Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for I-Cinema

- - - - -
Started by Metallica , Aug 13 2014 12:34 PM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 13 August 2014 - 12:34 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is I-Cinema?

The Malwarebytes research team has determined that I-Cinema is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by I-Cinema?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

and this entry in your list of installed programs:

warning4.png


How did I-Cinema get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove I-Cinema?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of I-Cinema?
  • No, Malwarebytes' Anti-Malware removes I-Cinema completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the I-Cinema hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0061365 - {11111111-1111-1111-1111-110611131165} - C:\Program Files\I - Cinema\I - Cinema-bho.dll
Alterations made by the installer:

File system details  
---------------------------------------------
    Adds the folder C:\Program Files\I - Cinema
       Adds the file 1293297481.mxaddon"="8/3/2014 10:53 AM, 38028 bytes, A
       Adds the file 43d2b6aa-c13a-4aee-80e5-d6f902e71fb9.crx"="8/13/2014 8:04 PM, 277815 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6.crx"="8/13/2014 8:04 PM, 276612 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6.xpi"="8/13/2014 8:04 PM, 317822 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11.exe"="8/13/2014 8:04 PM, 1868312 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2.exe"="8/13/2014 8:04 PM, 343576 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-4.exe"="8/13/2014 8:04 PM, 1398808 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5.exe"="8/13/2014 8:04 PM, 444952 bytes, A
       Adds the file background.html"="8/4/2014 2:05 PM, 729 bytes, A
       Adds the file I - Cinema.ico"="8/4/2014 2:05 PM, 9662 bytes, A
       Adds the file I - Cinema-bg.exe"="8/13/2014 8:04 PM, 547864 bytes, A
       Adds the file I - Cinema-bho.dll"="8/13/2014 8:04 PM, 528408 bytes, A
       Adds the file I - Cinema-codedownloader.exe"="8/13/2014 8:04 PM, 515608 bytes, A
       Adds the file Uninstall.exe"="8/13/2014 8:04 PM, 87576 bytes, A
       Adds the file utils.exe"="8/13/2014 8:04 PM, 2337388 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]
       Adds the file chrome.manifest"="8/13/2014 8:04 PM, 498 bytes, A
       Adds the file install.rdf"="8/13/2014 8:04 PM, 1221 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences
       Adds the file prefs.js"="8/13/2014 8:04 PM, 2689 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData
       Adds the file manifest.xml"="8/13/2014 8:04 PM, 1692 bytes, A
       Adds the file plugins.json"="8/13/2014 8:04 PM, 9273 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode
       Adds the file background.js"="8/13/2014 8:04 PM, 2293 bytes, A
       Adds the file extension.js"="8/13/2014 8:04 PM, 1 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US
       Adds the file translations.dtd"="8/13/2014 8:04 PM, 425 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin
    In the existing folder C:\Windows\System32\Tasks
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-1"="8/13/2014 8:04 PM, 4586 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11"="8/13/2014 8:04 PM, 6822 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2"="8/13/2014 8:04 PM, 4344 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5"="8/13/2014 8:04 PM, 4444 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5_user"="8/13/2014 8:04 PM, 4464 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-1.job"="8/13/2014 8:04 PM, 1556 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-11.job"="8/13/2014 8:04 PM, 3792 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-2.job"="8/13/2014 8:04 PM, 1314 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5.job"="8/13/2014 8:04 PM, 1414 bytes, A
       Adds the file 62e6aae8-e552-4861-8904-92605cf886f6-5_user.job"="8/13/2014 8:04 PM, 1428 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}]
       "(Default)"="REG_SZ", "I - Cinema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0061365.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611131165}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0061365"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622132265}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO]
       "(Default)"="REG_SZ", "CrossriderApp0061365"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611131165}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0061365"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO.1]
       "(Default)"="REG_SZ", "CrossriderApp0061365"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.BHO.1\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611131165}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622132265}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox.1]
       "(Default)"="REG_SZ", "CrossriderApp0061365.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0061365.Sandbox.1\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622132265}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}]
       "(Default)"="REG_SZ", "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655135565}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}]
       "(Default)"="REG_SZ", "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666136665}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644134465}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0]
       "(Default)"="REG_SZ", "CrossriderApp0061365 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema\I - Cinema-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644134465}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\I - Cinema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Firefox]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\IE]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\I - Cinema\Installer]
       "BundledAddCh"="REG_DWORD", 1
       "BundledFirefox"="REG_DWORD", 1
       "BundledIe"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25257]
       "61365"="REG_SZ", "I - Cinema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\25257\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611131165}]
       "(Default)"="REG_SZ", "CrossriderApp0061365"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
       "{11111111-1111-1111-1111-110611131165}"="REG_SZ", "1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema]
       "CrAppId"="REG_SZ", "61365"
       "CrPublisherId"="REG_SZ", "25257"
       "DisplayIcon"="REG_SZ", "C:\Program Files\I - Cinema\utils.exe"
       "DisplayName"="REG_SZ", "I - Cinema"
       "DisplayVersion"="REG_SZ", "1.34.7.29"
       "Publisher"="REG_SZ", "DiscountFrenzy"
       "UninstallString"="REG_SZ", "C:\Program Files\I - Cinema\Uninstall.exe /fcp=1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "62e6aae8-e552-4861-8904-92605cf886f6-1.job"="REG_BINARY, .......U........................
       "62e6aae8-e552-4861-8904-92605cf886f6-1.job.fp"="REG_DWORD", 859561424
       "62e6aae8-e552-4861-8904-92605cf886f6-11.job"="REG_BINARY, ................................
       "62e6aae8-e552-4861-8904-92605cf886f6-11.job.fp"="REG_DWORD", -1021092544
       "62e6aae8-e552-4861-8904-92605cf886f6-2.job"="REG_BINARY, ................................
       "62e6aae8-e552-4861-8904-92605cf886f6-2.job.fp"="REG_DWORD", 1047259439
       "62e6aae8-e552-4861-8904-92605cf886f6-5.job"="REG_BINARY, ................................
       "62e6aae8-e552-4861-8904-92605cf886f6-5.job.fp"="REG_DWORD", -70658665
       "62e6aae8-e552-4861-8904-92605cf886f6-5_user.job"="REG_BINARY, ................................
       "62e6aae8-e552-4861-8904-92605cf886f6-5_user.job.fp"="REG_DWORD", 200857849
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "21EEE1E9BD7B4EBF9E8EBC2D11B3DACDIE"
       "Verifier"="REG_SZ", "49dffa4ae3868fb807d09375cbd4c991"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]
       "61365"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]
       "61365"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema]
       "ActiveAppId"="REG_SZ", "61365"
       "BhoRunningVersion"="REG_SZ", "153"
       "IsBhoEnabled"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Background]
       " { javascript removed, full log available by request } "
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Debug]
       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"
       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"
       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"
       "IsDebuggingPlugins"="REG_DWORD", 0
       "IsDebugMode"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Installer]
       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733627, 0]}"
       "CodeDownloadDomain"="REG_SZ", "http://js.infostatsserv.com"
       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"
       "DefaultBrowser"="REG_SZ", "ie"
       "ErrorsDomain"="REG_SZ", "http://errors.infostatsserv.com"
       "FullVersion"="REG_SZ", "1.34.7.29"
       "FullVersionForUrl"="REG_SZ", "1_34_07_29"
       "OsName"="REG_SZ", "7"
       "Params"="REG_SZ", "{   "source_id" : "001837",   "sub_id" : "0",   "uzid" : "0"}"
       "SrcId"="REG_SZ", "001837"
       "StatsDomain"="REG_SZ", "http://stats.infostatsserv.com"
       "SubId"="REG_SZ", "0"
       "Time"="REG_SZ", "1407953048"
       "ZData"="REG_SZ", "0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Manifest]
       "AddressbarURL"="REG_SZ", "NA"
       "BgVersion"="REG_SZ", "1"
       "ChangePrevious"="REG_SZ", "false"
       "Description"="REG_SZ", "Lights out for YouTube"
       "DisableIe"="REG_SZ", "true"
       "EnableSearchIE"="REG_SZ", "false"
       "HomePageUrl"="REG_SZ", "NA"
       "IsButtonEnabled"="REG_SZ", "false"
       "Manifest"="REG_SZ", "NA"
       "ModeType"="REG_SZ", "production"
       "Name"="REG_SZ", "I - Cinema"
       "PluginsManifestVersion"="REG_SZ", "18"
       "PublisherId"="REG_SZ", "25257"
       "PublisherName"="REG_SZ", "DiscountFrenzy"
       "RunInFrame"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "ThanksUrl"="REG_SZ", "NA"
       "UninstallerOfferAction"="REG_SZ", "NA"
       "UninstallerOfferUrl"="REG_SZ", "NA"
       "UpdateInterval"="REG_DWORD", 360
       "Version"="REG_SZ", "25"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\I - Cinema\Update]
       "LastCheck"="REG_DWORD", 1407953061
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\25257]
       "61365"="REG_SZ", "I - Cinema"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\25257\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\DiscountFrenzy]
       "61365"="REG_SZ", "I - Cinema"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611131165}]
       "Flags"="REG_DWORD", 1024
       "VerCache"="REG_BINARY, .H...F................
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/13/2014
Scan Time: 8:09:12 PM
Logfile: mbamICinema.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.13.05
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 254296
Time Elapsed: 2 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 36
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644134465}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655135565}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666136665}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.BHO.1, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.BHO, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611131165}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622132265}, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.Sandbox.1, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0061365.Sandbox, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611131165}\INPROCSERVER32, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\I - Cinema, Quarantined, [a475e6e00e6d7db9367085561fe31de3], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [ae6b3492ceada3937e42a43d4ab8f60a], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25257, Quarantined, [ad6c02c42f4c0b2bcd273ebeb34f1ce4], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [c851d5f1582392a4d6ed350d61a356aa], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [9f7a8d39c4b7c67002c2330f49bb8779], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [5fba7b4b8af10531fec5c271e024a15f], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\I - Cinema, Quarantined, [14055a6cccaffa3c1a8ac7147989a45c], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25257, Quarantined, [6faa81455c1fb6806c76766509f946ba], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\DiscountFrenzy, Quarantined, [c752f6d05427ef47663cb02b8a78e41c], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.ICinema.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I - Cinema, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 

Registry Values: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [ae6b3492ceada3937e42a43d4ab8f60a]

Registry Data: 0
(No malicious items detected)

Folders: 21
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{1BC62FE5-C4AA-4F0E-B5C3-0E27974EBA0B}, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected], Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 

Files: 158
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-bho.dll, Quarantined, [5ebb09bdc6b5f343294d159312ef51af], 
PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\I - Cinema.exe, Quarantined, [c653dee897e42115cb6bf05c58a812ee], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-1, Quarantined, [c257e0e64536181eb902548d748ecf31], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-11, Quarantined, [5abfb412116aab8bf5c6746d51b1f50b], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-2, Quarantined, [29f0ebdb81fac86e932837aa956d8f71], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5, Quarantined, [36e3378f94e78fa7516a8d5436cc23dd], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5_user, Quarantined, [0613873fc2b9280ead0e578a61a1847c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-1.job, Quarantined, [39e09e2899e2f64059df2a16fa0aa858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-11.job, Quarantined, [0910477fa8d3d363aa8eb38d42c2827e], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-2.job, Quarantined, [6eaba0264635a096a98fec54c53fd22e], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5.job, Quarantined, [8099a224d4a73006a2961030996b966a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\62e6aae8-e552-4861-8904-92605cf886f6-5_user.job, Quarantined, [a2772c9afa8188aef444ab958b79e917], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [2eeb18ae9fdc69cd80ce77c915eff60a], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [21f80bbb7cff5dd9222d0c34d92be21e], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [ff1ac204b2c9191d4e02f44c22e2e11f], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [5cbd7650e8933df9d37e97a916eefb05], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [8891a42224577cba834205cac240a759], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleCrashHandler.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdate.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateBroker.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateHelper.msi, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\GoogleUpdateOnDemand.exe, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\goopdate.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\goopdateres_en.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\npGoogleUpdate4.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\psmachine.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.307657\psuser.dll, Quarantined, [8b8e7f473d3e2d099b46725d7c8632ce], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome.manifest, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\install.rdf, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\1ad5b9fe535a8f6f8c88f4299f306b90.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\1ef6cb6f295d60cd6935171543aa81cc.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\51e629182ea6180c2456a778a13725a3.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\8f3121f93a1f9b9d1babed7275e6bdb1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\ba693db027f837c3bf34e426ad14618e.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\background.html, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\browser.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\dialog.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\f4a3c567461261bb1d70ae171cef0026.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\options.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\options.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\search_dialog.xul, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\91a70de2488eb2ca0b4f5c19b3cf47a2.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\16e7705cc8206458953a8b930ec118a7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\224fee945f04cbdbb2737a6af67e8fe2.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\398e143ba94977ea2c4b22a18e709726.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\44e6366017415322682788cfdb4ac8ef.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\53a0891845cb0b8c0624ada8a95de2e1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\5ba105895c9a90d48294990bdc89a939.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\6920762430c00f6b0ab9a873384f9c3f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\78dda46083380bc3ba4c9c4ae975a463.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\a4122c9c02ecf7f7a79046ab47192892.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\c214de865cf3f422172044578eddfa6f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\c651b4aac18f26bf1af3f3b663de22c4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\db9bb87c89b3ce93c947f39a0cffdeca.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\e614d05111fa27fc2aba8cfa71761cd9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\e811fb4cc8e69161f2f480db104d6707.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\f0cd904d763c8d83a55c08b257c8f624.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\0905233a8b2cf2bdf63952ca1bb71e4d.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\1d4ceafab401a07f8ff99f264e5dd36c.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\35ff2b942cef611b185566ce12e9d9e9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\36a870ca3d9d4f5da62c051beae274ac.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\3cee61735270a0dd79b240cc85624d09.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\3d0d2c673bc8be7dcfe7d65207edc207.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\498df3e7878c0b0b10aca8a4f1634633.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\4ca439045a27b407ccaf4c3bdf0cb433.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\4f06a79cdddf7466884b252ca59d7ec4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\8ab1b30c3b6663228ede423b5d9f16b8.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\ac07254cf491ac60691904951e10d629.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\b6125149906fe869817978762950aefc.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\d0fbb8d40c2159fd69fce2a476a088ae.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\d13d9ed307f5227577d3e21b4b94ba03.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\d3349cc8191a7c4ecf2240eb65fc62a9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\d688631e092b550c6e11e818020ac15d.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\dad6acb65024327f1b365ad5c2e99382.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\e6521d64d973ca82b747d26386c4ad2b.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\ece817baa4f28816639bf6d64e39d90f.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\ffe22cc8a6ecc51f69c9455de33468f7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\installer.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences\prefs.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\manifest.xml, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins.json, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\1.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\102.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\104.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\13.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\14.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\16.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\17.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\177.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\180.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\182.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\183.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\190.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\191.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\192.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\207.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\21.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\22.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\220.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\221.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\223.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\246.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\263.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\268.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\28.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\289.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\4.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\47.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\64.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\7.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\72.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\78.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\9.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\91.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\93.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\98.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode\background.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode\extension.js, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US\translations.dtd, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button1.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button2.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button3.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button4.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button5.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\crossrider_statusbar.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon128.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon16.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon24.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon48.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\panelarrow-up.png, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\popup.html, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\skin.css, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\update.css, Quarantined, [6faa685e1269290da4e19f3654ae619f], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\1293297481.mxaddon, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\43d2b6aa-c13a-4aee-80e5-d6f902e71fb9.crx, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-11.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-2.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-4.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6-5.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6.crx, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\62e6aae8-e552-4861-8904-92605cf886f6.xpi, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\background.html, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-bg.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema-codedownloader.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\I - Cinema.ico, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\Uninstall.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 
PUP.Optional.ICinema.A, C:\Program Files\I - Cinema\utils.exe, Quarantined, [4fca299d96e5102688cb5f7859a9bd43], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.