Jump to content

Removal instructions for I-Cinema


Recommended Posts

  • Staff

What is I-Cinema?

The Malwarebytes research team has determined that I-Cinema is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by I-Cinema?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

and this entry in your list of installed programs:

warning4.png

How did I-Cinema get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove I-Cinema?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of I-Cinema?
  • No, Malwarebytes' Anti-Malware removes I-Cinema completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the I-Cinema hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0061365 - {11111111-1111-1111-1111-110611131165} - C:\Program Files\I - Cinema\I - Cinema-bho.dll
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\I - Cinema       Adds the file 1293297481.mxaddon"="8/3/2014 10:53 AM, 38028 bytes, A       Adds the file 43d2b6aa-c13a-4aee-80e5-d6f902e71fb9.crx"="8/13/2014 8:04 PM, 277815 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6.crx"="8/13/2014 8:04 PM, 276612 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6.xpi"="8/13/2014 8:04 PM, 317822 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11.exe"="8/13/2014 8:04 PM, 1868312 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2.exe"="8/13/2014 8:04 PM, 343576 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-4.exe"="8/13/2014 8:04 PM, 1398808 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5.exe"="8/13/2014 8:04 PM, 444952 bytes, A       Adds the file background.html"="8/4/2014 2:05 PM, 729 bytes, A       Adds the file I - Cinema.ico"="8/4/2014 2:05 PM, 9662 bytes, A       Adds the file I - Cinema-bg.exe"="8/13/2014 8:04 PM, 547864 bytes, A       Adds the file I - Cinema-bho.dll"="8/13/2014 8:04 PM, 528408 bytes, A       Adds the file I - Cinema-codedownloader.exe"="8/13/2014 8:04 PM, 515608 bytes, A       Adds the file Uninstall.exe"="8/13/2014 8:04 PM, 87576 bytes, A       Adds the file utils.exe"="8/13/2014 8:04 PM, 2337388 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com       Adds the file chrome.manifest"="8/13/2014 8:04 PM, 498 bytes, A       Adds the file install.rdf"="8/13/2014 8:04 PM, 1221 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\defaults\preferences       Adds the file prefs.js"="8/13/2014 8:04 PM, 2689 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData       Adds the file manifest.xml"="8/13/2014 8:04 PM, 1692 bytes, A       Adds the file plugins.json"="8/13/2014 8:04 PM, 9273 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\userCode       Adds the file background.js"="8/13/2014 8:04 PM, 2293 bytes, A       Adds the file extension.js"="8/13/2014 8:04 PM, 1 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\locale\en-US       Adds the file translations.dtd"="8/13/2014 8:04 PM, 425 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin    In the existing folder C:\Windows\System32\Tasks       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-1"="8/13/2014 8:04 PM, 4586 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11"="8/13/2014 8:04 PM, 6822 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2"="8/13/2014 8:04 PM, 4344 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5"="8/13/2014 8:04 PM, 4444 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5_user"="8/13/2014 8:04 PM, 4464 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-1.job"="8/13/2014 8:04 PM, 1556 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11.job"="8/13/2014 8:04 PM, 3792 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2.job"="8/13/2014 8:04 PM, 1314 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5.job"="8/13/2014 8:04 PM, 1414 bytes, A       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5_user.job"="8/13/2014 8:04 PM, 1428 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}]       "(Default)"="REG_SZ", "I - Cinema"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0061365.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0061365"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO]       "(Default)"="REG_SZ", "CrossriderApp0061365"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611131165}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0061365"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO.1]       "(Default)"="REG_SZ", "CrossriderApp0061365"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611131165}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622132265}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox.1]       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622132265}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0]       "(Default)"="REG_SZ", "CrossriderApp0061365 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema"    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Firefox]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Firefox\Profiles]       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25257]       "61365"="REG_SZ", "I - Cinema"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25257\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611131165}]       "(Default)"="REG_SZ", "CrossriderApp0061365"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611131165}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema]       "CrAppId"="REG_SZ", "61365"       "CrPublisherId"="REG_SZ", "25257"       "DisplayIcon"="REG_SZ", "C:\Program Files\I - Cinema\utils.exe"       "DisplayName"="REG_SZ", "I - Cinema"       "DisplayVersion"="REG_SZ", "1.34.7.29"       "Publisher"="REG_SZ", "DiscountFrenzy"       "UninstallString"="REG_SZ", "C:\Program Files\I - Cinema\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "62e6aae8-e552-4861-8904-92605cf886f6-1.job"="REG_BINARY, .......U........................       "62e6aae8-e552-4861-8904-92605cf886f6-1.job.fp"="REG_DWORD", 859561424       "62e6aae8-e552-4861-8904-92605cf886f6-11.job"="REG_BINARY, ................................       "62e6aae8-e552-4861-8904-92605cf886f6-11.job.fp"="REG_DWORD", -1021092544       "62e6aae8-e552-4861-8904-92605cf886f6-2.job"="REG_BINARY, ................................       "62e6aae8-e552-4861-8904-92605cf886f6-2.job.fp"="REG_DWORD", 1047259439       "62e6aae8-e552-4861-8904-92605cf886f6-5.job"="REG_BINARY, ................................       "62e6aae8-e552-4861-8904-92605cf886f6-5.job.fp"="REG_DWORD", -70658665       "62e6aae8-e552-4861-8904-92605cf886f6-5_user.job"="REG_BINARY, ................................       "62e6aae8-e552-4861-8904-92605cf886f6-5_user.job.fp"="REG_DWORD", 200857849    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "21EEE1E9BD7B4EBF9E8EBC2D11B3DACDIE"       "Verifier"="REG_SZ", "49dffa4ae3868fb807d09375cbd4c991"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "61365"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "61365"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema]       "ActiveAppId"="REG_SZ", "61365"       "BhoRunningVersion"="REG_SZ", "153"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Background]       " { javascript removed, full log available by request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733627, 0]}"       "CodeDownloadDomain"="REG_SZ", "http://js.infostatsserv.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.infostatsserv.com"       "FullVersion"="REG_SZ", "1.34.7.29"       "FullVersionForUrl"="REG_SZ", "1_34_07_29"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "001837",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "001837"       "StatsDomain"="REG_SZ", "http://stats.infostatsserv.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1407953048"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "Lights out for YouTube"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "I - Cinema"       "PluginsManifestVersion"="REG_SZ", "18"       "PublisherId"="REG_SZ", "25257"       "PublisherName"="REG_SZ", "DiscountFrenzy"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "25"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Update]       "LastCheck"="REG_DWORD", 1407953061    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\25257]       "61365"="REG_SZ", "I - Cinema"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\25257\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\DiscountFrenzy]       "61365"="REG_SZ", "I - Cinema"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611131165}]       "Flags"="REG_DWORD", 1024       "VerCache"="REG_BINARY, .H...F................
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/13/2014Scan Time: 8:09:12 PMLogfile: mbamICinema.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.08.13.05Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 254296Time Elapsed: 2 min, 51 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 36PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644134465}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655135565}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666136665}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.BHO.1, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.BHO, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622132265}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.Sandbox.1, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.Sandbox, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611131165}\INPROCSERVER32, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.ICinema.A, HKLM\SOFTWARE\I - Cinema, Quarantined, [a475e6e00e6d7db9367085561fe31de3], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [ae6b3492ceada3937e42a43d4ab8f60a], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25257, Quarantined, [ad6c02c42f4c0b2bcd273ebeb34f1ce4], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [c851d5f1582392a4d6ed350d61a356aa], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [9f7a8d39c4b7c67002c2330f49bb8779], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [5fba7b4b8af10531fec5c271e024a15f], PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\I - Cinema, Quarantined, [14055a6cccaffa3c1a8ac7147989a45c], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25257, Quarantined, [6faa81455c1fb6806c76766509f946ba], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\DiscountFrenzy, Quarantined, [c752f6d05427ef47663cb02b8a78e41c], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.ICinema.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I - Cinema, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [ae6b3492ceada3937e42a43d4ab8f60a]Registry Data: 0(No malicious items detected)Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{1BC62FE5-C4AA-4F0E-B5C3-0E27974EBA0B}, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\defaults, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\defaults\preferences, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\userCode, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\locale, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\locale\en-US, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], Files: 158PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-bho.dll, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\I - Cinema.exe, Quarantined, [c653dee897e42115cb6bf05c58a812ee], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-1, Quarantined, [c257e0e64536181eb902548d748ecf31], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-11, Quarantined, [5abfb412116aab8bf5c6746d51b1f50b], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-2, Quarantined, [29f0ebdb81fac86e932837aa956d8f71], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5, Quarantined, [36e3378f94e78fa7516a8d5436cc23dd], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5_user, Quarantined, [0613873fc2b9280ead0e578a61a1847c], PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-1.job, Quarantined, [39e09e2899e2f64059df2a16fa0aa858], PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-11.job, Quarantined, [0910477fa8d3d363aa8eb38d42c2827e], PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-2.job, Quarantined, [6eaba0264635a096a98fec54c53fd22e], PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5.job, Quarantined, [8099a224d4a73006a2961030996b966a], PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5_user.job, Quarantined, [a2772c9afa8188aef444ab958b79e917], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [2eeb18ae9fdc69cd80ce77c915eff60a], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [21f80bbb7cff5dd9222d0c34d92be21e], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [ff1ac204b2c9191d4e02f44c22e2e11f], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [5cbd7650e8933df9d37e97a916eefb05], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [8891a42224577cba834205cac240a759], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleCrashHandler.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdate.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateBroker.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateHelper.msi, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateOnDemand.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\goopdate.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\goopdateres_en.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\npGoogleUpdate4.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\psmachine.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\psuser.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome.manifest, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\install.rdf, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\1ad5b9fe535a8f6f8c88f4299f306b90.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\1ef6cb6f295d60cd6935171543aa81cc.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\51e629182ea6180c2456a778a13725a3.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\8f3121f93a1f9b9d1babed7275e6bdb1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\ba693db027f837c3bf34e426ad14618e.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\background.html, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\browser.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\dialog.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\f4a3c567461261bb1d70ae171cef0026.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\options.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\options.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\search_dialog.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\91a70de2488eb2ca0b4f5c19b3cf47a2.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\16e7705cc8206458953a8b930ec118a7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\224fee945f04cbdbb2737a6af67e8fe2.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\398e143ba94977ea2c4b22a18e709726.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\44e6366017415322682788cfdb4ac8ef.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\53a0891845cb0b8c0624ada8a95de2e1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\5ba105895c9a90d48294990bdc89a939.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\6920762430c00f6b0ab9a873384f9c3f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\78dda46083380bc3ba4c9c4ae975a463.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\a4122c9c02ecf7f7a79046ab47192892.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\c214de865cf3f422172044578eddfa6f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\c651b4aac18f26bf1af3f3b663de22c4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\db9bb87c89b3ce93c947f39a0cffdeca.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\e614d05111fa27fc2aba8cfa71761cd9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\e811fb4cc8e69161f2f480db104d6707.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\api\f0cd904d763c8d83a55c08b257c8f624.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\0905233a8b2cf2bdf63952ca1bb71e4d.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\1d4ceafab401a07f8ff99f264e5dd36c.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\35ff2b942cef611b185566ce12e9d9e9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\36a870ca3d9d4f5da62c051beae274ac.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\3cee61735270a0dd79b240cc85624d09.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\3d0d2c673bc8be7dcfe7d65207edc207.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\498df3e7878c0b0b10aca8a4f1634633.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\4ca439045a27b407ccaf4c3bdf0cb433.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\4f06a79cdddf7466884b252ca59d7ec4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\8ab1b30c3b6663228ede423b5d9f16b8.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\ac07254cf491ac60691904951e10d629.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\b6125149906fe869817978762950aefc.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\d0fbb8d40c2159fd69fce2a476a088ae.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\d13d9ed307f5227577d3e21b4b94ba03.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\d3349cc8191a7c4ecf2240eb65fc62a9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\d688631e092b550c6e11e818020ac15d.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\dad6acb65024327f1b365ad5c2e99382.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\e6521d64d973ca82b747d26386c4ad2b.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\ece817baa4f28816639bf6d64e39d90f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\ffe22cc8a6ecc51f69c9455de33468f7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\chrome\content\core\installer.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\defaults\preferences\prefs.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\manifest.xml, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins.json, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\102.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\104.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\13.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\14.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\16.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\17.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\177.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\180.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\182.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\183.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\190.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\191.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\192.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\207.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\21.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\22.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\220.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\221.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\223.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\246.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\263.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\268.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\28.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\289.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\47.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\64.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\72.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\78.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\91.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\93.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\98.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\userCode\background.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\extensionData\userCode\extension.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\locale\en-US\translations.dtd, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\button1.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\button2.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\button3.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\button4.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\button5.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\crossrider_statusbar.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\icon128.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\icon16.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\icon24.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\icon48.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\panelarrow-up.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\popup.html, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\skin.css, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\MGKN37049485@ACPSC11936960.com\skin\update.css, Quarantined, [6faa685e1269290da4e19f3654ae619f], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\1293297481.mxaddon, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\43d2b6aa-c13a-4aee-80e5-d6f902e71fb9.crx, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-11.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-2.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-4.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-5.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6.crx, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6.xpi, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\background.html, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-bg.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-codedownloader.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema.ico, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\Uninstall.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\utils.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.