf, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\background.html, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\baseObject.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\browser.xul, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\dialog.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\main.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\options.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\options.xul, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\platformVersion.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\search_dialog.xul, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\asyncDB.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\background.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\browserAction.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\contextMenu.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\dbManager.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\dom_bg.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\fileManager.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\firefox.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\firefoxNotifications.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\message.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\pageAction.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\request.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\tabs.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\webRequest.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\api\windowsMessagingHandler.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\addressBarChangeObserver.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\console.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\consts.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\delegate.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\extensionDataStore.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\folderIOWrapper.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\httpObserver.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\IDBWrapper.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\installer.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\logFile.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\prefs.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\progressListenerObserver.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\registry.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\reloadObserver.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\reports.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\requestObject.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\searchSettings.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\uninstallObserver.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\updateManager.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\utils.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\chrome\content\core\xhr.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\defaults\preferences\prefs.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\manifest.xml, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins.json, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\102_dealply_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\103_intext_5_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\104_jollywallet_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\17_jQuery.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\182_openUrl.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\183_tabsWrapper.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\191_ciuvo_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\1_base.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\207_dbWrapper.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\21_debug.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\22_resources.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\245_engageya_overlay_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\246_setup.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\28_initializer.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\47_resources_background.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\plugins\98_omniCommands.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\userCode\background.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\extensionData\userCode\extension.js, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\locale\en-US\translations.dtd, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\button1.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\button2.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\button3.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\button4.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\button5.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\crossrider_statusbar.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\icon128.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\icon16.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\icon24.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\icon48.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\panelarrow-up.png, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\popup.html, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\skin.css, Quarantined, [777b00031467251119376730f80a37c9],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\dc77187f-1ad7-4b19-8787-a0a5cc10343f@e6264eef-2457-4fa2-bea4-bd6135e1199d.com\skin\update.css, Quarantined, [777b00031467251119376730f80a37c9],PUP.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144cad6cd11e5259ebb287b85bd2e06e"), Replaced,[cc26f2115823bd79fe05a3bd8381936d]PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.adc77187f1ad74b198787a0a5cc10343fe6264eef24574fa2bea4bd6135e1199dcom49182.49182.internaldb.Resources_meta.value", "%7B%22browserbutton.png%22%3A%7B%22id%22%3A482036Replaced,[d919798a285320161af598c80ff57e82]C%22ver%22%3A1Replaced,[d919798a285320161af598c80ff57e82]C%22status%22%3A1Replaced,[d919798a285320161af598c80ff57e82]C%22name%22%3A%22browserbutton.png%22Replaced,[d919798a285320161af598c80ff57e82]C%22url%22%3A%22http%3A//resources.crossrider.com/system/resources/apps/49182/482036%22%7D%7D"), %5Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  9. What is Magnet Downloader? The Malwarebytes research team has determined that Magnet Downloader is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is effected by Magnet Downloader? You may see this browser extensions in IE: How did Magnet Downloader get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Magnet Downloader? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of Magnet Downloader?No, Malwarebytes' Anti-Malware removes Magnet Downloader completely.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Magnet Downloader rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0045508 - {11111111-1111-1111-1111-110411551108} - C:\Program Files\Magnet Downloader\Magnet Downloader-bho.dllAlterations made by the installer: Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/15/2014Scan Time: 1:45:38 PMLogfile: mbamMagnet.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.15.01Rootkit Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 201420Time Elapsed: 3 min, 45 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 1PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-buttonutil.dll, Delete-on-Reboot, [becf3ac9d4a7e254c705b7e160a2f20e], Registry Keys: 18PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411551108}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444554408}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455555508}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466556608}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045508.BHO.1, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411551108}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045508.BHO, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411551108}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411551108}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422552208}, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045508.Sandbox.1, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0045508.Sandbox, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411551108}\INPROCSERVER32, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Magnet Downloader, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, HKLM\SOFTWARE\Magnet Downloader, Quarantined, [8607d33086f581b5943c63352dd5a858], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b8d5c83b710ad85e23dd6668f310728e], PUP.Optional.MagnetDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Magnet Downloader, Quarantined, [6c2158ab334896a0a628b5e31ee49967], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [2e5f986b2a51de589fa93981729129d7], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader, Delete-on-Reboot, [becf3ac9d4a7e254c705b7e160a2f20e], Files: 17PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-bho.dll, Quarantined, [513cde252b5072c41b7dcedb8c7536ca], PUP.Optional.MagnetDownloader.A, C:\Users\{username}\Desktop\Ljuaidtgegw.exe, Quarantined, [365716ed7a012016a6f1c4e533ce847c], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\background.html, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Installer.log, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-bg.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-buttonutil.dll, Delete-on-Reboot, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-buttonutil.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-codedownloader.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-enabler.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-helper.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader-updater.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Magnet Downloader.ico, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\Uninstall.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Program Files\Magnet Downloader\utils.exe, Quarantined, [becf3ac9d4a7e254c705b7e160a2f20e], PUP.Optional.MagnetDownloader.A, C:\Windows\Tasks\Magnet Downloader-codedownloader.job, Quarantined, [830adc278cefaa8ca528eeaa7c863fc1], PUP.Optional.MagnetDownloader.A, C:\Windows\Tasks\Magnet Downloader-enabler.job, Quarantined, [aae37d860d6e2313f9d4bddbe41e2ad6], PUP.Optional.MagnetDownloader.A, C:\Windows\Tasks\Magnet Downloader-updater.job, Quarantined, [a9e4ec17007b8caa09c46f29e121a759], Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  10. What is Free Ven? The Malwarebytes research team has determined that Free Ven is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is effected by Free Ven? You may see these browser extensions/add-ons: and this entry in your list of installed programs: How did Free Ven get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as a shopping companion browser extension. How do I remove Free Ven? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of Free Ven?The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the "free ven 1.26.22" listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Free Ven rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0051680 - {11111111-1111-1111-1111-110511161180} - C:\Program Files\free ven\free ven-bho.dllAlterations made by the installer: File system details--------------------------------------------- Adds the folder C:\Program Files\free ven Adds the file 51680.crx"="3/15/2014 10:10 AM, 265994 bytes, A Adds the file 51680.xpi"="3/15/2014 10:10 AM, 303847 bytes, A Adds the file background.html"="3/10/2014 7:14 PM, 729 bytes, A Adds the file free ven.ico"="3/10/2014 7:14 PM, 9662 bytes, A Adds the file free ven-bg.exe"="3/15/2014 10:10 AM, 527872 bytes, A Adds the file free ven-bho.dll"="3/15/2014 10:10 AM, 501760 bytes, A Adds the file free ven-chromeinstaller.exe"="3/15/2014 10:10 AM, 2051584 bytes, A Adds the file free ven-codedownloader.exe"="3/15/2014 10:10 AM, 567296 bytes, A Adds the file free ven-enabler.exe"="3/15/2014 10:10 AM, 407040 bytes, A Adds the file free ven-firefoxinstaller.exe"="3/15/2014 10:10 AM, 958464 bytes, A Adds the file free ven-updater.exe"="3/15/2014 10:10 AM, 391680 bytes, A Adds the file Installer.log"="3/15/2014 10:10 AM, 274713 bytes, A Adds the file Uninstall.exe"="3/15/2014 10:10 AM, 77312 bytes, A Adds the file utils.exe"="3/15/2014 10:10 AM, 2296927 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hjghiofiijcepdnocbgefbdlbckjfheg_0 Adds the file 1"="3/15/2014 10:13 AM, 19456 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0 Adds the file background.html"="3/15/2014 10:10 AM, 1705 bytes, A Adds the file chromeCoreFilesIndex.txt"="3/15/2014 10:10 AM, 853 bytes, A Adds the file crossriderManifest.json"="3/15/2014 10:10 AM, 517 bytes, A Adds the file manifest.json"="3/15/2014 10:10 AM, 1089 bytes, A Adds the file popup.html"="3/15/2014 10:10 AM, 139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData Adds the file manifest.xml"="3/15/2014 10:10 AM, 1700 bytes, A Adds the file plugins.json"="3/15/2014 10:10 AM, 8524 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins Adds the file 1_base.js"="3/15/2014 10:10 AM, 6794 bytes, A Adds the file 102_dealply_m.js"="3/15/2014 10:10 AM, 2048 bytes, A Adds the file 103_intext_5_m.js"="3/15/2014 10:10 AM, 2296 bytes, A Adds the file 104_jollywallet_m.js"="3/15/2014 10:10 AM, 1289 bytes, A Adds the file 13_CrossriderAppUtils.js"="3/15/2014 10:10 AM, 6993 bytes, A Adds the file 14_CrossriderUtils.js"="3/15/2014 10:10 AM, 20752 bytes, A Adds the file 155_ibario_pops_m.js"="3/15/2014 10:10 AM, 411 bytes, A Adds the file 17_jQuery.js"="3/15/2014 10:10 AM, 79864 bytes, A Adds the file 177_crossriderDashboard.js"="3/15/2014 10:10 AM, 31088 bytes, A Adds the file 180_bpo_serp_m.js"="3/15/2014 10:10 AM, 808 bytes, A Adds the file 182_openUrl.js"="3/15/2014 10:10 AM, 14181 bytes, A Adds the file 183_tabsWrapper.js"="3/15/2014 10:10 AM, 2427 bytes, A Adds the file 184_noproblemppc_m.js"="3/15/2014 10:10 AM, 1235 bytes, A Adds the file 19_CHAppAPIWrapper.js"="3/15/2014 10:10 AM, 7001 bytes, A Adds the file 190_pops_5_m.js"="3/15/2014 10:10 AM, 2294 bytes, A Adds the file 191_ciuvo_m.js"="3/15/2014 10:10 AM, 957 bytes, A Adds the file 207_dbWrapper.js"="3/15/2014 10:10 AM, 1537 bytes, A Adds the file 21_debug.js"="3/15/2014 10:10 AM, 3560 bytes, A Adds the file 22_resources.js"="3/15/2014 10:10 AM, 8958 bytes, A Adds the file 223_imonomy_m.js"="3/15/2014 10:10 AM, 543 bytes, A Adds the file 230_revizer_ws_dynamic_b2b_2_m.js"="3/15/2014 10:10 AM, 867 bytes, A Adds the file 233_revizer_p_dynamic_b2b_2_m.js"="3/15/2014 10:10 AM, 867 bytes, A Adds the file 246_setup.js"="3/15/2014 10:10 AM, 1842 bytes, A Adds the file 28_initializer.js"="3/15/2014 10:10 AM, 536 bytes, A Adds the file 4_jquery_1_7_1.js"="3/15/2014 10:10 AM, 94050 bytes, A Adds the file 47_resources_background.js"="3/15/2014 10:10 AM, 7574 bytes, A Adds the file 64_appApiMessage.js"="3/15/2014 10:10 AM, 2200 bytes, A Adds the file 72_appApiValidation.js"="3/15/2014 10:10 AM, 46062 bytes, A Adds the file 78_CrossriderInfo.js"="3/15/2014 10:10 AM, 3187 bytes, A Adds the file 80_CHPopupAppAPI.js"="3/15/2014 10:10 AM, 62 bytes, A Adds the file 91_monetizationLoader.js.js"="3/15/2014 10:10 AM, 145067 bytes, A Adds the file 93_superfish_no_coupons_m.js"="3/15/2014 10:10 AM, 560 bytes, A Adds the file 97_resourceApiWrapper.js"="3/15/2014 10:10 AM, 3157 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\userCode Adds the file background.js"="3/15/2014 10:10 AM, 429 bytes, A Adds the file extension.js"="3/15/2014 10:10 AM, 1 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons Adds the file icon128.png"="3/15/2014 10:10 AM, 18583 bytes, A Adds the file icon16.png"="3/15/2014 10:10 AM, 1317 bytes, A Adds the file icon48.png"="3/15/2014 10:10 AM, 3954 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\actions Adds the file 1.png"="3/15/2014 10:10 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js Adds the file background.js"="3/15/2014 10:10 AM, 34135 bytes, A Adds the file main.js"="3/15/2014 10:10 AM, 8452 bytes, A Adds the file platformVersion.js"="3/15/2014 10:10 AM, 408 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api Adds the file chrome.js"="3/15/2014 10:10 AM, 11499 bytes, A Adds the file cookie.js"="3/15/2014 10:10 AM, 11743 bytes, A Adds the file message.js"="3/15/2014 10:10 AM, 3346 bytes, A Adds the file monitor.js"="3/15/2014 10:10 AM, 2039 bytes, A Adds the file pageAction.js"="3/15/2014 10:10 AM, 1737 bytes, A Adds the file pageActionBG.js"="3/15/2014 10:10 AM, 2519 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib Adds the file app_api.js"="3/15/2014 10:10 AM, 6697 bytes, A Adds the file bg_app_api.js"="3/15/2014 10:10 AM, 4685 bytes, A Adds the file consts.js"="3/15/2014 10:10 AM, 335 bytes, A Adds the file cookie_store.js"="3/15/2014 10:10 AM, 5905 bytes, A Adds the file crossriderAPI.js"="3/15/2014 10:10 AM, 11366 bytes, A Adds the file delegate.js"="3/15/2014 10:10 AM, 2002 bytes, A Adds the file events.js"="3/15/2014 10:10 AM, 5757 bytes, A Adds the file extensionDataStore.js"="3/15/2014 10:10 AM, 6656 bytes, A Adds the file installer.js"="3/15/2014 10:10 AM, 780 bytes, A Adds the file logFile.js"="3/15/2014 10:10 AM, 775 bytes, A Adds the file logging.js"="3/15/2014 10:10 AM, 944 bytes, A Adds the file onBGDocumentLoad.js"="3/15/2014 10:10 AM, 480 bytes, A Adds the file reports.js"="3/15/2014 10:10 AM, 4929 bytes, A Adds the file storageWrapper.js"="3/15/2014 10:10 AM, 903 bytes, A Adds the file updateManager.js"="3/15/2014 10:10 AM, 8205 bytes, A Adds the file util.js"="3/15/2014 10:10 AM, 5142 bytes, A Adds the file xhr.js"="3/15/2014 10:10 AM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\popupResource Adds the file newPopup.js"="3/15/2014 10:10 AM, 40 bytes, A Adds the file popup.js"="3/15/2014 10:10 AM, 45 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjghiofiijcepdnocbgefbdlbckjfheg Adds the file 000003.log"="3/15/2014 10:13 AM, 1071118 bytes, A Adds the file CURRENT"="3/15/2014 10:13 AM, 16 bytes, A Adds the file LOCK"="3/15/2014 10:13 AM, 0 bytes, A Adds the file LOG"="3/15/2014 10:13 AM, 47 bytes, A Adds the file MANIFEST-000002"="3/15/2014 10:13 AM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com Adds the file chrome.manifest"="3/15/2014 10:10 AM, 732 bytes, A Adds the file install.rdf"="3/15/2014 10:10 AM, 1339 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content Adds the file api.js"="3/15/2014 10:10 AM, 18796 bytes, A Adds the file background.html"="3/15/2014 10:10 AM, 2001 bytes, A Adds the file baseObject.js"="3/15/2014 10:10 AM, 19 bytes, A Adds the file browser.xul"="3/15/2014 10:10 AM, 4807 bytes, A Adds the file dialog.js"="3/15/2014 10:10 AM, 1343 bytes, A Adds the file ffCoreFilesIndex.txt"="3/15/2014 10:10 AM, 1052 bytes, A Adds the file main.js"="3/15/2014 10:10 AM, 18750 bytes, A Adds the file options.js"="3/15/2014 10:10 AM, 1931 bytes, A Adds the file options.xul"="3/15/2014 10:10 AM, 1913 bytes, A Adds the file platformVersion.js"="3/15/2014 10:10 AM, 612 bytes, A Adds the file search_dialog.xul"="3/15/2014 10:10 AM, 2457 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api Adds the file asyncDB.js"="3/15/2014 10:10 AM, 4805 bytes, A Adds the file background.js"="3/15/2014 10:10 AM, 1336 bytes, A Adds the file browserAction.js"="3/15/2014 10:10 AM, 8906 bytes, A Adds the file contextMenu.js"="3/15/2014 10:10 AM, 5359 bytes, A Adds the file dbManager.js"="3/15/2014 10:10 AM, 10097 bytes, A Adds the file dom_bg.js"="3/15/2014 10:10 AM, 2505 bytes, A Adds the file fileManager.js"="3/15/2014 10:10 AM, 943 bytes, A Adds the file firefox.js"="3/15/2014 10:10 AM, 353 bytes, A Adds the file firefoxNotifications.js"="3/15/2014 10:10 AM, 1116 bytes, A Adds the file firefoxOmnibox.js"="3/15/2014 10:10 AM, 1515 bytes, A Adds the file message.js"="3/15/2014 10:10 AM, 5210 bytes, A Adds the file pageAction.js"="3/15/2014 10:10 AM, 11257 bytes, A Adds the file request.js"="3/15/2014 10:10 AM, 2314 bytes, A Adds the file tabs.js"="3/15/2014 10:10 AM, 3628 bytes, A Adds the file webRequest.js"="3/15/2014 10:10 AM, 5806 bytes, A Adds the file windowsMessagingHandler.js"="3/15/2014 10:10 AM, 960 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core Adds the file addressBarChangeObserver.js"="3/15/2014 10:10 AM, 130 bytes, A Adds the file console.js"="3/15/2014 10:10 AM, 1753 bytes, A Adds the file consts.js"="3/15/2014 10:10 AM, 2356 bytes, A Adds the file delegate.js"="3/15/2014 10:10 AM, 2180 bytes, A Adds the file extensionDataStore.js"="3/15/2014 10:10 AM, 10309 bytes, A Adds the file folderIOWrapper.js"="3/15/2014 10:10 AM, 3526 bytes, A Adds the file httpObserver.js"="3/15/2014 10:10 AM, 2561 bytes, A Adds the file IDBWrapper.js"="3/15/2014 10:10 AM, 4191 bytes, A Adds the file installer.js"="3/15/2014 10:10 AM, 1320 bytes, A Adds the file logFile.js"="3/15/2014 10:10 AM, 1562 bytes, A Adds the file prefs.js"="3/15/2014 10:10 AM, 1649 bytes, A Adds the file progressListenerObserver.js"="3/15/2014 10:10 AM, 1368 bytes, A Adds the file registry.js"="3/15/2014 10:10 AM, 1158 bytes, A Adds the file reloadObserver.js"="3/15/2014 10:10 AM, 1527 bytes, A Adds the file reports.js"="3/15/2014 10:10 AM, 3869 bytes, A Adds the file requestObject.js"="3/15/2014 10:10 AM, 1261 bytes, A Adds the file searchSettings.js"="3/15/2014 10:10 AM, 3426 bytes, A Adds the file uninstallObserver.js"="3/15/2014 10:10 AM, 2372 bytes, A Adds the file updateManager.js"="3/15/2014 10:10 AM, 11480 bytes, A Adds the file utils.js"="3/15/2014 10:10 AM, 18554 bytes, A Adds the file xhr.js"="3/15/2014 10:10 AM, 2852 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\defaults\preferences Adds the file prefs.js"="3/15/2014 10:10 AM, 3980 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData Adds the file manifest.xml"="3/15/2014 10:12 AM, 1700 bytes, A Adds the file plugins.json"="3/15/2014 10:12 AM, 13284 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins Adds the file 1_base.js"="3/15/2014 10:10 AM, 6794 bytes, A Adds the file 102_dealply_m.js"="3/15/2014 10:10 AM, 2048 bytes, A Adds the file 103_intext_5_m.js"="3/15/2014 10:10 AM, 2296 bytes, A Adds the file 104_jollywallet_m.js"="3/15/2014 10:10 AM, 1289 bytes, A Adds the file 13_CrossriderAppUtils.js"="3/15/2014 10:10 AM, 6993 bytes, A Adds the file 14_CrossriderUtils.js"="3/15/2014 10:10 AM, 20752 bytes, A Adds the file 155_ibario_pops_m.js"="3/15/2014 10:10 AM, 411 bytes, A Adds the file 16_FFAppAPIWrapper.js"="3/15/2014 10:10 AM, 16022 bytes, A Adds the file 17_jQuery.js"="3/15/2014 10:10 AM, 79864 bytes, A Adds the file 177_crossriderDashboard.js"="3/15/2014 10:10 AM, 31088 bytes, A Adds the file 180_bpo_serp_m.js"="3/15/2014 10:12 AM, 802 bytes, A Adds the file 182_openUrl.js"="3/15/2014 10:10 AM, 14181 bytes, A Adds the file 183_tabsWrapper.js"="3/15/2014 10:10 AM, 2427 bytes, A Adds the file 184_noproblemppc_m.js"="3/15/2014 10:12 AM, 1271 bytes, A Adds the file 190_pops_5_m.js"="3/15/2014 10:10 AM, 2294 bytes, A Adds the file 191_ciuvo_m.js"="3/15/2014 10:10 AM, 957 bytes, A Adds the file 207_dbWrapper.js"="3/15/2014 10:10 AM, 1537 bytes, A Adds the file 21_debug.js"="3/15/2014 10:10 AM, 3560 bytes, A Adds the file 22_resources.js"="3/15/2014 10:10 AM, 8958 bytes, A Adds the file 223_imonomy_m.js"="3/15/2014 10:12 AM, 451 bytes, A Adds the file 230_revizer_ws_dynamic_b2b_2_m.js"="3/15/2014 10:12 AM, 795 bytes, A Adds the file 233_revizer_p_dynamic_b2b_2_m.js"="3/15/2014 10:12 AM, 795 bytes, A Adds the file 246_setup.js"="3/15/2014 10:12 AM, 1840 bytes, A Adds the file 28_initializer.js"="3/15/2014 10:10 AM, 536 bytes, A Adds the file 4_jquery_1_7_1.js"="3/15/2014 10:10 AM, 94050 bytes, A Adds the file 47_resources_background.js"="3/15/2014 10:10 AM, 7574 bytes, A Adds the file 64_appApiMessage.js"="3/15/2014 10:10 AM, 2200 bytes, A Adds the file 72_appApiValidation.js"="3/15/2014 10:10 AM, 46062 bytes, A Adds the file 78_CrossriderInfo.js"="3/15/2014 10:10 AM, 3187 bytes, A Adds the file 91_monetizationLoader.js.js"="3/15/2014 10:10 AM, 145067 bytes, A Adds the file 93_superfish_no_coupons_m.js"="3/15/2014 10:10 AM, 560 bytes, A Adds the file 98_omniCommands.js"="3/15/2014 10:10 AM, 1806 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\userCode Adds the file background.js"="3/15/2014 10:10 AM, 429 bytes, A Adds the file extension.js"="3/15/2014 10:12 AM, 3 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\locale\en-US Adds the file translations.dtd"="3/15/2014 10:10 AM, 425 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin Adds the file button1.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file button2.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file button3.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file button4.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file button5.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file crossrider_statusbar.png"="3/15/2014 10:10 AM, 1361 bytes, A Adds the file icon128.png"="3/15/2014 10:10 AM, 18583 bytes, A Adds the file icon16.png"="3/15/2014 10:10 AM, 1317 bytes, A Adds the file icon24.png"="3/15/2014 10:10 AM, 2393 bytes, A Adds the file icon48.png"="3/15/2014 10:10 AM, 3954 bytes, A Adds the file panelarrow-up.png"="3/15/2014 10:10 AM, 917 bytes, A Adds the file popup.html"="3/15/2014 10:10 AM, 349 bytes, A Adds the file skin.css"="3/15/2014 10:10 AM, 990 bytes, A Adds the file update.css"="3/15/2014 10:10 AM, 140 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file free ven-chromeinstaller"="3/15/2014 10:10 AM, 6112 bytes, A Adds the file free ven-codedownloader"="3/15/2014 10:10 AM, 4476 bytes, A Adds the file free ven-enabler"="3/15/2014 10:10 AM, 4376 bytes, A Adds the file free ven-firefoxinstaller"="3/15/2014 10:10 AM, 5264 bytes, A Adds the file free ven-updater"="3/15/2014 10:10 AM, 4522 bytes, A In the existing folder C:\Windows\Tasks Adds the file free ven-chromeinstaller.job"="3/15/2014 10:10 AM, 3082 bytes, A Adds the file free ven-codedownloader.job"="3/15/2014 10:10 AM, 1446 bytes, A Adds the file free ven-enabler.job"="3/15/2014 10:10 AM, 1346 bytes, A Adds the file free ven-firefoxinstaller.job"="3/15/2014 10:10 AM, 2234 bytes, A Adds the file free ven-updater.job"="3/15/2014 10:10 AM, 1492 bytes, ARegistry details------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}] "(Default)"="REG_SZ, "free ven" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\Implemented Categories] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\free ven\free ven-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0051680.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544164480}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161180}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0051680" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\free ven\free ven-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544164480}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162280}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.BHO] "(Default)"="REG_SZ, "CrossriderApp0051680" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.BHO\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511161180}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.BHO\CurVer] "(Default)"="REG_SZ, "CrossriderApp0051680" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.BHO.1] "(Default)"="REG_SZ, "CrossriderApp0051680" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.BHO.1\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511161180}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.Sandbox] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.Sandbox\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522162280}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.Sandbox\CurVer] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.Sandbox.1] "(Default)"="REG_SZ, "CrossriderApp0051680.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051680.Sandbox.1\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522162280}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}] "(Default)"="REG_SZ, "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165580}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544164480}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}] "(Default)"="REG_SZ, "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166680}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544164480}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}\1.0] "(Default)"="REG_SZ, "CrossriderApp0051680 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}\1.0\0\win32] "(Default)"="REG_SZ, "C:\Program Files\free ven\free ven-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}\1.0\FLAGS] "(Default)"="REG_SZ, "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164480}\1.0\HELPDIR] "(Default)"="REG_SZ, "C:\Program Files\free ven" [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\Chrome] "TotalProfiles"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\Chrome-Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\ErrorLists-crchromeinstaller] "post_response_json_invalid"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\Firefox] "TotalProfiles"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\IE] "TotalProfiles"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\free ven\Installer] "BundledChrome"="REG_DWORD, 1 "BundledFirefox"="REG_DWORD, 1 "BundledIe"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161180}] "(Default)"="REG_SZ, "CrossriderApp0051680" "NoExplorer"="REG_DWORD, 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110511161180}"="REG_SZ, "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free ven] "CrAppId"="REG_SZ, "51680" "CrPublisherId"="REG_SZ, "21636" "DisplayIcon"="REG_SZ, "C:\Program Files\free ven\utils.exe" "DisplayName"="REG_SZ, "free ven" "DisplayVersion"="REG_SZ, "1.34.3.6" "Publisher"="REG_SZ, "freeven" "UninstallString"="REG_SZ, "C:\Program Files\free ven\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "free ven-chromeinstaller.job"="REG_BINARY, ................................ "free ven-chromeinstaller.job.fp"="REG_DWORD, -1576395472 "free ven-codedownloader.job"="REG_BINARY, ................................ "free ven-codedownloader.job.fp"="REG_DWORD, 2087747667 "free ven-enabler.job"="REG_BINARY, ................................ "free ven-enabler.job.fp"="REG_DWORD, 1153331095 "free ven-firefoxinstaller.job"="REG_BINARY, ................................ "free ven-firefoxinstaller.job.fp"="REG_DWORD, -630187845 "free ven-updater.job"="REG_BINARY, ................................ "free ven-updater.job.fp"="REG_DWORD, 1565813042 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ, "6C2D7BCB12C448638E107A77FC61A794IE" "Verifier"="REG_SZ, "c8c803235ee2c426ea7a7820e85518b2" [HKEY_CURRENT_USER\Software\AppDataLow\Software\free ven] "ActiveAppId"="REG_SZ, "51680" "BhoRunningVersion"="REG_SZ, "153" "IsBhoEnabled"="REG_DWORD, 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\free ven\Plugins\1] "JavaScript"="REG_SZ, "{ javascript removed, full log available on request }" [HKEY_CURRENT_USER\Software\AppDataLow\Software\free ven\Update] "LastCheck"="REG_DWORD, 1394874643 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\freeven] "51680"="REG_SZ, "free ven"Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/15/2014Scan Time: 10:19:07 AMLogfile: mbamFreeven.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.15.01Rootkit Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 201533Time Elapsed: 3 min, 1 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 1PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-bho.dll, Delete-on-Reboot, [88058b783447092d016d6e3ae41da957],Registry Keys: 21PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511161180}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544164480}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555165580}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566166680}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051680.BHO.1, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511161180}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051680.BHO, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511161180}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511161180}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522162280}, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051680.Sandbox.1, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051680.Sandbox, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511161180}\INPROCSERVER32, Quarantined, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, HKLM\SOFTWARE\free ven, Quarantined, [b6d72cd7cfac35019ba136637d85e41c],PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [f19c887bb3c80d290718dfc07c86966a],PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [2b62f211b4c7a98d176bc9d0748ea35d],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2e5fd231780357dff709f5d9e0239e62],PUP.Optional.Freeven.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\free ven, Quarantined, [642905fe09720531cb6fa3f6b74ba759],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [6726e81b473479bd99e7adecd32f51af],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\freeven, Quarantined, [cbc27f84f388af87fc72d1c8f111e11f],PUP.Optional.Freeven.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\free ven, Quarantined, [315ca85b7efd86b081c33d59c1417789],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 28PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [4d40c83b4833f73fcd6e3a650af8cb35],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\userCode, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\actions, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\popupResource, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.Freeven.A, C:\Program Files\free ven, Delete-on-Reboot, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\defaults, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\defaults\preferences, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\userCode, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\locale, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\locale\en-US, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],Files: 207PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-bho.dll, Delete-on-Reboot, [88058b783447092d016d6e3ae41da957],PUP.Optional.Freeven.A, C:\Users\{username}\Desktop\Vefgs.exe, Quarantined, [c9c4ca393645c96dd8954a5e19e8f10f],PUP.Optional.Freeven.A, C:\Windows\Tasks\free ven-chromeinstaller.job, Quarantined, [3e4f23e0017a50e658e15b3ee41e3ac6],PUP.Optional.Freeven.A, C:\Windows\Tasks\free ven-codedownloader.job, Quarantined, [4a43af546d0ebd79f346a5f406fcda26],PUP.Optional.Freeven.A, C:\Windows\Tasks\free ven-enabler.job, Quarantined, [276616eda8d3f244f3465346d62c6898],PUP.Optional.Freeven.A, C:\Windows\Tasks\free ven-firefoxinstaller.job, Quarantined, [7f0ec04308737bbb1c1d0f8a1ae8ce32],PUP.Optional.Freeven.A, C:\Windows\Tasks\free ven-updater.job, Quarantined, [58357a89de9db086bf7aecad58aa48b8],PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [4d40c83b4833f73fcd6e3a650af8cb35],PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [0885e023a6d5ad89763f871858aa8f71],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [602ddd26dd9ee0568600088b7a884eb2],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\background.html, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\chromeCoreFilesIndex.txt, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\crossriderManifest.json, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\manifest.json, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\popup.html, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\manifest.xml, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins.json, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\102_dealply_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\17_jQuery.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\182_openUrl.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\190_pops_5_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\191_ciuvo_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\1_base.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\21_debug.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\223_imonomy_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\22_resources.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\246_setup.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\28_initializer.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\47_resources_background.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\userCode\background.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\extensionData\userCode\extension.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\icon128.png, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\icon16.png, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\icon48.png, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\icons\actions\1.png, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\background.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\main.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\platformVersion.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\chrome.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\cookie.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\message.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\monitor.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\pageAction.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\api\pageActionBG.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\app_api.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\bg_app_api.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\consts.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\cookie_store.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\crossriderAPI.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\delegate.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\events.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\extensionDataStore.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\installer.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\logFile.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\logging.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\onBGDocumentLoad.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\reports.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\storageWrapper.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\updateManager.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\util.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\xhr.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\popupResource\newPopup.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjghiofiijcepdnocbgefbdlbckjfheg\1.26.22_0\js\lib\popupResource\popup.js, Quarantined, [711c768d2853d75f8f249afa01016898],PUP.Optional.Freeven.A, C:\Program Files\free ven\51680.crx, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\51680.xpi, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\background.html, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-bg.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-chromeinstaller.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-codedownloader.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-enabler.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-firefoxinstaller.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven-updater.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\free ven.ico, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\Installer.log, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\Uninstall.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.Freeven.A, C:\Program Files\free ven\utils.exe, Quarantined, [315ca85b7efd86b081c33d59c1417789],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome.manifest, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\install.rdf, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\background.html, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\baseObject.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\browser.xul, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\dialog.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\main.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\options.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\options.xul, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\platformVersion.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\search_dialog.xul, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\asyncDB.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\background.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\browserAction.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\contextMenu.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\dbManager.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\dom_bg.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\fileManager.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\firefox.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\firefoxNotifications.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\message.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\pageAction.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\request.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\tabs.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\webRequest.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\api\windowsMessagingHandler.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\addressBarChangeObserver.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\console.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\consts.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\delegate.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\extensionDataStore.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\folderIOWrapper.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\httpObserver.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\IDBWrapper.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\installer.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\logFile.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\prefs.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\progressListenerObserver.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\registry.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\reloadObserver.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\reports.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\requestObject.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\searchSettings.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\uninstallObserver.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\updateManager.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\utils.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\chrome\content\core\xhr.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\defaults\preferences\prefs.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\manifest.xml, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins.json, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\21_debug.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\102_dealply_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\103_intext_5_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\104_jollywallet_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\17_jQuery.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\223_imonomy_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\22_resources.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\246_setup.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\28_initializer.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\47_resources_background.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\98_omniCommands.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\182_openUrl.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\183_tabsWrapper.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\190_pops_5_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\191_ciuvo_m.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\1_base.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\plugins\207_dbWrapper.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\userCode\background.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\extensionData\userCode\extension.js, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\locale\en-US\translations.dtd, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\button1.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\button2.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\button3.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\button4.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\button5.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\crossrider_statusbar.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\icon128.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\icon16.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\icon24.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\icon48.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\panelarrow-up.png, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\popup.html, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\skin.css, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com\skin\update.css, Quarantined, [117c2fd46516f244a6fb3c5ace3416ea],PUP.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144c5035859d2f5969c180b28e5fa083"), Replaced,[335a857e9be01a1ca96e075829db12ee]Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  11. What is FireDive? The Malwarebytes research team has determined that FireDive is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is effected by FireDive? You may see these browser extensions/add-ons: How did FireDive get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as a browser extension to speed up your downloads. How do I remove FireDive? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of FireDive?The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the FireDive browser hijacker. It would have warned you before the browser extensions could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0051739 - {11111111-1111-1111-1111-110511171139} - C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dllAlterations made by the installer: Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/2/2014Scan Time: 9:28:28 AMLogfile: mbamFireDive.txtAdministrator: YesVersion: 2.00.0.0504Malware Database: v2014.03.02.04Rootkit Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 197839Time Elapsed: 4 min, 6 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544174439}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555175539}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566176639}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.BHO.1, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.BHO, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522172239}, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.Sandbox.1, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.Sandbox, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511171139}\INPROCSERVER32, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\Firedive Downloader V9.0, Quarantined, [3d3f946a95e5270fae332762e71b3ec2],PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [8fedc638f783ca6c4218c8c56999966a],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [9ae2b24ce595ff371d33ebd122e104fc],PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Firedive Downloader V9.0, Quarantined, [314b9c62fe7c34027c638108c83a30d0],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [e498bf3f80fa3ef8e0b5c0e89b68bb45],PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Firedive Downloader V9.0, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 15PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [d2aad925d7a32b0b0f67b0ddfe04f907],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\actions, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],Files: 98PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll, Quarantined, [44387787afcba492aef91f80c43d42be],PUP.Optional.SockshareDownloader.A, C:\Users\{username}\Desktop\Mvoqlaq.exe, Quarantined, [0874fb0389f1b5814e8688152ad7c23e],PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-chromeinstaller.job, Quarantined, [bac26a946c0e58de06d8b5d4ec16d030],PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-codedownloader.job, Quarantined, [d7a5e01e7efc64d2924c0782936f8878],PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-enabler.job, Quarantined, [acd0c935740686b036a8d4b504fe7b85],PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-firefoxinstaller.job, Quarantined, [67159866c7b31422c816b4d520e2a15f],PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-updater.job, Quarantined, [601c23dbf18938feac323158fe04bd43],PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [d2aad925d7a32b0b0f67b0ddfe04f907],PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [126a59a57a007db9d818d3ba7e84fc04],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\background.html, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\chromeCoreFilesIndex.txt, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\crossriderManifest.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\manifest.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\popup.html, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\manifest.xml, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000020_analytics.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000025_analyticsFront.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000030_mz.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\17_jQuery.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\182_openUrl.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1_base.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\21_debug.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\22_resources.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\28_initializer.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\47_resources_background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode\background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode\extension.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon128.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon16.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon48.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\actions\1.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\main.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\platformVersion.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\chrome.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\cookie.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\message.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\monitor.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\pageAction.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\pageActionBG.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\app_api.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\bg_app_api.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\consts.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\cookie_store.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\crossriderAPI.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\delegate.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\events.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\extensionDataStore.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\installer.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\logFile.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\logging.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\onBGDocumentLoad.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\reports.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\storageWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\updateManager.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\util.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\xhr.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource\newPopup.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource\popup.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\51739.crx, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\51739.xpi, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\background.html, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bg.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-buttonutil.dll, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-buttonutil.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-chromeinstaller.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-codedownloader.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-enabler.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-firefoxinstaller.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-helper.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-updater.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0.ico, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Installer.log, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Uninstall.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\utils.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  12. What is VeeHD? The Malwarebytes research team has determined that VeeHD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is effected by VeeHD? You may see these browser extensions/add-ons: and this entry in your list of installed programs: How did VeeHD get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension. How do I remove VeeHD? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of VeeHD?The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the VeeHD rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0051384 - {11111111-1111-1111-1111-110511131184} - C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dllAlterations made by the installer: File system details--------------------------------------------- Adds the folder C:\Program Files\VEEHD Plugin V9.0 Adds the file 51384.crx"="2/23/2014 12:24 PM, 243142 bytes, A Adds the file 51384.xpi"="2/23/2014 12:24 PM, 279836 bytes, A Adds the file background.html"="2/19/2014 5:12 PM, 729 bytes, A Adds the file Installer.log"="2/23/2014 12:24 PM, 157810 bytes, A Adds the file Uninstall.exe"="2/23/2014 12:24 PM, 77312 bytes, A Adds the file utils.exe"="2/23/2014 12:24 PM, 2306672 bytes, A Adds the file VEEHD Plugin V9.0.ico"="2/19/2014 5:12 PM, 9662 bytes, A Adds the file VEEHD Plugin V9.0-bg.exe"="2/23/2014 12:24 PM, 806400 bytes, A Adds the file VEEHD Plugin V9.0-bho.dll"="2/23/2014 12:24 PM, 682496 bytes, A Adds the file VEEHD Plugin V9.0-buttonutil.dll"="2/23/2014 12:24 PM, 425984 bytes, A Adds the file VEEHD Plugin V9.0-buttonutil.exe"="2/23/2014 12:24 PM, 344064 bytes, A Adds the file VEEHD Plugin V9.0-chromeinstaller.exe"="2/23/2014 12:24 PM, 2028544 bytes, A Adds the file VEEHD Plugin V9.0-codedownloader.exe"="2/23/2014 12:24 PM, 566272 bytes, A Adds the file VEEHD Plugin V9.0-enabler.exe"="2/23/2014 12:24 PM, 411136 bytes, A Adds the file VEEHD Plugin V9.0-firefoxinstaller.exe"="2/23/2014 12:24 PM, 947200 bytes, A Adds the file VEEHD Plugin V9.0-helper.exe"="2/23/2014 12:24 PM, 340992 bytes, A Adds the file VEEHD Plugin V9.0-updater.exe"="2/23/2014 12:24 PM, 391680 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0 Adds the file background.html"="2/23/2014 12:24 PM, 1705 bytes, A Adds the file chromeCoreFilesIndex.txt"="2/23/2014 12:24 PM, 853 bytes, A Adds the file crossriderManifest.json"="2/23/2014 12:24 PM, 513 bytes, A Adds the file manifest.json"="2/23/2014 12:24 PM, 1152 bytes, A Adds the file popup.html"="2/23/2014 12:24 PM, 139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData Adds the file manifest.xml"="2/23/2014 12:24 PM, 1758 bytes, A Adds the file plugins.json"="2/23/2014 12:24 PM, 5594 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins Adds the file 1_base.js"="2/23/2014 12:24 PM, 6908 bytes, A Adds the file 13_CrossriderAppUtils.js"="2/23/2014 12:24 PM, 7056 bytes, A Adds the file 14_CrossriderUtils.js"="2/23/2014 12:24 PM, 20810 bytes, A Adds the file 17_jQuery.js"="2/23/2014 12:24 PM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="2/23/2014 12:24 PM, 30419 bytes, A Adds the file 180_bpo_serp_m.js"="2/23/2014 12:24 PM, 963 bytes, A Adds the file 182_openUrl.js"="2/23/2014 12:24 PM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="2/23/2014 12:24 PM, 2555 bytes, A Adds the file 19_CHAppAPIWrapper.js"="2/23/2014 12:24 PM, 7137 bytes, A Adds the file 207_dbWrapper.js"="2/23/2014 12:24 PM, 1661 bytes, A Adds the file 21_debug.js"="2/23/2014 12:24 PM, 3676 bytes, A Adds the file 22_resources.js"="2/23/2014 12:24 PM, 9082 bytes, A Adds the file 28_initializer.js"="2/23/2014 12:24 PM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="2/23/2014 12:24 PM, 94180 bytes, A Adds the file 47_resources_background.js"="2/23/2014 12:24 PM, 7720 bytes, A Adds the file 64_appApiMessage.js"="2/23/2014 12:24 PM, 2332 bytes, A Adds the file 72_appApiValidation.js"="2/23/2014 12:24 PM, 46524 bytes, A Adds the file 78_CrossriderInfo.js"="2/23/2014 12:24 PM, 3321 bytes, A Adds the file 80_CHPopupAppAPI.js"="2/23/2014 12:24 PM, 194 bytes, A Adds the file 91_monetizationLoader.js.js"="2/23/2014 12:24 PM, 141583 bytes, A Adds the file 97_resourceApiWrapper.js"="2/23/2014 12:24 PM, 3299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode Adds the file background.js"="2/23/2014 12:24 PM, 118 bytes, A Adds the file extension.js"="2/23/2014 12:24 PM, 746 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons Adds the file icon128.png"="2/23/2014 12:24 PM, 5867 bytes, A Adds the file icon16.png"="2/23/2014 12:24 PM, 1192 bytes, A Adds the file icon48.png"="2/23/2014 12:24 PM, 2679 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions Adds the file 1.png"="2/23/2014 12:24 PM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js Adds the file background.js"="2/23/2014 12:24 PM, 34135 bytes, A Adds the file main.js"="2/23/2014 12:24 PM, 8452 bytes, A Adds the file platformVersion.js"="2/23/2014 12:24 PM, 408 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api Adds the file chrome.js"="2/23/2014 12:24 PM, 11499 bytes, A Adds the file cookie.js"="2/23/2014 12:24 PM, 11743 bytes, A Adds the file message.js"="2/23/2014 12:24 PM, 3346 bytes, A Adds the file monitor.js"="2/23/2014 12:24 PM, 2039 bytes, A Adds the file pageAction.js"="2/23/2014 12:24 PM, 1737 bytes, A Adds the file pageActionBG.js"="2/23/2014 12:24 PM, 2519 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib Adds the file app_api.js"="2/23/2014 12:24 PM, 6697 bytes, A Adds the file bg_app_api.js"="2/23/2014 12:24 PM, 4685 bytes, A Adds the file consts.js"="2/23/2014 12:24 PM, 335 bytes, A Adds the file cookie_store.js"="2/23/2014 12:24 PM, 5905 bytes, A Adds the file crossriderAPI.js"="2/23/2014 12:24 PM, 11366 bytes, A Adds the file delegate.js"="2/23/2014 12:24 PM, 2002 bytes, A Adds the file events.js"="2/23/2014 12:24 PM, 5757 bytes, A Adds the file extensionDataStore.js"="2/23/2014 12:24 PM, 6656 bytes, A Adds the file installer.js"="2/23/2014 12:24 PM, 780 bytes, A Adds the file logFile.js"="2/23/2014 12:24 PM, 775 bytes, A Adds the file logging.js"="2/23/2014 12:24 PM, 944 bytes, A Adds the file onBGDocumentLoad.js"="2/23/2014 12:24 PM, 480 bytes, A Adds the file reports.js"="2/23/2014 12:24 PM, 4929 bytes, A Adds the file storageWrapper.js"="2/23/2014 12:24 PM, 903 bytes, A Adds the file updateManager.js"="2/23/2014 12:24 PM, 8205 bytes, A Adds the file util.js"="2/23/2014 12:24 PM, 5142 bytes, A Adds the file xhr.js"="2/23/2014 12:24 PM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource Adds the file newPopup.js"="2/23/2014 12:24 PM, 40 bytes, A Adds the file popup.js"="2/23/2014 12:24 PM, 45 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\5b89f4fc-4956-4b39-8e01-daabf7a94e50@fc8bd6c4-6346-4d41-98ba-5c9af3bd35c6.com\chrome\content\core Alters the file installer.js 2/23/2014 12:14 PM, 1320 bytes, A ==> 2/23/2014 12:24 PM, 1316 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file VEEHD Plugin V9.0-chromeinstaller"="2/23/2014 12:24 PM, 6148 bytes, A Adds the file VEEHD Plugin V9.0-codedownloader"="2/23/2014 12:24 PM, 4522 bytes, A Adds the file VEEHD Plugin V9.0-enabler"="2/23/2014 12:24 PM, 4410 bytes, A Adds the file VEEHD Plugin V9.0-firefoxinstaller"="2/23/2014 12:24 PM, 5458 bytes, A Adds the file VEEHD Plugin V9.0-updater"="2/23/2014 12:24 PM, 4576 bytes, A In the existing folder C:\Windows\Tasks Adds the file VEEHD Plugin V9.0-chromeinstaller.job"="2/23/2014 12:24 PM, 3118 bytes, A Adds the file VEEHD Plugin V9.0-codedownloader.job"="2/23/2014 12:24 PM, 1492 bytes, A Adds the file VEEHD Plugin V9.0-enabler.job"="2/23/2014 12:24 PM, 1380 bytes, A Adds the file VEEHD Plugin V9.0-firefoxinstaller.job"="2/23/2014 12:24 PM, 2428 bytes, A Adds the file VEEHD Plugin V9.0-updater.job"="2/23/2014 12:24 PM, 1546 bytes, ARegistry details------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}] "(Default)"="REG_SZ, "VEEHD Plugin V9.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Implemented Categories] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0051384.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0051384" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO] "(Default)"="REG_SZ, "CrossriderApp0051384" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511131184}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO\CurVer] "(Default)"="REG_SZ, "CrossriderApp0051384" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO.1] "(Default)"="REG_SZ, "CrossriderApp0051384" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO.1\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511131184}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522132284}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox\CurVer] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox.1] "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox.1\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522132284}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}] "(Default)"="REG_SZ, "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}] "(Default)"="REG_SZ, "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0] "(Default)"="REG_SZ, "CrossriderApp0051384 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\0\win32] "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\FLAGS] "(Default)"="REG_SZ, "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\HELPDIR] "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131184}] "(Default)"="REG_SZ, "CrossriderApp0051384" "NoExplorer"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VEEHD Plugin V9.0] "CrAppId"="REG_SZ, "51384" "CrPublisherId"="REG_SZ, "3874" "DisplayIcon"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\utils.exe" "DisplayName"="REG_SZ, "VEEHD Plugin V9.0" "DisplayVersion"="REG_SZ, "1.34.2.13" "Publisher"="REG_SZ, "installdaddy" "UninstallString"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "VEEHD Plugin V9.0-chromeinstaller.job"="REG_BINARY, .............................S.. "VEEHD Plugin V9.0-chromeinstaller.job.fp"="REG_DWORD, -1484792606 "VEEHD Plugin V9.0-codedownloader.job"="REG_BINARY, ................................ "VEEHD Plugin V9.0-codedownloader.job.fp"="REG_DWORD, 1856972339 "VEEHD Plugin V9.0-enabler.job"="REG_BINARY, ................................ "VEEHD Plugin V9.0-enabler.job.fp"="REG_DWORD, -1936886202 "VEEHD Plugin V9.0-firefoxinstaller.job"="REG_BINARY, ................................ "VEEHD Plugin V9.0-firefoxinstaller.job.fp"="REG_DWORD, -875353481 "VEEHD Plugin V9.0-updater.job"="REG_BINARY, ........=....................... "VEEHD Plugin V9.0-updater.job.fp"="REG_DWORD, -1525904177 [HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Chrome] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Chrome-Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\IE] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Installer] "BundledChrome"="REG_DWORD, 1" "BundledFirefox"="REG_DWORD, 1" "BundledIe"="REG_DWORD, 1" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ, "649BCDD37B2A4BF0BA52E5847CC8E6C4IE" "Verifier"="REG_SZ, "a3011a96abb2d15daf550b5c0327d5b1" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0] "ActiveAppId"="REG_SZ, "51384" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Installer] "CodeDownloadDomain"="REG_SZ, "http://cr.install-daddy.com" "DefaultBrowser"="REG_SZ, "ie" "ErrorsDomain"="REG_SZ, "http://errors.srvstatsdata.com" "FullVersion"="REG_SZ, "1.34.2.13" "FullVersionForUrl"="REG_SZ, "1_34_2_13" "OsName"="REG_SZ, "7" "Params"="REG_SZ, "{ "source_id" : "001059", "sub_id" : "0", "uzid" : "0"}" "SrcId"="REG_SZ, "001059" "StatsDomain"="REG_SZ, "http://stats.srvstatsdata.com" "SubId"="REG_SZ, "0" "Time"="REG_SZ, "1393154650" "ZData"="REG_SZ, "0" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Log] "veehd plugin v9.0-bho"="REG_DWORD, 0" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Manifest] "AddressbarURL"="REG_SZ, "NA" "BgVersion"="REG_SZ, "1" "ChangePrevious"="REG_SZ, "false" "Description"="REG_SZ, "VEEHD Plugin - Enjoy the future of internet video with High Definition" "DisableIe"="REG_SZ, "true" "EnableSearchIE"="REG_SZ, "false" "HomePageUrl"="REG_SZ, "NA" "IsButtonEnabled"="REG_SZ, "false" "Manifest"="REG_SZ, "NA" "ModeType"="REG_SZ, "production" "Name"="REG_SZ, "VEEHD Plugin V9.0" "PluginsManifestVersion"="REG_SZ, "3" "PublisherId"="REG_SZ, "3874" "PublisherName"="REG_SZ, "installdaddy" "RunInFrame"="REG_SZ, "false" "SetNewTab"="REG_SZ, "false" "ThanksUrl"="REG_SZ, "NA" "UninstallerOfferAction"="REG_SZ, "NA" "UninstallerOfferUrl"="REG_SZ, "NA" "UpdateInterval"="REG_DWORD, 360 "Version"="REG_SZ, "10" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Plugins] "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,180,177,91,28" "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,91" "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72" "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28" "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72" "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Plugins\1] "JavaScript"="{ skipped javascript, full log available by request }" [HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Update] "LastCheck"="REG_DWORD, 1393154655 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\installdaddy] "51384"="REG_SZ, "VEEHD Plugin V9.0"Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/23/2014Scan Time: 12:21:43 PMLogfile: MBAMveeHD.txtAdministrator: YesVersion: 2.00.0.0503Malware Database: v2014.02.23.04Rootikt Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 196405Time Elapsed: 3 min, 2 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544134484}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555135584}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566136684}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.BHO.1, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.BHO, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522132284}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.Sandbox.1, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.Sandbox, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131184}\INPROCSERVER32, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [960af0ef9edce551d406a90b1ae91ee2],Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\VEEHD Plugin V9.0, Quarantined, [d4cc9649cdad979f336694ee867c03fd],Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [00a08f50f288b97d140af4adb84b9e62],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\VEEHD Plugin V9.0, Quarantined, [a1ff6c734139b77fd3c44a38877b926e],Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [e2bea43bcfab112566770382b84ace32],Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VEEHD Plugin V9.0, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 15Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [524ead323f3b05316e8bb0d5976b16ea],Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [aff1ae315921300619c52060e51d2cd4],Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [aff1ae315921300619c52060e51d2cd4],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource, Quarantined, [4f51667989f1152198d583ff47bb01ff],Folder, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],Files: 95File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],File, PUP.Optional.VeeHD.A, C:\Users\{username}\Desktop\Wgwhmaftvahadh.exe, Quarantined, [b2ee22bd81f983b30d64fba2669bc838],File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job, Quarantined, [8f11ca15d9a151e5eda9ff8361a12bd5],File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-codedownloader.job, Quarantined, [fba534ab106ac373811595ed4ab83fc1],File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job, Quarantined, [5848f7e8c0baa98dfb9b265c10f29c64],File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-firefoxinstaller.job, Quarantined, [465ae4fb87f3290db9dd750d69999a66],File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-updater.job, Quarantined, [9c049b44c2b86dc98511f290887a58a8],File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [524ead323f3b05316e8bb0d5976b16ea],File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [6937b12e6e0c87af165ef78f758d05fb],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\background.html, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\chromeCoreFilesIndex.txt, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\crossriderManifest.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\manifest.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\popup.html, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\manifest.xml, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\28_initializer.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\17_jQuery.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\182_openUrl.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\1_base.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\21_debug.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\22_resources.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\47_resources_background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode\background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode\extension.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon128.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon16.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon48.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions\1.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\main.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\platformVersion.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\chrome.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\cookie.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\message.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\monitor.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\pageAction.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\pageActionBG.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\app_api.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\bg_app_api.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\consts.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\cookie_store.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\crossriderAPI.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\delegate.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\events.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\extensionDataStore.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\installer.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\logFile.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\logging.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\onBGDocumentLoad.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\reports.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\storageWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\updateManager.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\util.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\xhr.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource\newPopup.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource\popup.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\51384.crx, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\51384.xpi, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\background.html, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\Installer.log, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\Uninstall.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\utils.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bg.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-buttonutil.dll, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-buttonutil.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-chromeinstaller.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-codedownloader.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-enabler.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-firefoxinstaller.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-helper.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-updater.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0.ico, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  13. What is myClip-HD? The Malwarebytes research team has determined that myClip-HD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also shows advertisements. How do I know if my computer is effected by myClip-HD? You may see these add-ons/extensions: How did myClip-HD get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as video enhancement software. How do I remove myClip-HD? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of myClip-HD?The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the myClip-HD rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for expertsSigns in a HijackThis log: O2 - BHO: CrossriderApp0048998 - {11111111-1111-1111-1111-110411891198} - C:\Program Files\myClip-HD\myClip-HD-bho.dllAlterations made by the installer: File system details --------------------------------------------- Adds the folder C:\Program Files\myClip-HD Adds the file 48998.crx"="2/16/2014 2:14 PM, 282568 bytes, A Adds the file 48998.xpi"="2/16/2014 2:14 PM, 333307 bytes, A Adds the file background.html"="1/9/2014 10:54 AM, 729 bytes, A Adds the file Installer.log"="2/16/2014 2:14 PM, 252130 bytes, A Adds the file myClip-HD.ico"="1/9/2014 10:54 AM, 9662 bytes, A Adds the file myClip-HD-bg.exe"="2/16/2014 2:14 PM, 773120 bytes, A Adds the file myClip-HD-bho.dll"="2/16/2014 2:14 PM, 640512 bytes, A Adds the file myClip-HD-buttonutil.dll"="2/16/2014 2:14 PM, 428544 bytes, A Adds the file myClip-HD-buttonutil.exe"="2/16/2014 2:14 PM, 331264 bytes, A Adds the file myClip-HD-chromeinstaller.exe"="2/16/2014 2:14 PM, 922112 bytes, A Adds the file myClip-HD-codedownloader.exe"="2/16/2014 2:14 PM, 524800 bytes, A Adds the file myClip-HD-enabler.exe"="2/16/2014 2:14 PM, 344064 bytes, A Adds the file myClip-HD-firefoxinstaller.exe"="2/16/2014 2:14 PM, 886784 bytes, A Adds the file myClip-HD-helper.exe"="2/16/2014 2:14 PM, 331776 bytes, A Adds the file myClip-HD-updater.exe"="2/16/2014 2:14 PM, 354304 bytes, A Adds the file Uninstall.exe"="2/16/2014 2:14 PM, 77312 bytes, A Adds the file utils.exe"="2/16/2014 2:14 PM, 1289369 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eiaegfndkgibamojhkobffhhdjffdfkp_0 Adds the file 1"="2/16/2014 2:18 PM, 18432 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0 Adds the file background.html"="2/16/2014 2:14 PM, 1638 bytes, A Adds the file crossriderManifest.json"="2/16/2014 2:14 PM, 512 bytes, A Adds the file manifest.json"="2/16/2014 2:14 PM, 1116 bytes, A Adds the file popup.html"="2/16/2014 2:14 PM, 139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData Adds the file manifest.xml"="2/16/2014 2:14 PM, 1731 bytes, A Adds the file plugins.json"="2/16/2014 2:14 PM, 7077 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins Adds the file 1_base.js"="2/16/2014 2:14 PM, 6908 bytes, A Adds the file 102_dealply_m.js"="2/16/2014 2:14 PM, 2247 bytes, A Adds the file 103_intext_5_m.js"="2/16/2014 2:14 PM, 2468 bytes, A Adds the file 104_jollywallet_m.js"="2/16/2014 2:14 PM, 1506 bytes, A Adds the file 105_corticas_m.js"="2/16/2014 2:14 PM, 632 bytes, A Adds the file 13_CrossriderAppUtils.js"="2/16/2014 2:14 PM, 7056 bytes, A Adds the file 14_CrossriderUtils.js"="2/16/2014 2:14 PM, 15248 bytes, A Adds the file 17_jQuery.js"="2/16/2014 2:14 PM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="2/16/2014 2:14 PM, 25020 bytes, A Adds the file 182_openUrl.js"="2/16/2014 2:14 PM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="2/16/2014 2:14 PM, 2555 bytes, A Adds the file 184_noproblemppc_m.js"="2/16/2014 2:14 PM, 1057 bytes, A Adds the file 19_CHAppAPIWrapper.js"="2/16/2014 2:14 PM, 6763 bytes, A Adds the file 192_revizer_ws_dynamic_b2b_m.js"="2/16/2014 2:14 PM, 974 bytes, A Adds the file 193_revizer_p_dynamic_b2b_m.js"="2/16/2014 2:14 PM, 972 bytes, A Adds the file 21_debug.js"="2/16/2014 2:14 PM, 3676 bytes, A Adds the file 22_resources.js"="2/16/2014 2:14 PM, 9082 bytes, A Adds the file 28_initializer.js"="2/16/2014 2:14 PM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="2/16/2014 2:14 PM, 94180 bytes, A Adds the file 47_resources_background.js"="2/16/2014 2:14 PM, 7720 bytes, A Adds the file 64_appApiMessage.js"="2/16/2014 2:14 PM, 2332 bytes, A Adds the file 72_appApiValidation.js"="2/16/2014 2:14 PM, 23624 bytes, A Adds the file 78_CrossriderInfo.js"="2/16/2014 2:14 PM, 3321 bytes, A Adds the file 80_CHPopupAppAPI.js"="2/16/2014 2:14 PM, 194 bytes, A Adds the file 91_monetizationLoader.js.js"="2/16/2014 2:14 PM, 145675 bytes, A Adds the file 93_superfish_no_coupons_m.js"="2/16/2014 2:14 PM, 775 bytes, A Adds the file 97_resourceApiWrapper.js"="2/16/2014 2:14 PM, 3299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\userCode Adds the file background.js"="2/16/2014 2:14 PM, 394 bytes, A Adds the file extension.js"="2/16/2014 2:14 PM, 708 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons Adds the file icon128.png"="2/16/2014 2:14 PM, 30745 bytes, A Adds the file icon16.png"="2/16/2014 2:14 PM, 17483 bytes, A Adds the file icon48.png"="2/16/2014 2:14 PM, 18506 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\actions Adds the file 1.png"="2/16/2014 2:14 PM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js Adds the file background.js"="2/16/2014 2:14 PM, 33376 bytes, A Adds the file main.js"="2/16/2014 2:14 PM, 8452 bytes, A Adds the file platformVersion.js"="2/16/2014 2:14 PM, 405 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api Adds the file chrome.js"="2/16/2014 2:14 PM, 11566 bytes, A Adds the file cookie.js"="2/16/2014 2:14 PM, 11793 bytes, A Adds the file message.js"="2/16/2014 2:14 PM, 3346 bytes, A Adds the file pageAction.js"="2/16/2014 2:14 PM, 1737 bytes, A Adds the file pageActionBG.js"="2/16/2014 2:14 PM, 2519 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib Adds the file app_api.js"="2/16/2014 2:14 PM, 6363 bytes, A Adds the file bg_app_api.js"="2/16/2014 2:14 PM, 4663 bytes, A Adds the file consts.js"="2/16/2014 2:14 PM, 335 bytes, A Adds the file cookie_store.js"="2/16/2014 2:14 PM, 5905 bytes, A Adds the file crossriderAPI.js"="2/16/2014 2:14 PM, 11366 bytes, A Adds the file delegate.js"="2/16/2014 2:14 PM, 2002 bytes, A Adds the file events.js"="2/16/2014 2:14 PM, 5757 bytes, A Adds the file extensionDataStore.js"="2/16/2014 2:14 PM, 6294 bytes, A Adds the file installer.js"="2/16/2014 2:14 PM, 781 bytes, A Adds the file logFile.js"="2/16/2014 2:14 PM, 775 bytes, A Adds the file logging.js"="2/16/2014 2:14 PM, 944 bytes, A Adds the file onBGDocumentLoad.js"="2/16/2014 2:14 PM, 480 bytes, A Adds the file reports.js"="2/16/2014 2:14 PM, 4929 bytes, A Adds the file storageWrapper.js"="2/16/2014 2:14 PM, 903 bytes, A Adds the file updateManager.js"="2/16/2014 2:14 PM, 5665 bytes, A Adds the file util.js"="2/16/2014 2:14 PM, 5142 bytes, A Adds the file xhr.js"="2/16/2014 2:14 PM, 2478 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\popupResource Adds the file newPopup.js"="2/16/2014 2:14 PM, 40 bytes, A Adds the file popup.js"="2/16/2014 2:14 PM, 45 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eiaegfndkgibamojhkobffhhdjffdfkp Adds the file 000003.log"="2/16/2014 2:19 PM, 1134930 bytes, A Adds the file CURRENT"="2/16/2014 2:18 PM, 16 bytes, A Adds the file LOCK"="2/16/2014 2:18 PM, 0 bytes, A Adds the file LOG"="2/16/2014 2:18 PM, 47 bytes, A Adds the file MANIFEST-000002"="2/16/2014 2:18 PM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0d0e7529-a1fe-48e7-b4d1-543c1de97ed8@4759a12f-6c86-4a24-a43b-00dc35af76e6.com Adds the file chrome.manifest"="2/16/2014 2:14 PM, 732 bytes, A Adds the file install.rdf"="2/16/2014 2:14 PM, 1371 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0d0e7529-a1fe-48e7-b4d1-543c1de97ed8@4759a12f-6c86-4a24-a43b-00dc35af76e6.com\extensionData\plugins Adds the file 1_base.js"="2/16/2014 2:14 PM, 6908 bytes, A Adds the file 102_dealply_m.js"="2/16/2014 2:14 PM, 2247 bytes, A Adds the file 103_intext_5_m.js"="2/16/2014 2:14 PM, 2468 bytes, A Adds the file 104_jollywallet_m.js"="2/16/2014 2:19 PM, 1316 bytes, A Adds the file 105_corticas_m.js"="2/16/2014 2:14 PM, 632 bytes, A Adds the file 13_CrossriderAppUtils.js"="2/16/2014 2:14 PM, 7056 bytes, A Adds the file 14_CrossriderUtils.js"="2/16/2014 2:14 PM, 15248 bytes, A Adds the file 16_FFAppAPIWrapper.js"="2/16/2014 2:14 PM, 16026 bytes, A Adds the file 17_jQuery.js"="2/16/2014 2:14 PM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="2/16/2014 2:14 PM, 25020 bytes, A Adds the file 182_openUrl.js"="2/16/2014 2:14 PM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="2/16/2014 2:14 PM, 2555 bytes, A Adds the file 184_noproblemppc_m.js"="2/16/2014 2:19 PM, 719 bytes, A Adds the file 192_revizer_ws_dynamic_b2b_m.js"="2/16/2014 2:19 PM, 763 bytes, A Adds the file 193_revizer_p_dynamic_b2b_m.js"="2/16/2014 2:19 PM, 763 bytes, A Adds the file 207_dbWrapper.js"="2/16/2014 2:19 PM, 1535 bytes, A Adds the file 21_debug.js"="2/16/2014 2:14 PM, 3676 bytes, A Adds the file 22_resources.js"="2/16/2014 2:14 PM, 9082 bytes, A Adds the file 28_initializer.js"="2/16/2014 2:14 PM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="2/16/2014 2:14 PM, 94180 bytes, A Adds the file 47_resources_background.js"="2/16/2014 2:14 PM, 7720 bytes, A Adds the file 64_appApiMessage.js"="2/16/2014 2:14 PM, 2332 bytes, A Adds the file 72_appApiValidation.js"="2/16/2014 2:14 PM, 23624 bytes, A Adds the file 78_CrossriderInfo.js"="2/16/2014 2:14 PM, 3321 bytes, A Adds the file 91_monetizationLoader.js.js"="2/16/2014 2:19 PM, 141433 bytes, A Adds the file 93_superfish_no_coupons_m.js"="2/16/2014 2:14 PM, 775 bytes, A Adds the file 98_omniCommands.js"="2/16/2014 2:14 PM, 1936 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file myClip-HD-chromeinstaller"="2/16/2014 2:14 PM, 5120 bytes, A Adds the file myClip-HD-codedownloader"="2/16/2014 2:14 PM, 4284 bytes, A Adds the file myClip-HD-enabler"="2/16/2014 2:14 PM, 4172 bytes, A Adds the file myClip-HD-firefoxinstaller"="2/16/2014 2:14 PM, 5138 bytes, A Adds the file myClip-HD-updater"="2/16/2014 2:14 PM, 4348 bytes, A In the existing folder C:\Windows\Tasks Adds the file myClip-HD-chromeinstaller.job"="2/16/2014 2:14 PM, 2090 bytes, A Adds the file myClip-HD-codedownloader.job"="2/16/2014 2:14 PM, 1254 bytes, A Adds the file myClip-HD-enabler.job"="2/16/2014 2:14 PM, 1142 bytes, A Adds the file myClip-HD-firefoxinstaller.job"="2/16/2014 2:14 PM, 2108 bytes, A Adds the file myClip-HD-updater.job"="2/16/2014 2:14 PM, 1318 bytes, ARegistry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}] "(Default)"="REG_SZ, "myClip-HD" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\Implemented Categories] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\myClip-HD\myClip-HD-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0048998.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444894498}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411891198}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0048998" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\myClip-HD\myClip-HD-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444894498}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892298}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.BHO] "(Default)"="REG_SZ, "CrossriderApp0048998" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.BHO\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411891198}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.BHO\CurVer] "(Default)"="REG_SZ, "CrossriderApp0048998" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.BHO.1 "(Default)"="REG_SZ, "CrossriderApp0048998" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.BHO.1\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411891198}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.Sandbox] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.Sandbox\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422892298}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.Sandbox\CurVer] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.Sandbox.1] "(Default)"="REG_SZ, "CrossriderApp0048998.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0048998.Sandbox.1\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422892298}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455895598}] "(Default)"="REG_SZ, "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455895598}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455895598}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455895598}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444894498}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896698}] "(Default)"="REG_SZ, "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896698}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896698}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896698}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444894498}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444894498}\1.0] "(Default)"="REG_SZ, "CrossriderApp0048998 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444894498}\1.0\0\win32] "(Default)"="REG_SZ, "C:\Program Files\myClip-HD\myClip-HD-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444894498}\1.0\FLAGS] "(Default)"="REG_SZ, "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444894498}\1.0\HELPDIR] "(Default)"="REG_SZ, "C:\Program Files\myClip-HD" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411891198}] "(Default)"="REG_SZ, "CrossriderApp0048998" "NoExplorer"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110411891198}"="REG_SZ, "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myClip-HD] "CrAppId"="REG_SZ, "48998" "CrPublisherId"="REG_SZ, "5526" "DisplayIcon"="REG_SZ, "C:\Program Files\myClip-HD\utils.exe" "DisplayName"="REG_SZ, "myClip-HD" "DisplayVersion"="REG_SZ, "1.33.153.1" "Publisher"="REG_SZ, "Bundlore LTD" "UninstallString"="REG_SZ, "C:\Program Files\myClip-HD\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "myClip-HD-chromeinstaller.job"="REG_BINARY, ................................ "myClip-HD-chromeinstaller.job.fp"="REG_DWORD, -1818863841 "myClip-HD-codedownloader.job"="REG_BINARY, ................................ "myClip-HD-codedownloader.job.fp"="REG_DWORD, -745038813 "myClip-HD-enabler.job"="REG_BINARY, ................................ "myClip-HD-enabler.job.fp"="REG_DWORD, -1285054364 "myClip-HD-firefoxinstaller.job"="REG_BINARY, ................................ "myClip-HD-firefoxinstaller.job.fp"="REG_DWORD, -332110372 "myClip-HD-updater.job"="REG_BINARY, ................................ "myClip-HD-updater.job.fp"="REG_DWORD, -1406366105 [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\Chrome] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\Chrome\Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\Firefox] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\IE] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\myClip-HD\Installer] "BundledChrome"="REG_DWORD, 1" "BundledFirefox"="REG_DWORD, 1" "BundledIe"="REG_DWORD, 1" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ, "908EDA9CEDB74C76905B193201BE5302IE" "Verifier"="REG_SZ, "4d683cce8563f76bb444195a51c855de" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "48998"="REG_SZ, "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "48998"="REG_SZ, "{ skipped javascript, full log available by request }" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411891198}] "Flags"="REG_DWORD, 1024" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411891198}\iexplore] "Count"="REG_DWORD, 4" "Flags"="REG_DWORD, 0" "LoadTimeArray"="REG_BINARY, ...................." "NavTimeArray"="REG_BINARY, ........:..........." "Time"="REG_BINARY, ........" "Type"="REG_DWORD, 3"Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/16/2014Scan Time: 2:27:54 PMLogfile: mbamMyClip.txtAdministrator: YesVersion: 2.00.0.0503Malware Database: v2014.02.16.03Rootikt Database: v2013.12.18.01License: TrialMalware Protection: DisabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 194917Time Elapsed: 2 min, 32 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411891198}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444894498}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455895598}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466896698}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0048998.BHO.1, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411891198}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0048998.BHO, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411891198}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411891198}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422892298}, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0048998.Sandbox.1, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0048998.Sandbox, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411891198}\INPROCSERVER32, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [dc071fbdb5c5e05679bbf2b9976cfa06], Registry Key, PUP.Optional.myClipHD.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\myClip-HD, Quarantined, [469dfddf2c4e023461840179c73ba15f], Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Bundlore LTD, Quarantined, [3ca7805ca7d3ee48ce1d3842b151d927], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\myClip-HD, Quarantined, [ce15419b93e780b6d40f3c3ec042c040], Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [bd26c21aa1d9db5b39f0aad2a260ce32], Registry Key, PUP.Optional.myClipHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\myClip-HD, Quarantined, [647f786462182b0b82669adfb9498878], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 15Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [c91a47954f2bb87ec3822c50689af30d], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\userCode, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\actions, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\popupResource, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], Folder, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD, Quarantined, [647f786462182b0b82669adfb9498878], Files: 99File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-bho.dll, Quarantined, [bc27b3297dfdbc7abacc3363ae53ad53], File, PUP.Optional.myClipHD.A, C:\Users\{username}\Desktop\myClip-HD.exe, Quarantined, [ebf834a871093afc2661b2e444bd58a8], File, PUP.Optional.myClipHD.A, C:\Windows\Tasks\myClip-HD-chromeinstaller.job, Quarantined, [578cb428601a9a9c15cd7a0028da7987], File, PUP.Optional.myClipHD.A, C:\Windows\Tasks\myClip-HD-codedownloader.job, Quarantined, [3aa9a23a35453bfb766cc9b153af45bb], File, PUP.Optional.myClipHD.A, C:\Windows\Tasks\myClip-HD-enabler.job, Quarantined, [fae95c80cbaf61d5e5fd6d0df80a659b], File, PUP.Optional.myClipHD.A, C:\Windows\Tasks\myClip-HD-firefoxinstaller.job, Quarantined, [9350fbe1413962d4469c83f7d62c58a8], File, PUP.Optional.myClipHD.A, C:\Windows\Tasks\myClip-HD-updater.job, Quarantined, [d60d5c802852b383ba287dfd34ce3fc1], File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [c91a47954f2bb87ec3822c50689af30d], File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [fae9d60618626ccabf0209737d85db25], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [ffe4825af189fb3bbd9dabce6f9324dc], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\background.html, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\crossriderManifest.json, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\manifest.json, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\popup.html, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\manifest.xml, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins.json, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\102_dealply_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\105_corticas_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\17_jQuery.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\182_openUrl.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\1_base.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\21_debug.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\22_resources.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\28_initializer.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\47_resources_background.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\userCode\background.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\extensionData\userCode\extension.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\icon128.png, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\icon16.png, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\icon48.png, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\icons\actions\1.png, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\background.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\main.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\platformVersion.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api\chrome.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api\cookie.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api\message.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api\pageAction.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\api\pageActionBG.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\app_api.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\bg_app_api.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\consts.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\cookie_store.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\crossriderAPI.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\delegate.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\events.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\extensionDataStore.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\installer.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\logFile.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\logging.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\onBGDocumentLoad.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\reports.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\storageWrapper.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\updateManager.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\util.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\xhr.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\popupResource\newPopup.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiaegfndkgibamojhkobffhhdjffdfkp\1.26.17_0\js\lib\popupResource\popup.js, Quarantined, [2eb50cd09ae078bed60caacf7c86d42c], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\48998.crx, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\48998.xpi, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\background.html, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\Installer.log, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-bg.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-buttonutil.dll, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-buttonutil.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-chromeinstaller.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-codedownloader.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-enabler.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-firefoxinstaller.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-helper.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD-updater.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\myClip-HD.ico, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\Uninstall.exe, Quarantined, [647f786462182b0b82669adfb9498878], File, PUP.Optional.myClipHD.A, C:\Program Files\myClip-HD\utils.exe, Quarantined, [647f786462182b0b82669adfb9498878], Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  14. What is Pricora? The Malwarebytes research team has determined that Pricora is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This particular one displays advertisements in your browser(s). How do I know if my computer is effected by Pricora? This is how the welcome page looks: And you may see these toolbars/extensions: and this entry in your list of installed programs: How did Pricora get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Pricora? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of Pricora?The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Pricora rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. Technical details for experts Signs in a HijackThis log: O2 - BHO: CrossriderApp0035499 - {11111111-1111-1111-1111-110311541199} - C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dllAlterations made by the installer: Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/15/2014Scan Time: 10:18:07 AMLogfile: mbam-log-2014-02-15 (10-14-57).txtAdministrator: YesVersion: 2.00.0.0503Malware Database: v2014.02.15.03Rootikt Database: v2013.12.18.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 194781Time Elapsed: 2 min, 43 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 17Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7708a933fd7dd06646498e1c798a926e], Registry Key, PUP.Optional.Pricora.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Pricora 2.0, Quarantined, [4738e6f6f882ab8bdd65b4c6ee14c23e], Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Corporate Inc, Quarantined, [2d5296466812d660caad4933da28b64a], Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\Pricora 2.0, Quarantined, [67183aa287f34ceab28ecab044bef50b], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO, Quarantined, [8df24c90b6c463d3a62a375f0102f10f], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO.1, Quarantined, [512efce01c5ec472c50bdfb743c08779], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox, Quarantined, [bac59745f684cd695d73eea83ec53ac6], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox.1, Quarantined, [e49b6f6def8b063098385a3cb44f05fb], Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [1d62fbe1b4c60d29f48f1c5f4eb430d0], Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344544499}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355545599}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366546699}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 15Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [007fa933fa805dd99b2f84f4907243bd], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [007fa933fa805dd99b2f84f4907243bd], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Files: 117File, PUP.Optional.Pricora.A, C:\Users\{username}\Desktop\Pricora.exe, Quarantined, [5827e1fba0da54e2b3a7ebabd22f649c], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-chromeinstaller.job, Quarantined, [1a65a23af68458deb58ac5b5e81a5fa1], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-codedownloader.job, Quarantined, [a0df96461a60e1556ad588f2d52d21df], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-enabler.job, Quarantined, [f08f6775aeccb08668d71e5c40c27789], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-firefoxinstaller.job, Quarantined, [91eefce06d0dc670ea558febed154cb4], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-updater.job, Quarantined, [6b14b923067455e17ac53d3d768c45bb], File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [88f73d9fc0bab680928a4d2f10f2b749], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\background.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\crossriderManifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\manifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\popup.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\manifest.xml, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\102_dealply_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\105_corticas_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\108_icm_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\117_coupons_intext_ads_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\119_similar_web_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\120_luck_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\123_intext_adv_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\175_coolmirage_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\179_revizer_p_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\17_jQuery.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\1_base.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\21_debug.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\22_resources.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\28_initializer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\47_resources_background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\125_arcadi2_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\126_revizer_ws_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\127_revizer_p_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\128_superfish_pricora_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\135_arcadi3_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\138_getdeal_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\141_corticas_ru_m.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\142_intext_fa_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\159_cortica_rollover_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\171_arcadi2_sourceID_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\7_hooks.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\87_ginyas_wrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\9_search_engine_hook.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\extension.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon128.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon16.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon48.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions\1.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\main.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\chrome.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\cookie.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\message.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageAction.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageActionBG.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\bg_app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\consts.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\cookie_store.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\crossriderAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\delegate.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\events.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\extensionDataStore.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\installer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logFile.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logging.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\onBGDocumentLoad.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\reports.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\storageWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\updateManager.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\util.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\xhr.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\newPopup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\popup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.crx, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.xpi, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\background.html, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Installer.log, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-bg.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.dll, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-chromeinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-codedownloader.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-firefoxinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-helper.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-updater.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0.ico, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Uninstall.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\utils.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  15. What is HQ-Video-Professional? The Malwarebytes research team has determined that HQ-Video-Professional is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. How do I know if my computer is effected by HQ-Video-Professional? You may see these add-ons/extensions: or this entry in your list of installed programs: How did HQ-Video-Professional get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as video enhancement software. How do I remove HQ-Video-Professional? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to remove the Chrome extension. Please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-consumer.exe and follow the prompts to install the program.At the end, be sure a check-mark is placed next to the following:Enable free trial of Malwarebytes Anti-Malware PremiumLaunch Malwarebytes Anti-MalwareThen click Finish.If an update is found, you will be prompted to download and install the latest version.Once the program has loaded, select Scan now.When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.Reboot your computer if prompted.Is there anything else I need to do to get rid of HQ-Video-Professional?The Firefox extension can now safely be Removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the HQ-Video-Professional hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. Technical details for experts Signs in a HijackThis log: O2 - BHO: CrossriderApp0050002 - {11111111-1111-1111-1111-110511001102} - C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bho.dllAlterations made by the installer: File system details--------------------------------------------- Adds the folder C:\Program Files\HQ-Video-Professional-1.1 Adds the file 50002.xpi"="2/12/2014 6:52 AM, 300032 bytes, A Adds the file background.html"="2/6/2014 2:15 PM, 729 bytes, A Adds the file HQ-Video-Professional-1.1.ico"="2/6/2014 2:16 PM, 9662 bytes, A Adds the file HQ-Video-Professional-1.1-bg.exe"="2/12/2014 6:52 AM, 627048 bytes, A Adds the file HQ-Video-Professional-1.1-bho.dll"="2/12/2014 6:52 AM, 628584 bytes, A Adds the file HQ-Video-Professional-1.1-codedownloader.exe"="2/12/2014 6:52 AM, 558440 bytes, A Adds the file HQ-Video-Professional-1.1-enabler.exe"="2/12/2014 6:52 AM, 409960 bytes, A Adds the file HQ-Video-Professional-1.1-firefoxinstaller.exe"="2/12/2014 6:52 AM, 936808 bytes, A Adds the file HQ-Video-Professional-1.1-updater.exe"="2/12/2014 6:52 AM, 383848 bytes, A Adds the file Installer.log"="2/12/2014 6:52 AM, 208663 bytes, A Adds the file Uninstall.exe"="2/12/2014 6:52 AM, 81768 bytes, A Adds the file utils.exe"="2/12/2014 6:52 AM, 2298620 bytes, A In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage Alters the file chrome-extension_fnopmpmeehlabkfhidnechiihgpfoaif_0.localstorage 2/5/2014 7:30 AM, 3072 bytes, A ==> 2/12/2014 6:56 AM, 3072 bytes, A Alters the file chrome-extension_fnopmpmeehlabkfhidnechiihgpfoaif_0.localstorage-journal 2/5/2014 7:30 AM, 3608 bytes, A ==> 2/12/2014 6:56 AM, 3608 bytes, A Alters the file https_www.google.nl_0.localstorage 11/9/2013 12:08 PM, 3072 bytes, A ==> 2/12/2014 6:56 AM, 3072 bytes, A Alters the file https_www.google.nl_0.localstorage-journal 11/9/2013 12:08 PM, 3608 bytes, A ==> 2/12/2014 6:56 AM, 3608 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\ddb349eb-da01-435b-b058-51ebfd2b4922@f181e9b9-fc8f-44eb-8e38-624e87b1d63e.com Adds the file chrome.manifest"="2/12/2014 6:52 AM, 732 bytes, A Adds the file install.rdf"="2/12/2014 6:52 AM, 1489 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\ddb349eb-da01-435b-b058-51ebfd2b4922@f181e9b9-fc8f-44eb-8e38-624e87b1d63e.com\extensionData\plugins Adds the file 1_base.js"="2/12/2014 6:52 AM, 6908 bytes, A Adds the file 102_dealply_m.js"="2/12/2014 6:52 AM, 2201 bytes, A Adds the file 104_jollywallet_m.js"="2/12/2014 6:52 AM, 1450 bytes, A Adds the file 13_CrossriderAppUtils.js"="2/12/2014 6:52 AM, 7056 bytes, A Adds the file 14_CrossriderUtils.js"="2/12/2014 6:52 AM, 20810 bytes, A Adds the file 16_FFAppAPIWrapper.js"="2/12/2014 6:52 AM, 16158 bytes, A Adds the file 17_jQuery.js"="2/12/2014 6:52 AM, 79982 bytes, A Adds the file 177_crossriderDashboard.js"="2/12/2014 6:52 AM, 30419 bytes, A Adds the file 182_openUrl.js"="2/12/2014 6:52 AM, 14301 bytes, A Adds the file 183_tabsWrapper.js"="2/12/2014 6:52 AM, 2555 bytes, A Adds the file 195_icm_convertmedia_m.js"="2/12/2014 6:52 AM, 545 bytes, A Adds the file 207_dbWrapper.js"="2/12/2014 6:52 AM, 1661 bytes, A Adds the file 21_debug.js"="2/12/2014 6:52 AM, 3676 bytes, A Adds the file 22_resources.js"="2/12/2014 6:52 AM, 9082 bytes, A Adds the file 220_icm_base_m.js"="2/12/2014 6:52 AM, 47049 bytes, A Adds the file 28_initializer.js"="2/12/2014 6:52 AM, 664 bytes, A Adds the file 4_jquery_1_7_1.js"="2/12/2014 6:52 AM, 94180 bytes, A Adds the file 47_resources_background.js"="2/12/2014 6:52 AM, 7720 bytes, A Adds the file 64_appApiMessage.js"="2/12/2014 6:52 AM, 2332 bytes, A Adds the file 7_hooks.js"="2/12/2014 6:52 AM, 801 bytes, A Adds the file 72_appApiValidation.js"="2/12/2014 6:52 AM, 23624 bytes, A Adds the file 78_CrossriderInfo.js"="2/12/2014 6:52 AM, 3321 bytes, A Adds the file 9_search_engine_hook.js"="2/12/2014 6:52 AM, 2285 bytes, A Adds the file 91_monetizationLoader.js.js"="2/12/2014 6:52 AM, 141367 bytes, A Adds the file 93_superfish_no_coupons_m.js"="2/12/2014 6:52 AM, 775 bytes, A Adds the file 98_omniCommands.js"="2/12/2014 6:52 AM, 1936 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\ddb349eb-da01-435b-b058-51ebfd2b4922@f181e9b9-fc8f-44eb-8e38-624e87b1d63e.com\skin Adds the file button1.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file button2.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file button3.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file button4.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file button5.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file crossrider_statusbar.png"="2/12/2014 6:52 AM, 1361 bytes, A Adds the file icon128.png"="2/12/2014 6:52 AM, 5524 bytes, A Adds the file icon16.png"="2/12/2014 6:52 AM, 3235 bytes, A Adds the file icon24.png"="2/12/2014 6:52 AM, 3684 bytes, A Adds the file icon48.png"="2/12/2014 6:52 AM, 4124 bytes, A Adds the file panelarrow-up.png"="2/12/2014 6:52 AM, 917 bytes, A Adds the file popup.html"="2/12/2014 6:52 AM, 349 bytes, A Adds the file skin.css"="2/12/2014 6:52 AM, 990 bytes, A Adds the file update.css"="2/12/2014 6:52 AM, 140 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file HQ-Video-Professional-1.1-codedownloader"="2/12/2014 6:52 AM, 4580 bytes, A Adds the file HQ-Video-Professional-1.1-enabler"="2/12/2014 6:52 AM, 4478 bytes, A Adds the file HQ-Video-Professional-1.1-firefoxinstaller"="2/12/2014 6:52 AM, 5702 bytes, A Adds the file HQ-Video-Professional-1.1-updater"="2/12/2014 6:52 AM, 4624 bytes, A In the existing folder C:\Windows\Tasks Adds the file HQ-Video-Professional-1.1-codedownloader.job"="2/12/2014 6:52 AM, 1550 bytes, A Adds the file HQ-Video-Professional-1.1-enabler.job"="2/12/2014 6:52 AM, 1448 bytes, A Adds the file HQ-Video-Professional-1.1-firefoxinstaller.job"="2/12/2014 6:52 AM, 2672 bytes, A Adds the file HQ-Video-Professional-1.1-updater.job"="2/12/2014 6:52 AM, 1594 bytes, ARegistry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}] "(Default)"="REG_SZ, "HQ-Video-Professional-1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\Implemented Categories] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ, "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0050002.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544004402}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511001102}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0050002" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}\InprocServer32] "(Default)"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bho.dll" "ThreadingModel"="REG_SZ, "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}\ProgID] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544004402}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522002202}\VersionIndependentProgID] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.BHO] "(Default)"="REG_SZ, "CrossriderApp0050002" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.BHO\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511001102}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.BHO\CurVer] "(Default)"="REG_SZ, "CrossriderApp0050002" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.BHO.1] "(Default)"="REG_SZ, "CrossriderApp0050002" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.BHO.1\CLSID] "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511001102}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.Sandbox] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.Sandbox\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522002202}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.Sandbox\CurVer] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.Sandbox.1] "(Default)"="REG_SZ, "CrossriderApp0050002.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0050002.Sandbox.1\CLSID] "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522002202}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555005502}] "(Default)"="REG_SZ, "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555005502}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555005502}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555005502}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544004402}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566006602}] "(Default)"="REG_SZ, "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566006602}\ProxyStubClsid] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566006602}\ProxyStubClsid32] "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566006602}\TypeLib] "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544004402}" "Version"="REG_SZ, "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544004402}\1.0] "(Default)"="REG_SZ, "CrossriderApp0050002 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544004402}\1.0\0\win32] "(Default)"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544004402}\1.0\FLAGS] "(Default)"="REG_SZ, "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544004402}\1.0\HELPDIR] "(Default)"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\HQ-Video-Professional-1.1\Firefox] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\HQ-Video-Professional-1.1\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\HQ-Video-Professional-1.1\IE] "TotalProfiles"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\HQ-Video-Professional-1.1\Installer] "BundledFirefox"="REG_DWORD, 1" "BundledIe"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1a861be0-27ff-48fb-bcb5-9b21f60a7c55}] "AppName"="REG_SZ, "HQ-Video-Professional-1.1-codedownloader.exe" "AppPath"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1" "Policy"="REG_DWORD, 3" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ed95f08d-536f-4a3d-8e5f-d660fd88b781}] "AppName"="REG_SZ, "HQ-Video-Professional-1.1-bg.exe" "AppPath"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1" "Policy"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "HQ-Video-Professional-1.1-bg.exe"="REG_DWORD, 8000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511001102}] "(Default)"="REG_SZ, "CrossriderApp0050002" "NoExplorer"="REG_DWORD, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511001102}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110511001102}"="REG_SZ, "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Professional-1.1] "CrAppId"="REG_SZ, "50002" "CrPublisherId"="REG_SZ, "27058" "DisplayIcon"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1\utils.exe" "DisplayName"="REG_SZ, "HQ-Video-Professional-1.1" "DisplayVersion"="REG_SZ, "1.34.1.29" "Publisher"="REG_SZ, "HQ-Video" "UninstallString"="REG_SZ, "C:\Program Files\HQ-Video-Professional-1.1\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511001102}] [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ, "2A3DCDDDB4024F83B3DDF25BCADDF8B0IE" "Verifier"="REG_SZ, "7a2693da65e2d824b77e72fa0964e3e3" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate "50002"="REG_SZ, "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest "50002"="REG_SZ, " {javascript code} " [HKEY_CURRENT_USER\Software\AppDataLow\Software\HQ-Video-Professional-1.1 "ActiveAppId"="REG_SZ, "50002" "BhoRunningVersion"="REG_SZ, "153" "IsBhoEnabled"="REG_DWORD, 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\HQ-Video-Professional-1.1\Background] "__onDocumentStart_script__"="REG_SZ, "" "__onDocumentStart_script_store__"="REG_SZ, "" "IsEnabled"="REG_DWORD, 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\HQ-Video-Professional-1.1\Code] "AppJavaScript"="REG_SZ, "{javascript code} " "NewTabJavaScript"="REG_SZ, "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\HQ-Video-Professional-1.1\Db\Async-Internal\monetization_plugin_firstRun] "Expiration"="REG_DWORD, 1707544496" "Value"="REG_SZ, "false" [HKEY_CURRENT_USER\Software\AppDataLow\Software\HQ-Video-Professional-1.1\Db\Async-Internal\monetization_plugin_is_install_reported_] "Expiration"="REG_DWORD, 1707544495" "Value"="REG_SZ, "true"< skipped some of these and a lot of {javascript code}. Full log available by request.>Malwarebytes Anti-Malware log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/12/2014Scan Time: 7:14:24 AMLogfile: mbamlogCrossriderHQ.txtAdministrator: YesVersion: 2.00.0.0503Malware Database: v2014.02.12.02Rootikt Database: v2013.12.18.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 193716Time Elapsed: 4 min, 51 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 20Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544004402}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555005502}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566006602}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0050002.BHO.1, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0050002.BHO, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110511001102}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522002202}, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0050002.Sandbox.1, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0050002.Sandbox, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511001102}\INPROCSERVER32, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [c290dffc0f6b81b50c05aff7cf34669a],Registry Key, PUP.Optional.HQVideoProfessional.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HQ-Video, Quarantined, [3c165c7f3a4070c6b2f2d2a416ec7a86],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\HQ-Video-Professional-1.1, Quarantined, [de7455864e2c42f4534fe88e46bcef11],Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [7dd526b52d4d171ff214eb8c13ef847c],Registry Key, PUP.Optional.HQVideoProfessional.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQ-Video-Professional-1.1, Quarantined, [79d9e7f46515d26434b642338b777090],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [59f9cd0eb0cac96db56d9bdc07fbdf21],Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],Folder, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1, Quarantined, [79d9e7f46515d26434b642338b777090],Files: 27File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bho.dll, Quarantined, [5ff33e9da8d2092d578a4d1d7d8448b8],File, PUP.Optional.HQVideoProfessional.A, C:\Users\{username}\Desktop\Khukelxdxdz.exe, Quarantined, [e1718f4c9fdb5bdbe10197d3f20f1fe1],File, PUP.Optional.HQVideoProfessional.A, C:\Windows\Tasks\HQ-Video-Professional-1.1-codedownloader.job, Quarantined, [470bb823afcbc274079ac5b161a16997],File, PUP.Optional.HQVideoProfessional.A, C:\Windows\Tasks\HQ-Video-Professional-1.1-enabler.job, Quarantined, [8cc68b5084f6b482bfe2b5c18082d42c],File, PUP.Optional.HQVideoProfessional.A, C:\Windows\Tasks\HQ-Video-Professional-1.1-firefoxinstaller.job, Quarantined, [3919c3188eec94a26e331f57de2455ab],File, PUP.Optional.HQVideoProfessional.A, C:\Windows\Tasks\HQ-Video-Professional-1.1-updater.job, Quarantined, [afa3eeed047670c6564b34429f63ef11],File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [59f9cd0eb0cac96db56d9bdc07fbdf21],File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [aea416c5cfab1f17534cc4b3a959c43c],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [4d05ca1161197bbbcedfb4c13fc3ce32],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\50002.xpi, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\background.html, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-bg.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-codedownloader.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-enabler.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-firefoxinstaller.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1-updater.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\HQ-Video-Professional-1.1.ico, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\Installer.log, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\Uninstall.exe, Quarantined, [79d9e7f46515d26434b642338b777090],File, PUP.Optional.HQVideoProfessional.A, C:\Program Files\HQ-Video-Professional-1.1\utils.exe, Quarantined, [79d9e7f46515d26434b642338b777090],Physical Sectors: 0(No malicious items detected)(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.
  16. I try to run Malwarebytes scan weekly, and today's came up with 13 malicious items. 10 are registry keys with vendor name PUP.Optional.CrossRider and PUP.Optional.Wajam. The other 3 are files: PUP.Optional.Conduit.A, PUP.Optional.OpenCandy and PUP.Optional.CrossRider. I really don't know what these mean, but perusing the forums I see some folks have had these and run into Big Issues when simply removing them. Can you please provide me some idiot-proof instrux on how to proceed? (I do computer kinda like I do car: as long as everything's working I can make it go anywhere, but if anything goes wrong under the hood, I'm totally helpless.) Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.