Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Pricora

- - - - -
Started by Metallica , Feb 15 2014 07:23 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 15 February 2014 - 07:23 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Pricora?

The Malwarebytes research team has determined that Pricora is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice.
This particular one displays advertisements in your browser(s).

How do I know if my computer is effected by Pricora?

This is how the welcome page looks:

Posted Image

And you may see these toolbars/extensions:

Posted Image

Posted Image

Posted Image

and this entry in your list of installed programs:

Posted Image

How did Pricora get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Pricora?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:

    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.


Is there anything else I need to do to get rid of Pricora?

  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.


How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Pricora rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


Posted Image


Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0035499 - {11111111-1111-1111-1111-110311541199} - C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dll

Alterations made by the installer:

File system details 
---------------------------------------------
    Adds the folder C:\Program Files\Pricora 2.0
       Adds the file 35499.crx"="2/15/2014 10:02 AM, 314129 bytes, A
       Adds the file 35499.xpi"="2/15/2014 10:02 AM, 348437 bytes, A
       Adds the file background.html"="11/13/2013 7:42 PM, 729 bytes, A
       Adds the file Installer.log"="2/15/2014 10:02 AM, 229193 bytes, A
       Adds the file Pricora 2.0.ico"="11/13/2013 7:42 PM, 9662 bytes, A
       Adds the file Pricora 2.0-bg.exe"="2/15/2014 10:02 AM, 767488 bytes, A
       Adds the file Pricora 2.0-bho.dll"="2/15/2014 10:02 AM, 636928 bytes, A
       Adds the file Pricora 2.0-buttonutil.dll"="2/15/2014 10:02 AM, 423936 bytes, A
       Adds the file Pricora 2.0-buttonutil.exe"="2/15/2014 10:02 AM, 327168 bytes, A
       Adds the file Pricora 2.0-chromeinstaller.exe"="2/15/2014 10:02 AM, 497664 bytes, A
       Adds the file Pricora 2.0-codedownloader.exe"="2/15/2014 10:02 AM, 514048 bytes, A
       Adds the file Pricora 2.0-enabler.exe"="2/15/2014 10:02 AM, 334336 bytes, A
       Adds the file Pricora 2.0-firefoxinstaller.exe"="2/15/2014 10:02 AM, 763392 bytes, A
       Adds the file Pricora 2.0-helper.exe"="2/15/2014 10:02 AM, 331264 bytes, A
       Adds the file Pricora 2.0-updater.exe"="2/15/2014 10:02 AM, 346112 bytes, A
       Adds the file Uninstall.exe"="2/15/2014 10:02 AM, 159232 bytes, A
       Adds the file utils.exe"="2/15/2014 10:02 AM, 966319 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gmookaamlkjilnemkglmedgieblahbcn_0
       Adds the file 1"="2/15/2014 10:06 AM, 24576 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0
       Adds the file background.html"="2/15/2014 10:02 AM, 1567 bytes, A
       Adds the file crossriderManifest.json"="2/15/2014 10:02 AM, 739 bytes, A
       Adds the file manifest.json"="2/15/2014 10:02 AM, 1179 bytes, A
       Adds the file popup.html"="2/15/2014 10:02 AM, 139 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData
       Adds the file manifest.xml"="2/15/2014 10:02 AM, 1742 bytes, A
       Adds the file plugins.json"="2/15/2014 10:02 AM, 12186 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins
       Adds the file 1_base.js"="2/15/2014 10:02 AM, 6908 bytes, A
       Adds the file 102_dealply_m.js"="2/15/2014 10:02 AM, 2247 bytes, A
       Adds the file 103_intext_5_m.js"="2/15/2014 10:02 AM, 3094 bytes, A
       Adds the file 104_jollywallet_m.js"="2/15/2014 10:02 AM, 1383 bytes, A
       Adds the file 105_corticas_m.js"="2/15/2014 10:02 AM, 632 bytes, A
       Adds the file 108_icm_m.js"="2/15/2014 10:02 AM, 5117 bytes, A
       Adds the file 117_coupons_intext_ads_5_m.js"="2/15/2014 10:02 AM, 3217 bytes, A
       Adds the file 119_similar_web_m.js"="2/15/2014 10:02 AM, 5227 bytes, A
       Adds the file 120_luck_m.js"="2/15/2014 10:02 AM, 1238 bytes, A
       Adds the file 123_intext_adv_m.js"="2/15/2014 10:02 AM, 899 bytes, A
       Adds the file 124_superfish_no_search_no_coupons_m.js"="2/15/2014 10:02 AM, 790 bytes, A
       Adds the file 125_arcadi2_m.js"="2/15/2014 10:02 AM, 922 bytes, A
       Adds the file 126_revizer_ws_m.js"="2/15/2014 10:02 AM, 1366 bytes, A
       Adds the file 127_revizer_p_m.js"="2/15/2014 10:02 AM, 1247 bytes, A
       Adds the file 128_superfish_pricora_m.js"="2/15/2014 10:02 AM, 763 bytes, A
       Adds the file 13_CrossriderAppUtils.js"="2/15/2014 10:02 AM, 7056 bytes, A
       Adds the file 135_arcadi3_m.js"="2/15/2014 10:02 AM, 922 bytes, A
       Adds the file 138_getdeal_m.js"="2/15/2014 10:02 AM, 1416 bytes, A
       Adds the file 14_CrossriderUtils.js"="2/15/2014 10:02 AM, 12369 bytes, A
       Adds the file 141_corticas_ru_m.js.js"="2/15/2014 10:02 AM, 720 bytes, A
       Adds the file 142_intext_fa_m.js"="2/15/2014 10:02 AM, 819 bytes, A
       Adds the file 155_ibario_pops_m.js"="2/15/2014 10:02 AM, 735 bytes, A
       Adds the file 158_50onred_ads_only_no_fb_m.js"="2/15/2014 10:02 AM, 2402 bytes, A
       Adds the file 159_cortica_rollover_m.js"="2/15/2014 10:02 AM, 775 bytes, A
       Adds the file 17_jQuery.js"="2/15/2014 10:02 AM, 79982 bytes, A
       Adds the file 171_arcadi2_sourceID_m.js"="2/15/2014 10:02 AM, 997 bytes, A
       Adds the file 174_arcadi_serp_dynamic_id_m.js"="2/15/2014 10:02 AM, 981 bytes, A
       Adds the file 175_coolmirage_m.js"="2/15/2014 10:02 AM, 3760 bytes, A
       Adds the file 178_revizer_ws_dynamic_m.js"="2/15/2014 10:02 AM, 1094 bytes, A
       Adds the file 179_revizer_p_dynamic_m.js"="2/15/2014 10:02 AM, 1092 bytes, A
       Adds the file 180_bpo_serp_m.js"="2/15/2014 10:02 AM, 992 bytes, A
       Adds the file 184_noproblemppc_m.js"="2/15/2014 10:02 AM, 1053 bytes, A
       Adds the file 19_CHAppAPIWrapper.js"="2/15/2014 10:02 AM, 6327 bytes, A
       Adds the file 21_debug.js"="2/15/2014 10:02 AM, 3676 bytes, A
       Adds the file 22_resources.js"="2/15/2014 10:02 AM, 9082 bytes, A
       Adds the file 28_initializer.js"="2/15/2014 10:02 AM, 664 bytes, A
       Adds the file 4_jquery_1_7_1.js"="2/15/2014 10:02 AM, 94180 bytes, A
       Adds the file 47_resources_background.js"="2/15/2014 10:02 AM, 7720 bytes, A
       Adds the file 64_appApiMessage.js"="2/15/2014 10:02 AM, 2332 bytes, A
       Adds the file 7_hooks.js"="2/15/2014 10:02 AM, 801 bytes, A
       Adds the file 72_appApiValidation.js"="2/15/2014 10:02 AM, 23239 bytes, A
       Adds the file 78_CrossriderInfo.js"="2/15/2014 10:02 AM, 2234 bytes, A
       Adds the file 80_CHPopupAppAPI.js"="2/15/2014 10:02 AM, 194 bytes, A
       Adds the file 87_ginyas_wrapper.js"="2/15/2014 10:02 AM, 20377 bytes, A
       Adds the file 9_search_engine_hook.js"="2/15/2014 10:02 AM, 2285 bytes, A
       Adds the file 91_monetizationLoader.js.js"="2/15/2014 10:02 AM, 141780 bytes, A
       Adds the file 93_superfish_no_coupons_m.js"="2/15/2014 10:02 AM, 775 bytes, A
       Adds the file 97_resourceApiWrapper.js"="2/15/2014 10:02 AM, 3299 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode
       Adds the file background.js"="2/15/2014 10:02 AM, 428 bytes, A
       Adds the file extension.js"="2/15/2014 10:02 AM, 1262 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons
       Adds the file icon128.png"="2/15/2014 10:02 AM, 64665 bytes, A
       Adds the file icon16.png"="2/15/2014 10:02 AM, 1404 bytes, A
       Adds the file icon48.png"="2/15/2014 10:02 AM, 5415 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions
       Adds the file 1.png"="2/15/2014 10:02 AM, 1223 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js
       Adds the file background.js"="2/15/2014 10:02 AM, 28910 bytes, A
       Adds the file main.js"="2/15/2014 10:02 AM, 8452 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api
       Adds the file chrome.js"="2/15/2014 10:02 AM, 11521 bytes, A
       Adds the file cookie.js"="2/15/2014 10:02 AM, 11793 bytes, A
       Adds the file message.js"="2/15/2014 10:02 AM, 3346 bytes, A
       Adds the file pageAction.js"="2/15/2014 10:02 AM, 1737 bytes, A
       Adds the file pageActionBG.js"="2/15/2014 10:02 AM, 2519 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib
       Adds the file app_api.js"="2/15/2014 10:02 AM, 6317 bytes, A
       Adds the file bg_app_api.js"="2/15/2014 10:02 AM, 4502 bytes, A
       Adds the file consts.js"="2/15/2014 10:02 AM, 335 bytes, A
       Adds the file cookie_store.js"="2/15/2014 10:02 AM, 5905 bytes, A
       Adds the file crossriderAPI.js"="2/15/2014 10:02 AM, 11366 bytes, A
       Adds the file delegate.js"="2/15/2014 10:02 AM, 2002 bytes, A
       Adds the file events.js"="2/15/2014 10:02 AM, 5757 bytes, A
       Adds the file extensionDataStore.js"="2/15/2014 10:02 AM, 6294 bytes, A
       Adds the file installer.js"="2/15/2014 10:02 AM, 288 bytes, A
       Adds the file logFile.js"="2/15/2014 10:02 AM, 775 bytes, A
       Adds the file logging.js"="2/15/2014 10:02 AM, 944 bytes, A
       Adds the file onBGDocumentLoad.js"="2/15/2014 10:02 AM, 480 bytes, A
       Adds the file reports.js"="2/15/2014 10:02 AM, 4841 bytes, A
       Adds the file storageWrapper.js"="2/15/2014 10:02 AM, 903 bytes, A
       Adds the file updateManager.js"="2/15/2014 10:02 AM, 5665 bytes, A
       Adds the file util.js"="2/15/2014 10:02 AM, 5142 bytes, A
       Adds the file xhr.js"="2/15/2014 10:02 AM, 2478 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource
       Adds the file newPopup.js"="2/15/2014 10:02 AM, 40 bytes, A
       Adds the file popup.js"="2/15/2014 10:02 AM, 45 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gmookaamlkjilnemkglmedgieblahbcn
       Adds the file 000003.log"="2/15/2014 10:07 AM, 1265161 bytes, A
       Adds the file CURRENT"="2/15/2014 10:06 AM, 16 bytes, A
       Adds the file LOCK"="2/15/2014 10:06 AM, 0 bytes, A
       Adds the file LOG"="2/15/2014 10:06 AM, 47 bytes, A
       Adds the file MANIFEST-000002"="2/15/2014 10:06 AM, 50 bytes, A
    In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage
       Adds the file chrome-extension_fnopmpmeehlabkfhidnechiihgpfoaif_0.localstorage"="2/15/2014 10:06 AM, 3072 bytes, A
       Adds the file chrome-extension_fnopmpmeehlabkfhidnechiihgpfoaif_0.localstorage-journal"="2/15/2014 10:06 AM, 3608 bytes, A
       Adds the file chrome-extension_gmookaamlkjilnemkglmedgieblahbcn_0.localstorage"="2/15/2014 10:06 AM, 3072 bytes, A
       Adds the file chrome-extension_gmookaamlkjilnemkglmedgieblahbcn_0.localstorage-journal"="2/15/2014 10:06 AM, 3608 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Mozilla\Firefox\Profiles\joxsq3f5.default\Cache\0\C9
       Adds the file B1E10d01"="2/15/2014 10:05 AM, 141433 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Mozilla\Firefox\Profiles\joxsq3f5.default\Cache\6\BC
       Adds the file 1ED46d01"="2/15/2014 10:05 AM, 30273 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Mozilla\Firefox\Profiles\joxsq3f5.default\Cache\A\24
       Adds the file 98602d01"="2/15/2014 10:05 AM, 20672 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YWXMKK7J\cdncache-a.akamaihd.net\items\e6a00\storage.swf
       Adds the file gpl.sol"="2/15/2014 10:03 AM, 237 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YWXMKK7J\www.ajaxcdn.org\swf.swf
       Adds the file dm_cookie.sol"="2/15/2014 10:03 AM, 415 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net
       Adds the file settings.sol"="2/15/2014 10:02 AM, 93 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ajaxcdn.org
       Adds the file settings.sol"="2/15/2014 10:02 AM, 85 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\bookmarkbackups
       Adds the file bookmarks-2014-02-15_5.json"="2/15/2014 10:06 AM, 3035 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\c8fc5aa5-ee60-4adf-a5f4-b8ce72dcb8bd@6a0d5eea-5b10-4e7f-99b7-839d7b38ef14.com\extensionData\plugins
       Adds the file 1_base.js"="2/15/2014 10:05 AM, 6792 bytes, A
       Adds the file 102_dealply_m.js"="2/15/2014 10:02 AM, 2247 bytes, A
       Adds the file 103_intext_5_m.js"="2/15/2014 10:05 AM, 2284 bytes, A
       Adds the file 104_jollywallet_m.js"="2/15/2014 10:05 AM, 1316 bytes, A
       Adds the file 105_corticas_m.js"="2/15/2014 10:02 AM, 632 bytes, A
       Adds the file 108_icm_m.js"="2/15/2014 10:02 AM, 5117 bytes, A
       Adds the file 117_coupons_intext_ads_5_m.js"="2/15/2014 10:02 AM, 3217 bytes, A
       Adds the file 119_similar_web_m.js"="2/15/2014 10:05 AM, 5039 bytes, A
       Adds the file 120_luck_m.js"="2/15/2014 10:02 AM, 1238 bytes, A
       Adds the file 123_intext_adv_m.js"="2/15/2014 10:02 AM, 899 bytes, A
       Adds the file 124_superfish_no_search_no_coupons_m.js"="2/15/2014 10:02 AM, 790 bytes, A
       Adds the file 125_arcadi2_m.js"="2/15/2014 10:02 AM, 922 bytes, A
       Adds the file 126_revizer_ws_m.js"="2/15/2014 10:02 AM, 1366 bytes, A
       Adds the file 127_revizer_p_m.js"="2/15/2014 10:02 AM, 1247 bytes, A
       Adds the file 128_superfish_pricora_m.js"="2/15/2014 10:05 AM, 537 bytes, A
       Adds the file 13_CrossriderAppUtils.js"="2/15/2014 10:02 AM, 7056 bytes, A
       Adds the file 135_arcadi3_m.js"="2/15/2014 10:02 AM, 922 bytes, A
       Adds the file 138_getdeal_m.js"="2/15/2014 10:02 AM, 1416 bytes, A
       Adds the file 14_CrossriderUtils.js"="2/15/2014 10:05 AM, 20672 bytes, A
       Adds the file 141_corticas_ru_m.js.js"="2/15/2014 10:02 AM, 720 bytes, A
       Adds the file 142_intext_fa_m.js"="2/15/2014 10:02 AM, 819 bytes, A
       Adds the file 155_ibario_pops_m.js"="2/15/2014 10:02 AM, 735 bytes, A
       Adds the file 158_50onred_ads_only_no_fb_m.js"="2/15/2014 10:02 AM, 2402 bytes, A
       Adds the file 159_cortica_rollover_m.js"="2/15/2014 10:02 AM, 775 bytes, A
       Adds the file 16_FFAppAPIWrapper.js"="2/15/2014 10:05 AM, 16020 bytes, A
       Adds the file 17_jQuery.js"="2/15/2014 10:02 AM, 79982 bytes, A
       Adds the file 171_arcadi2_sourceID_m.js"="2/15/2014 10:02 AM, 997 bytes, A
       Adds the file 174_arcadi_serp_dynamic_id_m.js"="2/15/2014 10:02 AM, 981 bytes, A
       Adds the file 175_coolmirage_m.js"="2/15/2014 10:02 AM, 3760 bytes, A
       Adds the file 177_crossriderDashboard.js"="2/15/2014 10:05 AM, 30273 bytes, A
       Adds the file 178_revizer_ws_dynamic_m.js"="2/15/2014 10:02 AM, 1094 bytes, A
       Adds the file 179_revizer_p_dynamic_m.js"="2/15/2014 10:02 AM, 1092 bytes, A
       Adds the file 180_bpo_serp_m.js"="2/15/2014 10:05 AM, 835 bytes, A
       Adds the file 182_openUrl.js"="2/15/2014 10:05 AM, 14179 bytes, A
       Adds the file 183_tabsWrapper.js"="2/15/2014 10:05 AM, 2425 bytes, A
       Adds the file 184_noproblemppc_m.js"="2/15/2014 10:02 AM, 1053 bytes, A
       Adds the file 207_dbWrapper.js"="2/15/2014 10:05 AM, 1535 bytes, A
       Adds the file 21_debug.js"="2/15/2014 10:02 AM, 3676 bytes, A
       Adds the file 211_revizer_ws_dynamic_b2b_light_m.js"="2/15/2014 10:05 AM, 763 bytes, A
       Adds the file 22_resources.js"="2/15/2014 10:02 AM, 9082 bytes, A
       Adds the file 28_initializer.js"="2/15/2014 10:02 AM, 664 bytes, A
       Adds the file 4_jquery_1_7_1.js"="2/15/2014 10:02 AM, 94180 bytes, A
       Adds the file 47_resources_background.js"="2/15/2014 10:02 AM, 7720 bytes, A
       Adds the file 64_appApiMessage.js"="2/15/2014 10:02 AM, 2332 bytes, A
       Adds the file 7_hooks.js"="2/15/2014 10:02 AM, 801 bytes, A
       Adds the file 72_appApiValidation.js"="2/15/2014 10:02 AM, 23239 bytes, A
       Adds the file 78_CrossriderInfo.js"="2/15/2014 10:02 AM, 2234 bytes, A
       Adds the file 87_ginyas_wrapper.js"="2/15/2014 10:02 AM, 20377 bytes, A
       Adds the file 9_search_engine_hook.js"="2/15/2014 10:02 AM, 2285 bytes, A
       Adds the file 91_monetizationLoader.js.js"="2/15/2014 10:05 AM, 141433 bytes, A
       Adds the file 93_superfish_no_coupons_m.js"="2/15/2014 10:05 AM, 623 bytes, A
       Adds the file 98_omniCommands.js"="2/15/2014 10:02 AM, 1936 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\c8fc5aa5-ee60-4adf-a5f4-b8ce72dcb8bd@6a0d5eea-5b10-4e7f-99b7-839d7b38ef14.com\skin
       Adds the file button1.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file button2.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file button3.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file button4.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file button5.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file crossrider_statusbar.png"="2/15/2014 10:02 AM, 1361 bytes, A
       Adds the file icon128.png"="2/15/2014 10:02 AM, 64665 bytes, A
       Adds the file icon16.png"="2/15/2014 10:02 AM, 1404 bytes, A
       Adds the file icon24.png"="2/15/2014 10:02 AM, 2980 bytes, A
       Adds the file icon48.png"="2/15/2014 10:02 AM, 5415 bytes, A
       Adds the file panelarrow-up.png"="2/15/2014 10:02 AM, 917 bytes, A
       Adds the file popup.html"="2/15/2014 10:02 AM, 349 bytes, A
       Adds the file skin.css"="2/15/2014 10:02 AM, 990 bytes, A
       Adds the file update.css"="2/15/2014 10:02 AM, 140 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Pricora 2.0-chromeinstaller"="2/15/2014 10:02 AM, 4926 bytes, A
       Adds the file Pricora 2.0-codedownloader"="2/15/2014 10:02 AM, 4230 bytes, A
       Adds the file Pricora 2.0-enabler"="2/15/2014 10:02 AM, 4130 bytes, A
       Adds the file Pricora 2.0-firefoxinstaller"="2/15/2014 10:02 AM, 4850 bytes, A
       Adds the file Pricora 2.0-updater"="2/15/2014 10:02 AM, 4328 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file Pricora 2.0-chromeinstaller.job"="2/15/2014 10:02 AM, 1896 bytes, A
       Adds the file Pricora 2.0-codedownloader.job"="2/15/2014 10:02 AM, 1200 bytes, A
       Adds the file Pricora 2.0-enabler.job"="2/15/2014 10:02 AM, 1100 bytes, A
       Adds the file Pricora 2.0-firefoxinstaller.job"="2/15/2014 10:02 AM, 1820 bytes, A
       Adds the file Pricora 2.0-updater.job"="2/15/2014 10:02 AM, 1298 bytes, A

Registry details 
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}]
       "(Default)"="REG_SZ, "Pricora 2.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\Implemented Categories]
       "(Default)"="REG_SZ, ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ, ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\InprocServer32]
       "(Default)"="REG_SZ, "C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dll"
       "ThreadingModel"="REG_SZ, "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\ProgID]
       "(Default)"="REG_SZ, "CrossriderApp0035499.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\TypeLib]
       "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440344544499}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541199}\VersionIndependentProgID]
       "(Default)"="REG_SZ, "CrossriderApp0035499"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}]
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}\InprocServer32]
       "(Default)"="REG_SZ, "C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dll"
       "ThreadingModel"="REG_SZ, "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}\ProgID]
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}\TypeLib]
       "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440344544499}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542299}\VersionIndependentProgID]
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.BHO]
       "(Default)"="REG_SZ, "CrossriderApp0035499"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.BHO\CLSID]
       "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110311541199}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.BHO\CurVer]
       "(Default)"="REG_SZ, "CrossriderApp0035499"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.BHO.1]
       "(Default)"="REG_SZ, "CrossriderApp0035499"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.BHO.1\CLSID]
       "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110311541199}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.Sandbox
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.Sandbox\CLSID]
       "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220322542299}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.Sandbox\CurVer]
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.Sandbox.1]
       "(Default)"="REG_SZ, "CrossriderApp0035499.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0035499.Sandbox.1\CLSID]
       "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220322542299}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355545599}]
       "(Default)"="REG_SZ, "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355545599}\ProxyStubClsid]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355545599}\ProxyStubClsid32]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355545599}\TypeLib]
       "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440344544499}"
       "Version"="REG_SZ, "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366546699}]
       "(Default)"="REG_SZ, "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366546699}\ProxyStubClsid]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366546699}\ProxyStubClsid32]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366546699}\TypeLib]
       "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440344544499}"
       "Version"="REG_SZ, "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344544499}\1.0]
       "(Default)"="REG_SZ, "CrossriderApp0035499 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344544499}\1.0\0\win32]
       "(Default)"="REG_SZ, "C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344544499}\1.0\FLAGS]
       "(Default)"="REG_SZ, "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344544499}\1.0\HELPDIR]
       "(Default)"="REG_SZ, "C:\Program Files\Pricora 2.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
       "experiment_labels"= "REG_SZ, "CrVar1=3310649|Sat, 15 Feb 2015 09:06:37 GMT;CrVar2=3310629|Sat, 15 Feb 2015 09:06:37 GMT;CrVar3=3300164|Sat, 15 Feb 2015 09:06:37 GMT;
CrVar4=3300155|Sat, 15 Feb 2015 09:06:37 GMT;CrVar5=3300022|Sat, 15 Feb 2015 09:06:37 GMT;CrVar6=3300121|Sat, 15 Feb 2015 09:06:37 GMT;CrVar7=3300130|Sat, 15 Feb 2015 09:06:37 GMT;
CrVar8=3300118|Sat, 15 Feb 2015 09:06:37 GMT;CrVar9=3300135|Sat, 15 Feb 2015 09:06:37 GMT"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311541199}]
       "(Default)"="REG_SZ, "CrossriderApp0035499"
       "NoExplorer"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pricora 2.0]
       "CrAppId"="REG_SZ, "35499"
       "CrPublisherId"="REG_SZ, "17638"
       "DisplayIcon"="REG_SZ, "C:\Program Files\Pricora 2.0\utils.exe"
       "DisplayName"="REG_SZ, "Pricora 2.0"
       "DisplayVersion"="REG_SZ, "1.30.153.1"
       "Publisher"="REG_SZ, "Corporate Inc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\Chrome]
       "TotalProfiles"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\Chrome\Profiles]
       "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\Firefox]
       "TotalProfiles"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\IE]
       "TotalProfiles"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Pricora 2.0\Installer]
       "BundledChrome"="REG_DWORD, 1"
       "BundledFirefox"="REG_DWORD, 1"
       "BundledIe"="REG_DWORD, 1"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ, "F92A535B2CA14F008A8CE4F7387FB1C5IE"
       "Verifier"="REG_SZ, "2c5c8c436c68d0e0b5574060d1045632"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Debug]
       "DebuggedAppUrl"="REG_SZ, "file://C:\Users\{username}\Documents\debug.js"
       "DebuggedBgUrl"="REG_SZ, "file://C:\Users\{username}\Documents\bg_debug.js"
       "DebuggedNewTabUrl"="REG_SZ, "file://C:\Users\{username}\Documents\new_debug.js"
       "IsDebuggingPlugins"="REG_DWORD, 0"
       "IsDebugMode"="REG_DWORD, 0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Installer]
       "CodeDownloadDomain"="REG_SZ, "http://app-static.crossrider.com"
       "Domain"="REG_SZ, "http://app-static.crossrider.com"
       "ErrorsDomain"="REG_SZ, "http://errors.srvstatsdata.com"
       "FullVersion"="REG_SZ, "1.30.153.1"
       "FullVersionForUrl"="REG_SZ, "1_30_153"
       "MinorVersion"="REG_SZ, "1"
       "Params"="REG_SZ, "{"source_id" : "000157", "sub_id" : "0", "uzid" : "0"}"
       "PlatformVersion"="REG_SZ, "1"
       "ScriptVersion"="REG_SZ, "30"
       "SetHomepage"="REG_SZ, "false"
       "SetNewTab"="REG_SZ, "false"
       "SetSearch"="REG_SZ, "false"
       "SrcId"="REG_SZ, "000157"
       "StatsDomain"="REG_SZ, "http://stats.srvstatsdata.com"
       "SubId"="REG_SZ, "0"
       "ThankYouPage"="REG_SZ, "false"
       "Time"="REG_SZ, "1392454936"
       "UserConfirmation"="REG_SZ, "false"
       "ZData"="REG_SZ, "0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Log]
       "pricora 2.0-bg"="REG_DWORD, 0
       "pricora 2.0-bho"="REG_DWORD, 0"
       "pricora 2.0-buttonutil"="REG_DWORD, 0"
       "pricora 2.0-helper"="REG_DWORD, 0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Manifest]
       "AddressbarURL"="REG_SZ, "NA"
       "BgVersion"="REG_SZ, "7"
       "ChangePrevious"="REG_SZ, "false"
       "Description"="REG_SZ, "Corporate extension us"
       "DisableIe"="REG_SZ, "true"
       "EnableSearchIE"="REG_SZ, "false"
       "HomePageUrl"="REG_SZ, "NA"
       "IsButtonEnabled"="REG_SZ, "false"
       "Manifest"="REG_SZ, "NA"
       "ModeType"="REG_SZ, "production"
       "Name"="REG_SZ, "Pricora 2.0"
       "PluginsManifestVersion"="REG_SZ, "94"
       "PublisherId"="REG_SZ, "17638"
       "PublisherName"="REG_SZ, "Corporate Inc"
       "RunInFrame"="REG_SZ, "false"
       "SetNewTab"="REG_SZ, "false"
       "ThanksUrl"="REG_SZ, "NA"
       "UninstallerOfferAction"="REG_SZ, "NA"
       "UninstallerOfferUrl"="REG_SZ, "NA"
       "UpdateInterval"="REG_DWORD, 360
       "Version"="REG_SZ, "121"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Plugins]
       "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,93,102,103,104,119,128,180,211,177,91,28"
       "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,91"
       "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"
       "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
       "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"
       "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Plugins\1]
       "JavaScript"="REG_SZ, { removed javascript full log available by request } 
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Pricora 2.0\Update]
       "LastCheck"="REG_DWORD, 1392454947"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Pricora 2.0]
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Corporate Inc]
       "35499"="REG_SZ, "Pricora 2.0"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311541199}]
       "Flags"="REG_DWORD, 1024"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311541199}\iexplore]
       "Count"="REG_DWORD, 4"
       "Flags"="REG_DWORD, 0"
       "LoadTimeArray"="REG_BINARY, ...................."
       "NavTimeArray"="REG_BINARY, ........W..........."
       "Time"="REG_BINARY, ........"
       "Type"="REG_DWORD, 3"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2014
Scan Time: 10:18:07 AM
Logfile: mbam-log-2014-02-15 (10-14-57).txt
Administrator: Yes

Version: 2.00.0.0503
Malware Database: v2014.02.15.03
Rootikt Database: v2013.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 194781
Time Elapsed: 2 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 17
Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7708a933fd7dd06646498e1c798a926e], 
Registry Key, PUP.Optional.Pricora.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Pricora 2.0, Quarantined, [4738e6f6f882ab8bdd65b4c6ee14c23e], 
Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Corporate Inc, Quarantined, [2d5296466812d660caad4933da28b64a], 
Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\Pricora 2.0, Quarantined, [67183aa287f34ceab28ecab044bef50b], 
Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO, Quarantined, [8df24c90b6c463d3a62a375f0102f10f], 
Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO.1, Quarantined, [512efce01c5ec472c50bdfb743c08779], 
Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox, Quarantined, [bac59745f684cd695d73eea83ec53ac6], 
Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox.1, Quarantined, [e49b6f6def8b063098385a3cb44f05fb], 
Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [1d62fbe1b4c60d29f48f1c5f4eb430d0], 
Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344544499}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355545599}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366546699}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 
Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 15
Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], 
Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
Folder, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 

Files: 117
File, PUP.Optional.Pricora.A, C:\Users\{username}\Desktop\Pricora.exe, Quarantined, [5827e1fba0da54e2b3a7ebabd22f649c], 
File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-chromeinstaller.job, Quarantined, [1a65a23af68458deb58ac5b5e81a5fa1], 
File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-codedownloader.job, Quarantined, [a0df96461a60e1556ad588f2d52d21df], 
File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-enabler.job, Quarantined, [f08f6775aeccb08668d71e5c40c27789], 
File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-firefoxinstaller.job, Quarantined, [91eefce06d0dc670ea558febed154cb4], 
File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-updater.job, Quarantined, [6b14b923067455e17ac53d3d768c45bb], 
File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], 
File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [88f73d9fc0bab680928a4d2f10f2b749], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\background.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\crossriderManifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\manifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\popup.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\manifest.xml, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\102_dealply_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\105_corticas_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\108_icm_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\117_coupons_intext_ads_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\119_similar_web_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\120_luck_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\123_intext_adv_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\175_coolmirage_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\179_revizer_p_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\17_jQuery.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\1_base.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\21_debug.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\22_resources.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\28_initializer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\47_resources_background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\125_arcadi2_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\126_revizer_ws_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\127_revizer_p_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\128_superfish_pricora_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\135_arcadi3_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\138_getdeal_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\141_corticas_ru_m.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\142_intext_fa_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\159_cortica_rollover_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\171_arcadi2_sourceID_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\7_hooks.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\87_ginyas_wrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\9_search_engine_hook.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\extension.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon128.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon16.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon48.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions\1.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\main.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\chrome.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\cookie.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\message.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageAction.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageActionBG.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\bg_app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\consts.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\cookie_store.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\crossriderAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\delegate.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\events.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\extensionDataStore.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\installer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logFile.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logging.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\onBGDocumentLoad.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\reports.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\storageWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\updateManager.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\util.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\xhr.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\newPopup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\popup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.crx, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.xpi, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\background.html, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Installer.log, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-bg.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.dll, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-chromeinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-codedownloader.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-firefoxinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-helper.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-updater.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0.ico, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Uninstall.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 
File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\utils.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], 

Physical Sectors: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.