Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Shop_an_Up

- - - - -
Started by Metallica , Jun 07 2014 01:09 PM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 07 June 2014 - 01:09 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Shop_an_Up?

The Malwarebytes research team has determined that Shop_an_Up is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Shop_an_Up?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

and this entry in your list of installed programs:

warning4.png


How did Shop_an_Up get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Shop_an_Up?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Shop_an_Up?
  • No, Malwarebytes' Anti-Malware removes Shop_an_Up completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Shop_an_Up hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0042822 - {11111111-1111-1111-1111-110411281122} - C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bho.dll
Alterations made by the installer:
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\Shop_an_Up-1.4
       Adds the file 1293297481.mxaddon"="5/22/2014 2:40 PM, 38693 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-2.exe"="6/7/2014 8:24 PM, 359936 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-3.exe"="6/7/2014 8:23 PM, 1892352 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-4.exe"="6/7/2014 8:23 PM, 833536 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-5.exe"="6/7/2014 8:24 PM, 455168 bytes, A
       Adds the file 360-42822.crx"="6/7/2014 8:23 PM, 277223 bytes, A
       Adds the file 42822.crx"="6/7/2014 8:23 PM, 276033 bytes, A
       Adds the file 42822.xpi"="6/7/2014 8:23 PM, 464322 bytes, A
       Adds the file background.html"="6/1/2014 6:55 AM, 729 bytes, A
       Adds the file bgNova.html"="6/1/2014 6:55 AM, 729 bytes, A
       Adds the file Shop_an_Up-1.4.ico"="6/1/2014 6:56 AM, 15086 bytes, A
       Adds the file Shop_an_Up-1.4-bg.exe"="6/7/2014 8:24 PM, 560640 bytes, A
       Adds the file Shop_an_Up-1.4-bho.dll"="6/7/2014 8:24 PM, 536064 bytes, A
       Adds the file Shop_an_Up-1.4-codedownloader.exe"="6/7/2014 8:24 PM, 504832 bytes, A
       Adds the file Shop_an_Up-1.4-nova.dll"="6/7/2014 8:23 PM, 117760 bytes, A
       Adds the file Shop_an_Up-1.4-nova.exe"="6/7/2014 8:23 PM, 589312 bytes, A
       Adds the file Shop_an_Up-1.4-novainstaller.exe"="6/7/2014 8:23 PM, 504832 bytes, A
       Adds the file Uninstall.exe"="6/7/2014 8:23 PM, 79872 bytes, A
       Adds the file utils.exe"="6/7/2014 8:23 PM, 2253605 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com
       Adds the file chrome.manifest"="6/7/2014 8:23 PM, 732 bytes, A
       Adds the file install.rdf"="6/7/2014 8:23 PM, 1331 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\defaults\preferences
       Adds the file prefs.js"="6/7/2014 8:24 PM, 3974 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData
       Adds the file manifest.xml"="6/7/2014 8:23 PM, 1674 bytes, A
       Adds the file plugins.json"="6/7/2014 8:23 PM, 11756 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\userCode
       Adds the file background.js"="6/7/2014 8:24 PM, 429 bytes, A
       Adds the file extension.js"="6/7/2014 8:24 PM, 1 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\locale\en-US
       Adds the file translations.dtd"="6/7/2014 8:23 PM, 425 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin
    In the existing folder C:\Windows\System32\Tasks
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-1"="6/7/2014 8:24 PM, 4406 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-2"="6/7/2014 8:24 PM, 4374 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-3"="6/7/2014 8:23 PM, 6490 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-4"="6/7/2014 8:24 PM, 5176 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-5"="6/7/2014 8:24 PM, 4478 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-6"="6/7/2014 8:23 PM, 4408 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-7"="6/7/2014 8:23 PM, 4342 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-1.job"="6/7/2014 8:24 PM, 1376 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-2.job"="6/7/2014 8:24 PM, 1344 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-3.job"="6/7/2014 8:23 PM, 3460 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-4.job"="6/7/2014 8:23 PM, 2146 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-5.job"="6/7/2014 8:24 PM, 1448 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-6.job"="6/7/2014 8:23 PM, 1378 bytes, A
       Adds the file 1d7b69fe-9686-45b6-8a43-97659dd401d8-7.job"="6/7/2014 8:23 PM, 1314 bytes, A


Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}]
       "(Default)"="REG_SZ", "Shop_an_Up-1.4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0042822.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444284422}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411281122}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0042822"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444284422}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422282222}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.BHO]
       "(Default)"="REG_SZ", "CrossriderApp0042822"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.BHO\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411281122}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.BHO\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0042822"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.BHO.1]
       "(Default)"="REG_SZ", "CrossriderApp0042822"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.BHO.1\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110411281122}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.Sandbox]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.Sandbox\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422282222}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.Sandbox\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.Sandbox.1]
       "(Default)"="REG_SZ", "CrossriderApp0042822.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0042822.Sandbox.1\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220422282222}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455285522}]
       "(Default)"="REG_SZ", "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455285522}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455285522}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455285522}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444284422}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466286622}]
       "(Default)"="REG_SZ", "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466286622}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466286622}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466286622}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440444284422}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444284422}\1.0]
       "(Default)"="REG_SZ", "CrossriderApp0042822 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444284422}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444284422}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444284422}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\23586]
       "42822"="REG_SZ", "Shop_an_Up-1.4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\23586\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411281122}]
       "(Default)"="REG_SZ", "CrossriderApp0042822"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
       "{11111111-1111-1111-1111-110411281122}"="REG_SZ", "1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop_an_Up-1.4]
       "CrAppId"="REG_SZ", "42822"
       "CrPublisherId"="REG_SZ", "23586"
       "DisplayIcon"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4\utils.exe"
       "DisplayName"="REG_SZ", "Shop_an_Up-1.4"
       "DisplayVersion"="REG_SZ", "1.34.5.29"
       "Publisher"="REG_SZ", "Winportal"
       "UninstallString"="REG_SZ", "C:\Program Files\Shop_an_Up-1.4\Uninstall.exe /fcp=1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-1.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-1.job.fp"="REG_DWORD", 410539133
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-2.job"="REG_BINARY, ...................u............
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-2.job.fp"="REG_DWORD", -1963531073
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-3.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-3.job.fp"="REG_DWORD", -234083687
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-4.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-4.job.fp"="REG_DWORD", 122091858
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-5.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-5.job.fp"="REG_DWORD", -1860451672
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-6.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-6.job.fp"="REG_DWORD", 561499661
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-7.job"="REG_BINARY, ................................
       "1d7b69fe-9686-45b6-8a43-97659dd401d8-7.job.fp"="REG_DWORD", -1738909026
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Code]
       "AppJavaScript"="REG_SZ", ""
       "BgJavaScript"="REG_SZ", "{ javascript removed, full log available on request}"
       "NewTabJavaScript"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Debug]
       "IsDebuggingPlugins"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Firefox]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\IE]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Installer]
       "Bic"="REG_SZ", "4F1488AB32644E489862AF0E01D87D99IE"
       "BundledChrome"="REG_DWORD", 1
       "BundledFirefox"="REG_DWORD", 1
       "BundledIe"="REG_DWORD", 1
       "BundledNova"="REG_DWORD", 1
       "CodeDownloadDomain"="REG_SZ", "http://js.datademoserv.com"
       "DefaultBrowser"="REG_SZ", "ie"
       "ErrorsDomain"="REG_SZ", "http://errors.datademoserv.com"
       "FullVersion"="REG_SZ", "1.34.5.29"
       "FullVersionForUrl"="REG_SZ", "1_34_05_29"
       "OsName"="REG_SZ", "7"
       "Params"="REG_SZ", "{   "source_id" : "001310",   "sub_id" : "0",   "uzid" : "0"}"
       "SrcId"="REG_SZ", "001310"
       "StatsDomain"="REG_SZ", "http://stats.datademoserv.com"
       "SubId"="REG_SZ", "0"
       "Time"="REG_SZ", "1402165427"
       "Verifier"="REG_SZ", "3740d8a7081243ce6676e0e73fad61a4"
       "ZData"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Manifest]
       "AddressbarURL"="REG_SZ", "NA"
       "BgVersion"="REG_SZ", "1"
       "ChangePrevious"="REG_SZ", "false"
       "Description"="REG_SZ", "Shop-Up"
       "DisableIe"="REG_SZ", "true"
       "EnableSearchIE"="REG_SZ", "false"
       "HomePageUrl"="REG_SZ", "NA"
       "IsButtonEnabled"="REG_SZ", "false"
       "Manifest"="REG_SZ", "NA"
       "ModeType"="REG_SZ", "production"
       "Name"="REG_SZ", "Shop-Up"
       "PluginsManifestVersion"="REG_SZ", "97"
       "PublisherId"="REG_SZ", "23586"
       "PublisherName"="REG_SZ", "Winportal"
       "RunInFrame"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "ThanksUrl"="REG_SZ", "NA"
       "UninstallerOfferAction"="REG_SZ", "NA"
       "UninstallerOfferUrl"="REG_SZ", "NA"
       "UpdateInterval"="REG_DWORD", 360
       "Version"="REG_SZ", "103"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Shop_an_Up-1.4\Plugins]
       "AppPluginList"="REG_SZ", "246,14,78,4,93,102,123,155,180,184,191,192,193,223,233,242,263,264,91"
       "BgPluginList"="REG_SZ", "246,4,14,78,251,249,250,271,93,102,123,155,180,184,191,192,193,223,233,242,263,264,91"
       "BrowserEventPluginList"="REG_SZ", "14"
       "NewTabPluginList"="REG_SZ", "14,78,4"
       "OnRequestPluginList"="REG_SZ", "14"
       "PopupPluginList"="REG_SZ", "4,14,78"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Shop_an_Up-1.4\Update]
       "LastCheck"="REG_DWORD", 1402165441
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\23586]
       "42822"="REG_SZ", "Shop_an_Up-1.4"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\23586\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Winportal]
       "42822"="REG_SZ", "Shop_an_Up-1.4"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411281122}]
       "Flags"="REG_DWORD", 1024
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/7/2014
Scan Time: 8:30:51 PM
Logfile: mbamShopanUp.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.07.05
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 228796
Time Elapsed: 3 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-nova.exe, 2736, Delete-on-Reboot, [b5ecfd78265549ed736b0c797e83837d]

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411281122}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444284422}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455285522}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466286622}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0042822.BHO.1, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411281122}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0042822.BHO, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411281122}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411281122}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422282222}, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0042822.Sandbox.1, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0042822.Sandbox, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411281122}\INPROCSERVER32, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\Shop_an_Up-1.4, Quarantined, [3e63ed8855260a2c639c3168877b659b], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\23586, Quarantined, [1f8262136b1022146873317b2dd5ce32], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [4859a3d26f0c0234717e9053a85ba858], 
PUP.Optional.ShopUp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shop_an_Up-1.4, Quarantined, [643dbdb88bf0201646b71d7ce81a1ce4], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\23586, Quarantined, [f8a97cf919623ff7528ac3e9cb37ce32], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Winportal, Quarantined, [643d8fe6de9d4fe76fbe6744a1613fc1], 
PUP.Optional.ShopUp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Shop_an_Up-1.4, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\defaults, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\defaults\preferences, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\userCode, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\locale, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\locale\en-US, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 

Files: 142
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-nova.exe, Quarantined, [b5ecfd78265549ed736b0c797e83837d], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bho.dll, Quarantined, [732e33424e2d053124ba5d28d92832ce], 
PUP.Optional.crossRider.A, C:\Users\{username}\Desktop\Shop_an_Up-1.4.exe, Quarantined, [366be98c5b20e84e7574073853adb749], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-1.job, Quarantined, [ebb62451760562d4441c0f9c6c96b54b], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-2.job, Quarantined, [445d32437ffc85b1421e614ac141fc04], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-3.job, Quarantined, [51502a4b8dee9e981b45713ac33fea16], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-4.job, Quarantined, [7d24b8bd196285b1e67ae6c5946ea957], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-5.job, Quarantined, [8021ec890e6d92a4a8b86f3c42c04eb2], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-6.job, Quarantined, [7d2425504932b68079e7d7d459a99f61], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d7b69fe-9686-45b6-8a43-97659dd401d8-7.job, Quarantined, [29783e37700bf343263a179429d9a759], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome.manifest, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\install.rdf, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\25e964359b18d61615c6b838a808cc08.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\7a772b4ccaea27f03e1a462915cf5c9d.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\background.html, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\browser.xul, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\c0e72f94fad120c1b01e447306ed8d4c.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\d525f6c6a07ed72437cfda97ff469ca3.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\dialog.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\e8bd59b29a3cc908dd65a814e7563477.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\options.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\options.xul, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\search_dialog.xul, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\6e867758bc0c459a1d1c529f73fae6ae.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\09a4c871bda63ed6c22b03783c98e277.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\23cd6a5af3bd9125545349b53fa69d16.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\35151d110d8fe80ed9767b5305df905f.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\3ce81130729113270366751688f96c98.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\41f3fb10bb0e98f5b4e91bccacc5321b.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\47f56a038cff0b0c2789cdd44d466f3f.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\671ecacc749e3ee4955591969d107960.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\6c7d791929004c2a04c6a0b7f6641d0c.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\781e60c9e8dde26c546e34b5affd57c7.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\7978b503eb775370c753f017c61b284d.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\f4a36dc7337d24b52c68fa772a838771.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\f5e6683e16adc7ebec3f64d6d31de3eb.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\f986e2b63bf43a26b4e70fcb35cf4976.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\fa215438a479ba4896309750f20fb443.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\api\fc95047460cdb736fdfcb87c3071aa06.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\82ece24071f1a95984886d35d0bd09e3.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\029fbd81789b9e2ae76784b72e3c5921.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\1f290721c928c44da16523d4a0a4ca73.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\41316fd6664870a89f6735707d68df03.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\425be169d5489e8c097506eef41bebf9.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\4495fba43f52663db8fd4ed04ad548f9.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\5104113c29f78246d74cd4f32d92f44b.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\5faa4356f24ed6b17742c84f624a0e42.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\614adefa7f52fdc7bc290cf7756cbd7b.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\7e8d4e3c84426f4c09151b268bcd3564.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\86ed1e668a8bb24852248424774e2a76.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\a7a2da56df186020f23f3201c6cb0bc6.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\a9eac9110644b60b779e3a7d5bd770ef.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\b56b3dba9c58161018fc83ede1da2781.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\b87eab0f0294dc99db5402b797ed654b.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\bd6c094011ca67ab9baf49351050fb91.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\c19bed797c7a20c5f32dafdcbc5cf836.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\e357d52c4752e075dd18da9e515173bd.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\ebf1e0da271b09da3521abcf34585144.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\f4010585bf6e2f42dc3048cfada4fc09.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\chrome\content\core\installer.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\defaults\preferences\prefs.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\manifest.xml, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins.json, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\22.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\1.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\102.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\104.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\123.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\13.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\14.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\155.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\158.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\16.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\17.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\177.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\180.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\182.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\183.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\184.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\191.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\192.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\193.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\195.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\207.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\21.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\220.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\221.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\223.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\233.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\242.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\246.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\263.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\264.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\266.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\268.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\28.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\4.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\47.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\64.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\7.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\72.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\78.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\9.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\91.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\93.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\plugins\98.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\userCode\background.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\extensionData\userCode\extension.js, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\locale\en-US\translations.dtd, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\button1.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\button2.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\button3.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\button4.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\button5.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\crossrider_statusbar.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\icon128.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\icon16.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\icon24.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\icon48.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\panelarrow-up.png, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\popup.html, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\skin.css, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\a346f15b-f72e-4205-b29d-52ad46792214@bf4b3822-f1de-4b29-8f70-c0a27f6ca2b8.com\skin\update.css, Quarantined, [4c5584f1bcbfee488bdd3f4a38caf60a], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-bg.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\1293297481.mxaddon, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\1d7b69fe-9686-45b6-8a43-97659dd401d8-2.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\1d7b69fe-9686-45b6-8a43-97659dd401d8-3.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\1d7b69fe-9686-45b6-8a43-97659dd401d8-4.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\1d7b69fe-9686-45b6-8a43-97659dd401d8-5.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\360-42822.crx, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\42822.crx, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\42822.xpi, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\background.html, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\bgNova.html, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-codedownloader.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-nova.dll, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4-novainstaller.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Shop_an_Up-1.4.ico, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\Uninstall.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.ShopUp.A, C:\Program Files\Shop_an_Up-1.4\utils.exe, Quarantined, [bce5750089f2ea4c044ccccc2dd501ff], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14677974128597105a6d79f88e5ed79a");), Replaced,[a5fc561f4b3053e3a074abf02dd7ad53]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.