Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for FireDive

- - - - -
Started by Metallica , Mar 02 2014 03:32 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 02 March 2014 - 03:32 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is FireDive?

The Malwarebytes research team has determined that FireDive is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is effected by FireDive?

You may see these browser extensions/add-ons:

Posted Image

Posted Image

Posted Image


How did FireDive get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a browser extension to speed up your downloads.

How do I remove FireDive?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of FireDive?

  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the FireDive browser hijacker. It would have warned you before the browser extensions could install itself, giving you a chance to stop it before it became too late.



Posted Image

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0051739 - {11111111-1111-1111-1111-110511171139} - C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll

Alterations made by the installer:
File system details
---------------------------------------------
	Adds the folder C:\Program Files\Firedive Downloader V9.0
	   Adds the file 51739.crx"="3/2/2014 9:17 AM, 263577 bytes, A
	   Adds the file 51739.xpi"="3/2/2014 9:17 AM, 299880 bytes, A
	   Adds the file background.html"="2/13/2014 11:43 AM, 729 bytes, A
	   Adds the file Firedive Downloader V9.0.ico"="2/13/2014 11:43 AM, 9662 bytes, A
	   Adds the file Firedive Downloader V9.0-bg.exe"="3/2/2014 9:18 AM, 773120 bytes, A
	   Adds the file Firedive Downloader V9.0-bho.dll"="3/2/2014 9:18 AM, 677888 bytes, A
	   Adds the file Firedive Downloader V9.0-buttonutil.dll"="3/2/2014 9:18 AM, 428544 bytes, A
	   Adds the file Firedive Downloader V9.0-buttonutil.exe"="3/2/2014 9:18 AM, 331264 bytes, A
	   Adds the file Firedive Downloader V9.0-chromeinstaller.exe"="3/2/2014 9:17 AM, 2019328 bytes, A
	   Adds the file Firedive Downloader V9.0-codedownloader.exe"="3/2/2014 9:17 AM, 553984 bytes, A
	   Adds the file Firedive Downloader V9.0-enabler.exe"="3/2/2014 9:18 AM, 405504 bytes, A
	   Adds the file Firedive Downloader V9.0-firefoxinstaller.exe"="3/2/2014 9:17 AM, 932352 bytes, A
	   Adds the file Firedive Downloader V9.0-helper.exe"="3/2/2014 9:18 AM, 331776 bytes, A
	   Adds the file Firedive Downloader V9.0-updater.exe"="3/2/2014 9:18 AM, 379392 bytes, A
	   Adds the file Installer.log"="3/2/2014 9:18 AM, 228999 bytes, A
	   Adds the file Uninstall.exe"="3/2/2014 9:17 AM, 77312 bytes, A
	   Adds the file utils.exe"="3/2/2014 9:17 AM, 2290970 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ianpkncpdncekpjnlflanaomeeenkehn_0
	   Adds the file 1"="3/2/2014 9:22 AM, 18432 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0
	   Adds the file background.html"="3/2/2014 9:17 AM, 1705 bytes, A
	   Adds the file chromeCoreFilesIndex.txt"="3/2/2014 9:17 AM, 853 bytes, A
	   Adds the file crossriderManifest.json"="3/2/2014 9:17 AM, 512 bytes, A
	   Adds the file manifest.json"="3/2/2014 9:17 AM, 1141 bytes, A
	   Adds the file popup.html"="3/2/2014 9:17 AM, 139 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData
	   Adds the file manifest.xml"="3/2/2014 9:17 AM, 1747 bytes, A
	   Adds the file plugins.json"="3/2/2014 9:17 AM, 6221 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins
	   Adds the file 1_base.js"="3/2/2014 9:17 AM, 6908 bytes, A
	   Adds the file 1000020_analytics.js"="3/2/2014 9:17 AM, 3953 bytes, A
	   Adds the file 1000025_analyticsFront.js"="3/2/2014 9:17 AM, 1430 bytes, A
	   Adds the file 1000030_mz.js"="3/2/2014 9:17 AM, 87030 bytes, A
	   Adds the file 13_CrossriderAppUtils.js"="3/2/2014 9:17 AM, 7056 bytes, A
	   Adds the file 14_CrossriderUtils.js"="3/2/2014 9:17 AM, 20810 bytes, A
	   Adds the file 17_jQuery.js"="3/2/2014 9:17 AM, 79982 bytes, A
	   Adds the file 177_crossriderDashboard.js"="3/2/2014 9:17 AM, 30419 bytes, A
	   Adds the file 180_bpo_serp_m.js"="3/2/2014 9:17 AM, 963 bytes, A
	   Adds the file 182_openUrl.js"="3/2/2014 9:17 AM, 14301 bytes, A
	   Adds the file 183_tabsWrapper.js"="3/2/2014 9:17 AM, 2555 bytes, A
	   Adds the file 19_CHAppAPIWrapper.js"="3/2/2014 9:17 AM, 7137 bytes, A
	   Adds the file 207_dbWrapper.js"="3/2/2014 9:17 AM, 1661 bytes, A
	   Adds the file 21_debug.js"="3/2/2014 9:17 AM, 3676 bytes, A
	   Adds the file 22_resources.js"="3/2/2014 9:17 AM, 9082 bytes, A
	   Adds the file 28_initializer.js"="3/2/2014 9:17 AM, 664 bytes, A
	   Adds the file 4_jquery_1_7_1.js"="3/2/2014 9:17 AM, 94180 bytes, A
	   Adds the file 47_resources_background.js"="3/2/2014 9:17 AM, 7720 bytes, A
	   Adds the file 64_appApiMessage.js"="3/2/2014 9:17 AM, 2332 bytes, A
	   Adds the file 72_appApiValidation.js"="3/2/2014 9:17 AM, 46524 bytes, A
	   Adds the file 78_CrossriderInfo.js"="3/2/2014 9:17 AM, 3321 bytes, A
	   Adds the file 80_CHPopupAppAPI.js"="3/2/2014 9:17 AM, 194 bytes, A
	   Adds the file 91_monetizationLoader.js.js"="3/2/2014 9:17 AM, 141583 bytes, A
	   Adds the file 97_resourceApiWrapper.js"="3/2/2014 9:17 AM, 3299 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode
	   Adds the file background.js"="3/2/2014 9:17 AM, 470 bytes, A
	   Adds the file extension.js"="3/2/2014 9:17 AM, 538 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons
	   Adds the file icon128.png"="3/2/2014 9:17 AM, 4839 bytes, A
	   Adds the file icon16.png"="3/2/2014 9:17 AM, 1468 bytes, A
	   Adds the file icon48.png"="3/2/2014 9:17 AM, 2998 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\actions
	   Adds the file 1.png"="3/2/2014 9:17 AM, 1223 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js
	   Adds the file background.js"="3/2/2014 9:17 AM, 34135 bytes, A
	   Adds the file main.js"="3/2/2014 9:17 AM, 8452 bytes, A
	   Adds the file platformVersion.js"="3/2/2014 9:17 AM, 408 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api
	   Adds the file chrome.js"="3/2/2014 9:17 AM, 11499 bytes, A
	   Adds the file cookie.js"="3/2/2014 9:17 AM, 11743 bytes, A
	   Adds the file message.js"="3/2/2014 9:17 AM, 3346 bytes, A
	   Adds the file monitor.js"="3/2/2014 9:17 AM, 1013 bytes, A
	   Adds the file pageAction.js"="3/2/2014 9:17 AM, 1737 bytes, A
	   Adds the file pageActionBG.js"="3/2/2014 9:17 AM, 2519 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib
	   Adds the file app_api.js"="3/2/2014 9:17 AM, 6697 bytes, A
	   Adds the file bg_app_api.js"="3/2/2014 9:17 AM, 4685 bytes, A
	   Adds the file consts.js"="3/2/2014 9:17 AM, 335 bytes, A
	   Adds the file cookie_store.js"="3/2/2014 9:17 AM, 5905 bytes, A
	   Adds the file crossriderAPI.js"="3/2/2014 9:17 AM, 11366 bytes, A
	   Adds the file delegate.js"="3/2/2014 9:17 AM, 2002 bytes, A
	   Adds the file events.js"="3/2/2014 9:17 AM, 5757 bytes, A
	   Adds the file extensionDataStore.js"="3/2/2014 9:17 AM, 6656 bytes, A
	   Adds the file installer.js"="3/2/2014 9:17 AM, 780 bytes, A
	   Adds the file logFile.js"="3/2/2014 9:17 AM, 775 bytes, A
	   Adds the file logging.js"="3/2/2014 9:17 AM, 944 bytes, A
	   Adds the file onBGDocumentLoad.js"="3/2/2014 9:17 AM, 480 bytes, A
	   Adds the file reports.js"="3/2/2014 9:17 AM, 4929 bytes, A
	   Adds the file storageWrapper.js"="3/2/2014 9:17 AM, 903 bytes, A
	   Adds the file updateManager.js"="3/2/2014 9:17 AM, 8205 bytes, A
	   Adds the file util.js"="3/2/2014 9:17 AM, 5142 bytes, A
	   Adds the file xhr.js"="3/2/2014 9:17 AM, 2699 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource
	   Adds the file newPopup.js"="3/2/2014 9:17 AM, 40 bytes, A
	   Adds the file popup.js"="3/2/2014 9:17 AM, 45 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ianpkncpdncekpjnlflanaomeeenkehn
	   Adds the file 000003.log"="3/2/2014 9:22 AM, 625894 bytes, A
	   Adds the file CURRENT"="3/2/2014 9:21 AM, 16 bytes, A
	   Adds the file LOCK"="3/2/2014 9:21 AM, 0 bytes, A
	   Adds the file LOG"="3/2/2014 9:21 AM, 47 bytes, A
	   Adds the file MANIFEST-000002"="3/2/2014 9:21 AM, 50 bytes, A
	Adds the folder C:\Users\{username}\AppData\LocalLow\Firedive Downloader V9.0
	In the existing folder C:\Windows\System32\Tasks
	   Adds the file Firedive Downloader V9.0-chromeinstaller"="3/2/2014 9:17 AM, 6176 bytes, A
	   Adds the file Firedive Downloader V9.0-codedownloader"="3/2/2014 9:18 AM, 4564 bytes, A
	   Adds the file Firedive Downloader V9.0-enabler"="3/2/2014 9:18 AM, 4452 bytes, A
	   Adds the file Firedive Downloader V9.0-firefoxinstaller"="3/2/2014 9:17 AM, 5494 bytes, A
	   Adds the file Firedive Downloader V9.0-updater"="3/2/2014 9:18 AM, 4618 bytes, A
	In the existing folder C:\Windows\Tasks
	   Adds the file Firedive Downloader V9.0-chromeinstaller.job"="3/2/2014 9:17 AM, 3146 bytes, A
	   Adds the file Firedive Downloader V9.0-codedownloader.job"="3/2/2014 9:18 AM, 1534 bytes, A
	   Adds the file Firedive Downloader V9.0-enabler.job"="3/2/2014 9:18 AM, 1422 bytes, A
	   Adds the file Firedive Downloader V9.0-firefoxinstaller.job"="3/2/2014 9:17 AM, 2464 bytes, A
	   Adds the file Firedive Downloader V9.0-updater.job"="3/2/2014 9:18 AM, 1588 bytes, A

Registry details [View: All details] (All)
------------------------------------------
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}]
	   "(Default)"="REG_SZ, "Firedive Downloader V9.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\Implemented Categories]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.BHO.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544174439}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511171139}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051739"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544174439}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522172239}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.BHO]
	   "(Default)"="REG_SZ, "CrossriderApp0051739"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.BHO\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511171139}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.BHO\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0051739"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.BHO.1]
	   "(Default)"="REG_SZ, "CrossriderApp0051739"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.BHO.1\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511171139}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.Sandbox]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.Sandbox\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522172239}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.Sandbox\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.Sandbox.1]
	   "(Default)"="REG_SZ, "CrossriderApp0051739.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051739.Sandbox.1\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522172239}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555175539}]
	   "(Default)"="REG_SZ, "ICrossriderBHO"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555175539}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555175539}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555175539}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544174439}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544174439}\1.0]
	   "(Default)"="REG_SZ, "CrossriderApp0051739 Type Library"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544174439}\1.0\0\win32]
	   "(Default)"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544174439}\1.0\FLAGS]
	   "(Default)"="REG_SZ, "0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544174439}\1.0\HELPDIR]
	   "(Default)"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\Chrome]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\Chrome-Profiles]
	   "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\Firefox]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\Firefox\Profiles]
	   "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\IE]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Firedive Downloader V9.0\Installer]
	   "BundledChrome"="REG_DWORD, 1"
	   "BundledFirefox"="REG_DWORD, 1"
	   "BundledIe"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511171139}]
	   "(Default)"="REG_SZ, "CrossriderApp0051739"
	   "NoExplorer"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
	   "{11111111-1111-1111-1111-110511171139}"="REG_SZ, "1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Firedive Downloader V9.0]
	   "CrAppId"="REG_SZ, "51739"
	   "CrPublisherId"="REG_SZ, "3874"
	   "DisplayIcon"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0\utils.exe"
	   "DisplayName"="REG_SZ, "Firedive Downloader V9.0"
	   "DisplayVersion"="REG_SZ, "1.34.1.29"
	   "Publisher"="REG_SZ, "installdaddy"
	   "UninstallString"="REG_SZ, "C:\Program Files\Firedive Downloader V9.0\Uninstall.exe /fromcontrolpanel=1"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Db\Local\testingGaq]
	   "Expiration"="REG_DWORD, 1896130800"
	   "Value"="REG_SZ, ""http://extclickmedia-maynemyltf.netdna-ssl.com/..."
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Debug]
	   "DebuggedAppUrl"="REG_SZ, "file://C:\Users\{username}\Documents\debug.js"
	   "DebuggedBgUrl"="REG_SZ, "file://C:\Users\{username}\Documents\bg_debug.js"
	   "DebuggedNewTabUrl"="REG_SZ, "file://C:\Users\{username}\Documents\new_debug.js"
	   "IsDebuggingPlugins"="REG_DWORD, 0"
	   "IsDebugMode"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Installer]
	   "CodeDownloadDomain"="REG_SZ, "http://cr.install-daddy.com"
	   "DefaultBrowser"="REG_SZ, "ie"
	   "ErrorsDomain"="REG_SZ, "http://errors.srvstatsdata.com"
	   "FullVersion"="REG_SZ, "1.34.1.29"
	   "FullVersionForUrl"="REG_SZ, "1_34_1_29"
	   "OsName"="REG_SZ, "7"
	   "Params"="REG_SZ, "{   "source_id" : "001085",   "sub_id" : "0",   "uzid" : "0"}"
	   "SetSearch"="REG_SZ, "false"
	   "SrcId"="REG_SZ, "001085"
	   "StatsDomain"="REG_SZ, "http://stats.srvstatsdata.com"
	   "SubId"="REG_SZ, "0"
	   "Time"="REG_SZ, "1393748255"
	   "ZData"="REG_SZ, "0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Log]
	   "firedive downloader v9.0-bg"="REG_DWORD, 0"
	   "firedive downloader v9.0-bho"="REG_DWORD, 0"
	   "firedive downloader v9.0-buttonutil"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Manifest]
	   "AddressbarURL"="REG_SZ, "NA"
	   "BgVersion"="REG_SZ, "8"
	   "ChangePrevious"="REG_SZ, "false"
	   "Description"="REG_SZ, "Putlocker Downloader - download files 5 times faster!"
	   "DisableIe"="REG_SZ, "true"
	   "EnableSearchIE"="REG_SZ, "false"
	   "HomePageUrl"="REG_SZ, "NA"
	   "IsButtonEnabled"="REG_SZ, "false"
	   "Manifest"="REG_SZ, "NA"
	   "ModeType"="REG_SZ, "production"
	   "Name"="REG_SZ, "Firedive Downloader V9.0"
	   "PluginsManifestVersion"="REG_SZ, "7"
	   "PublisherId"="REG_SZ, "3874"
	   "PublisherName"="REG_SZ, "installdaddy"
	   "RunInFrame"="REG_SZ, "false"
	   "SetNewTab"="REG_SZ, "false"
	   "ThanksUrl"="REG_SZ, "NA"
	   "UninstallerOfferAction"="REG_SZ, "NA"
	   "UninstallerOfferUrl"="REG_SZ, "NA"
	   "UpdateInterval"="REG_DWORD, 360
	   "Version"="REG_SZ, "12"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Plugins]
	   "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,180,177,1000025,1000030,91,28"
	   "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,1000020,91"
	   "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"
	   "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
	   "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"
	   "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Firedive Downloader V9.0\Plugins\1]
	   "JavaScript"="REG_SZ, "{ javascript removed ... full log available by request }"
	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\installdaddy]
	   "51739"="REG_SZ, "Firedive Downloader V9.0"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/2/2014
Scan Time: 9:28:28 AM
Logfile: mbamFireDive.txt
Administrator: Yes

Version: 2.00.0.0504
Malware Database: v2014.03.02.04
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 197839
Time Elapsed: 4 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544174439}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555175539}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566176639}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.BHO.1, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.BHO, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511171139}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522172239}, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.Sandbox.1, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051739.Sandbox, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511171139}\INPROCSERVER32, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\Firedive Downloader V9.0, Quarantined, [3d3f946a95e5270fae332762e71b3ec2],
PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [8fedc638f783ca6c4218c8c56999966a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [9ae2b24ce595ff371d33ebd122e104fc],
PUP.Optional.FirediveDownloader.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Firedive Downloader V9.0, Quarantined, [314b9c62fe7c34027c638108c83a30d0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [e498bf3f80fa3ef8e0b5c0e89b68bb45],
PUP.Optional.FirediveDownloader.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Firedive Downloader V9.0, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [d2aad925d7a32b0b0f67b0ddfe04f907],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\actions, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],

Files: 98
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bho.dll, Quarantined, [44387787afcba492aef91f80c43d42be],
PUP.Optional.SockshareDownloader.A, C:\Users\{username}\Desktop\Mvoqlaq.exe, Quarantined, [0874fb0389f1b5814e8688152ad7c23e],
PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-chromeinstaller.job, Quarantined, [bac26a946c0e58de06d8b5d4ec16d030],
PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-codedownloader.job, Quarantined, [d7a5e01e7efc64d2924c0782936f8878],
PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-enabler.job, Quarantined, [acd0c935740686b036a8d4b504fe7b85],
PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-firefoxinstaller.job, Quarantined, [67159866c7b31422c816b4d520e2a15f],
PUP.Optional.FirediveDownloader.A, C:\Windows\Tasks\Firedive Downloader V9.0-updater.job, Quarantined, [601c23dbf18938feac323158fe04bd43],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [d2aad925d7a32b0b0f67b0ddfe04f907],
PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [126a59a57a007db9d818d3ba7e84fc04],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [7ffd1ae483f74de9a07ed6b1b44e817f],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\background.html, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\chromeCoreFilesIndex.txt, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\crossriderManifest.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\manifest.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\popup.html, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\manifest.xml, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins.json, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000020_analytics.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000025_analyticsFront.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1000030_mz.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\17_jQuery.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\182_openUrl.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\1_base.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\21_debug.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\22_resources.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\28_initializer.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\47_resources_background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode\background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\extensionData\userCode\extension.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon128.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon16.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\icon48.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\icons\actions\1.png, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\background.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\main.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\platformVersion.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\chrome.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\cookie.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\message.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\monitor.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\pageAction.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\api\pageActionBG.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\app_api.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\bg_app_api.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\consts.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\cookie_store.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\crossriderAPI.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\delegate.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\events.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\extensionDataStore.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\installer.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\logFile.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\logging.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\onBGDocumentLoad.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\reports.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\storageWrapper.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\updateManager.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\util.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\xhr.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource\newPopup.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianpkncpdncekpjnlflanaomeeenkehn\1.26.8_0\js\lib\popupResource\popup.js, Quarantined, [2c507e800f6b082e97251e6a15eda65a],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\51739.crx, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\51739.xpi, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\background.html, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-bg.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-buttonutil.dll, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-buttonutil.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-chromeinstaller.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-codedownloader.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-enabler.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-firefoxinstaller.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-helper.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0-updater.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Firedive Downloader V9.0.ico, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Installer.log, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\Uninstall.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],
PUP.Optional.FirediveDownloader.A, C:\Program Files\Firedive Downloader V9.0\utils.exe, Quarantined, [c4b8f806d9a186b09c23b9cfec16e818],

Physical Sectors: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.